diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index b7d933aee0..8f10c8e96a 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -1,54 +1,64 @@ -{ +{ "redirections": [ { +"source_path": "windows/device-security/windows-security-baselines.md", +"redirect_url": "https://www.microsoft.com/download/details.aspx?id=55319", +"redirect_document_id": false +}, +{ +"source_path": "education/windows/windows-10-pro-to-pro-edu-upgrade.md", +"redirect_url": "/education/windows/switch-to-pro-education", +"redirect_document_id": true +}, +{ "source_path": "windows/keep-secure/add-apps-to-protected-list-using-custom-uri.md", "redirect_url": "/windows/threat-protection/windows-information-protection/create-wip-policy-using-intune", -"redirect_document_id": false +"redirect_document_id": false }, { "source_path": "windows/keep-secure/configure-windows-defender-in-windows-10.md", "redirect_url": "/windows/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus", -"redirect_document_id": true +"redirect_document_id": true }, { "source_path": "windows/keep-secure/enable-pua-windows-defender-for-windows-10.md", "redirect_url": "/windows/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus", -"redirect_document_id": true +"redirect_document_id": true }, { "source_path": "windows/keep-secure/get-started-with-windows-defender-for-windows-10.md", "redirect_url": "/windows/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus", -"redirect_document_id": false +"redirect_document_id": false }, { "source_path": "windows/keep-secure/run-cmd-scan-windows-defender-for-windows-10.md", "redirect_url": "/windows/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus", -"redirect_document_id": true +"redirect_document_id": true }, { "source_path": "windows/keep-secure/troubleshoot-windows-defender-in-windows-10.md", "redirect_url": "/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus", -"redirect_document_id": true +"redirect_document_id": true }, { "source_path": "windows/keep-secure/use-powershell-cmdlets-windows-defender-for-windows-10.md", "redirect_url": "/windows/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus", -"redirect_document_id": true +"redirect_document_id": true }, { "source_path": "windows/keep-secure/windows-defender-block-at-first-sight.md", "redirect_url": "/windows/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus", -"redirect_document_id": true +"redirect_document_id": true }, { "source_path": "windows/keep-secure/windows-defender-in-windows-10.md", "redirect_url": "/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10", -"redirect_document_id": true +"redirect_document_id": true }, { "source_path": "windows/keep-secure/windows-defender-enhanced-notifications.md", "redirect_url": "/windows/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus", -"redirect_document_id": true +"redirect_document_id": true }, { "source_path": "windows/keep-secure/configure-aad-windows-defender-advanced-threat-protection.md", @@ -530,7 +540,7 @@ "redirect_url": "/windows/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection", "redirect_document_id": true }, -{ +{ "source_path": "windows/keep-secure/ad-ds-schema-extensions-to-support-tpm-backup.md", "redirect_url": "https://technet.microsoft.com/library/jj635854.aspx", "redirect_document_id": true diff --git a/devices/surface-hub/surfacehub-whats-new-1703.md b/devices/surface-hub/surfacehub-whats-new-1703.md index b658a09d5d..a24d9b1905 100644 --- a/devices/surface-hub/surfacehub-whats-new-1703.md +++ b/devices/surface-hub/surfacehub-whats-new-1703.md @@ -11,6 +11,12 @@ localizationpriority: medium # What's new in Windows 10, version 1703 for Microsoft Surface Hub? +Watch Surface Hub engineer Jordan Marchese present updates to Microsoft Surface Hub with Windows 10, version 1703 (Creators Update). + + + Windows 10, version 1703 (also called the Creators Update), introduces the following changes for Microsoft Surface Hub: ## New settings diff --git a/devices/surface-hub/use-room-control-system-with-surface-hub.md b/devices/surface-hub/use-room-control-system-with-surface-hub.md index 056064b880..39d7708dde 100644 --- a/devices/surface-hub/use-room-control-system-with-surface-hub.md +++ b/devices/surface-hub/use-room-control-system-with-surface-hub.md @@ -44,7 +44,7 @@ This diagram shows the correct pinout used for an RJ-11 (6P6C) to DB9 cable. Room control systems use common meeting-room scenarios for commands. Commands originate from the room control system, and are communicated over a serial connection to a Surface Hub. Commands are ASCII based, and the Surface Hub will acknowledge when state changes occur. -The following command modifiers are available. Commands terminate with a new line character (/n). Responses can come at any time in response to state changes not triggered directly by a management port command. +The following command modifiers are available. Commands terminate with a new line character (\n). Responses can come at any time in response to state changes not triggered directly by a management port command. | Modifier | Result | | --- | --- | diff --git a/education/get-started/get-started-with-microsoft-education.md b/education/get-started/get-started-with-microsoft-education.md index 572a8caa85..d82cbe9b63 100644 --- a/education/get-started/get-started-with-microsoft-education.md +++ b/education/get-started/get-started-with-microsoft-education.md @@ -518,6 +518,30 @@ We recommend using the latest build of Windows 10, version 1703 on your educatio **Option 1: Set up a device using the Set up School PCs app** +IT administrators and technical teachers can use the Set up School PCs app to quickly set up PCs for students. A student PC set up using the app is tailored to provide students with the tools they need for learning while removing apps and features that they don't need. + +![Set up School PCs app](images/suspc_getstarted_050817.png) + +Set up School PCs makes it easy to set up Windows 10 PCs with Microsoft's recommended education settings, using a quick USB setup. This app guides you through the creation of a student PC provisioning package and helps you save it to a USB drive. From there, just plug the USB drive into student PCs running Windows 10 Creators Update (version 1703). It automatically: +- Joins each student PC to your organization's Office 365 and Azure Active Directory tenant +- Enrolls each student PC into a mobile device management (MDM) provider, like Intune for Education, if licensed in your tenant. You can manage all the settings Set up School PCs sets later through MDM. +- Removes OEM preinstalled software from each student PC +- Auto-configures and saves a wireless network profile on each student PC +- Gives a friendly and unique name to each student device for future management +- Sets Microsoft-recommended school PC settings, including shared PC mode which provides faster sign-in and automatic account cleanup +- Enables optional guest account for younger students, lost passwords, or visitors +- Enables optional secure testing account +- Locks down the student PC to prevent mischievous activity: + * Prevents students from removing the PC from the school's device management system + * Prevents students from removing the Set up School PCs settings +- Keeps student PCs up-to-date without interfering with class time using Windows Update and maintenance hours +- Customizes the Start layout with Office +- Installs OneDrive for storing cloud-based documents and Sway for creating interactive reports, presentations, and more +- Uninstalls apps not specific to education, such as Solitaire +- Prevents students from adding personal Microsoft accounts to the PC + +**To set up a device using the Set up School PCs app** + 1. Follow the steps in Use the Set up School PCs app to quickly set up one or more student PCs. 2. Follow the steps in [5.2 Verify correct device setup](#52-verify-correct-device-setup). diff --git a/education/get-started/images/suspc_getstarted_050817.PNG b/education/get-started/images/suspc_getstarted_050817.PNG new file mode 100644 index 0000000000..124905676a Binary files /dev/null and b/education/get-started/images/suspc_getstarted_050817.PNG differ diff --git a/education/index.md b/education/index.md index 0bb10155b3..3f8576dfca 100644 --- a/education/index.md +++ b/education/index.md @@ -207,6 +207,25 @@ author: CelesteDG +
  • + +
    +
    +
    +
    +
    + Set up School PCs +
    +
    +
    +

    Set up School PCs

    +

    Use the app to create a provisioning package that you can use to quickly set up one or more Windows 10 devices.

    +
    +
    +
    +
    +     +
    • @@ -331,6 +350,25 @@ author: CelesteDG +
  • + +
    +
    +
    +
    +
    + Set up School PCs +
    +
    +
    +

    Set up School PCs

    +

    Use the app to create a provisioning package that you can use to quickly set up one or more Windows 10 devices.

    +
    +
    +
    +
    +     +
    • diff --git a/education/windows/TOC.md b/education/windows/TOC.md index 51cbe0a694..a121e92d2e 100644 --- a/education/windows/TOC.md +++ b/education/windows/TOC.md @@ -17,6 +17,6 @@ ### [For IT administrators: get Minecraft Education Edition](school-get-minecraft.md) ## [Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md) ## [Deploy Windows 10 in a school district](deploy-windows-10-in-a-school-district.md) -## [Upgrade Windows 10 Pro to Pro Education from Windows Store for Business](windows-10-pro-to-pro-edu-upgrade.md) +## [Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S](switch-to-pro-education.md) ## [Chromebook migration guide](chromebook-migration-guide.md) ## [Change history for Windows 10 for Education](change-history-edu.md) diff --git a/education/windows/change-history-edu.md b/education/windows/change-history-edu.md index f4a79c2366..00af76258b 100644 --- a/education/windows/change-history-edu.md +++ b/education/windows/change-history-edu.md @@ -12,6 +12,12 @@ author: CelesteDG This topic lists new and updated topics in the [Windows 10 for Education](index.md) documentation. +## May 2017 + +| New or changed topic | Description | +| --- | ---- | +| [Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S](switch-to-pro-education.md) | New. If you have an education tenant and use devices Windows 10 Pro or Windows 10 S in your schools, find out how you can opt-in to a free switch to Windows 10 Pro Education. | + ## RELEASE: Windows 10, version 1703 (Creators Update) | New or changed topic | Description| @@ -35,7 +41,7 @@ This topic lists new and updated topics in the [Windows 10 for Education](index. | New or changed topic | Description | | --- | --- | -| [Upgrade Windows 10 Pro to Pro Education from Windows Store for Business](windows-10-pro-to-pro-edu-upgrade.md) | New. Learn how to opt-in to a free upgrade to Windows 10 Pro Education. | +| [Upgrade Windows 10 Pro to Pro Education from Windows Store for Business] | New. Learn how to opt-in to a free upgrade to Windows 10 Pro Education. As of May 2017, this topic has been replaced with [Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S](switch-to-pro-education.md). | ## November 2016 diff --git a/education/windows/configure-windows-for-education.md b/education/windows/configure-windows-for-education.md index 897f7df8c4..715ba27c8a 100644 --- a/education/windows/configure-windows-for-education.md +++ b/education/windows/configure-windows-for-education.md @@ -64,7 +64,7 @@ You can configure Windows through provisioning or management tools including ind You can set all the education compliance areas through both provisioning and management tools. Additionally, these Microsoft education tools will ensure PCs that you set up are education ready: - [Set up School PCs](use-set-up-school-pcs-app.md) -- Intune for Education (coming soon) +- [Intune for Education](https://docs.microsoft.com/en-us/intune-education/available-settings) ## AllowCortana **AllowCortana** is a policy that enables or disables Cortana. It is a policy node in the Policy configuration service provider, [AllowCortana](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#experience-allowcortana). @@ -145,7 +145,7 @@ Provide an ad-free experience that is a safer, more private search option for K ### Configurations #### IP registration for entire school network using Microsoft Edge -Ad-free searching with Bing in Microsoft Edge can be configured at the network level. To configure this, email bicteam@microsoft.com with the subject "New Windows 10, version 1703 (Creators Update) Registration: [School District Name]" and the include the following information in the body of the email. +Ad-free searching with Bing in Microsoft Edge can be configured at the network level. To configure this, email bingintheclassroom@microsoft.com with the subject "New Windows 10, version 1703 (Creators Update) Registration: [School District Name]" and the include the following information in the body of the email. **District information** - **District or School Name:** diff --git a/education/windows/images/1_howtosetup.png b/education/windows/images/1_howtosetup.png new file mode 100644 index 0000000000..7eb8222ed3 Binary files /dev/null and b/education/windows/images/1_howtosetup.png differ diff --git a/education/windows/images/2_signinwithms.png b/education/windows/images/2_signinwithms.png new file mode 100644 index 0000000000..e4b5f27f12 Binary files /dev/null and b/education/windows/images/2_signinwithms.png differ diff --git a/education/windows/images/i4e_editionupgrade.png b/education/windows/images/i4e_editionupgrade.png new file mode 100644 index 0000000000..ed5b281086 Binary files /dev/null and b/education/windows/images/i4e_editionupgrade.png differ diff --git a/education/windows/images/msfe_clickemaillink_switchtoproedu.png b/education/windows/images/msfe_clickemaillink_switchtoproedu.png new file mode 100644 index 0000000000..ca70e35a6a Binary files /dev/null and b/education/windows/images/msfe_clickemaillink_switchtoproedu.png differ diff --git a/education/windows/images/msfe_manage.png b/education/windows/images/msfe_manage.png new file mode 100644 index 0000000000..0fd5802786 Binary files /dev/null and b/education/windows/images/msfe_manage.png differ diff --git a/education/windows/images/msfe_manage_benefits_checktoconfirm.png b/education/windows/images/msfe_manage_benefits_checktoconfirm.png new file mode 100644 index 0000000000..90df941e00 Binary files /dev/null and b/education/windows/images/msfe_manage_benefits_checktoconfirm.png differ diff --git a/education/windows/images/msfe_manage_benefits_switchtoproedu.png b/education/windows/images/msfe_manage_benefits_switchtoproedu.png new file mode 100644 index 0000000000..12ba470cc9 Binary files /dev/null and b/education/windows/images/msfe_manage_benefits_switchtoproedu.png differ diff --git a/education/windows/images/msfe_manage_reverttowin10pro.png b/education/windows/images/msfe_manage_reverttowin10pro.png new file mode 100644 index 0000000000..30d0313f9b Binary files /dev/null and b/education/windows/images/msfe_manage_reverttowin10pro.png differ diff --git a/education/windows/images/msfe_switchtoproedu_globaladminsemail_cancelswitch.png b/education/windows/images/msfe_switchtoproedu_globaladminsemail_cancelswitch.png new file mode 100644 index 0000000000..581a1c1e8c Binary files /dev/null and b/education/windows/images/msfe_switchtoproedu_globaladminsemail_cancelswitch.png differ diff --git a/education/windows/images/settings_connectedtoazuread_3.png b/education/windows/images/settings_connectedtoazuread_3.png new file mode 100644 index 0000000000..7311392405 Binary files /dev/null and b/education/windows/images/settings_connectedtoazuread_3.png differ diff --git a/education/windows/images/settings_setupworkorschoolaccount_2.png b/education/windows/images/settings_setupworkorschoolaccount_2.png new file mode 100644 index 0000000000..78237cfa31 Binary files /dev/null and b/education/windows/images/settings_setupworkorschoolaccount_2.png differ diff --git a/education/windows/images/settings_workorschool_1.png b/education/windows/images/settings_workorschool_1.png new file mode 100644 index 0000000000..4c53e6b3e2 Binary files /dev/null and b/education/windows/images/settings_workorschool_1.png differ diff --git a/education/windows/images/wcd_productkey.png b/education/windows/images/wcd_productkey.png new file mode 100644 index 0000000000..fbbfda7eb9 Binary files /dev/null and b/education/windows/images/wcd_productkey.png differ diff --git a/education/windows/index.md b/education/windows/index.md index 1228691020..9d3f183b1d 100644 --- a/education/windows/index.md +++ b/education/windows/index.md @@ -37,16 +37,17 @@ author: CelesteDG

    [Take tests in Windows 10](take-tests-in-windows-10.md)
    Take a Test is a new app that lets you create the right environment for taking tests. Learn how to use and get it set up.

    [Chromebook migration guide](chromebook-migration-guide.md)
    Find out how you can migrate a Chromebook-based learning environment to a Windows 10-based learning environment.

    -## ![Deploy Windows 10 for education](images/PCicon.png) Deploy +## ![Deploy Windows 10 for Education](images/PCicon.png) Deploy

    [Set up Windows devices for education](set-up-windows-10.md)
    Depending on your school's device management needs, you can use the Set up School PCs app or the Windows Configuration Designer tool to quickly set up student PCs.

    [Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md)
    Get step-by-step guidance to help you deploy Windows 10 in a school environment.

    [Deploy Windows 10 in a school district](deploy-windows-10-in-a-school-district.md)
    Get step-by-step guidance on how to deploy Windows 10 to PCs and devices across a school district.

    Try it out: Windows 10 deployment (for education)
    Learn how to upgrade devices running the Windows 7 operating system to Windows 10 Anniversary Update, and how to manage devices, apps, and users in Windows 10 Anniversary Update.

    For the best experience, use this guide in tandem with the TechNet Virtual Lab: IT Pro Try-It-Out.

    -## ![Upgrade to Windows 10 for education](images/windows.png) Upgrade +## ![Switch to Windows 10 for Education](images/windows.png) Switch + +

    [Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S](switch-to-pro-education.md)
    If you have an education tenant and use Windows 10 Pro or Windows 10 S in your schools, find out how you can opt-in to a free switch to Windows 10 Pro Education.

    -

    [Switch Windows 10 Pro to Pro Education from Microsoft Store for Education](windows-10-pro-to-pro-edu-upgrade.md)
    If you have an education tenant and use Windows 10 Pro in your schools now, find out how you can opt-in to a free switch to Windows 10 Pro Education.

    ## Windows 8.1 diff --git a/education/windows/set-up-school-pcs-technical.md b/education/windows/set-up-school-pcs-technical.md index 7c998c3e0b..39f0826ba4 100644 --- a/education/windows/set-up-school-pcs-technical.md +++ b/education/windows/set-up-school-pcs-technical.md @@ -70,7 +70,7 @@ To make this as seamless as possible, in your Azure AD tenant: ![Set maximum number of devices per user to unlimited](images/azuread_usersandgroups_devicesettings_maxnumberofdevicesperuser.png) -- Clear your Azure AD tokens from time to time. Your tenant can only have 50 automated Azure AD tokens active at any one time. +- Clear your Azure AD tokens from time to time. Your tenant can only have 500 automated Azure AD tokens active at any one time. In the Azure portal, select **Azure Active Directory**. Go to **Users and groups > All users** and look at the list of user names. User names that start with **package_** followed by a string of letters and numbers. These are the user accounts that are created automatically for the tokens and you can safely delete these. diff --git a/education/windows/switch-to-pro-education.md b/education/windows/switch-to-pro-education.md new file mode 100644 index 0000000000..a42e464435 --- /dev/null +++ b/education/windows/switch-to-pro-education.md @@ -0,0 +1,378 @@ +--- +title: Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S +description: Learn how IT Pros can opt into switching to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S. +keywords: switch, free switch, Windows 10 Pro to Windows 10 Pro Education, Windows 10 S to Windows 10 Pro Education, education customers, Windows 10 Pro Education, Windows 10 Pro, Windows 10 S +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: edu +localizationpriority: high +author: CelesteDG +--- + +# Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S +Windows 10 Pro Education is a new offering in Windows 10, version 1607. This edition builds on the commercial version of Windows 10 Pro and provides important management controls needed in schools by providing education-specific default settings. + +If you have an education tenant and use devices with Windows 10 Pro or Windows 10 S, global administrators can opt-in to a free switch to Windows 10 Pro Education depending on your scenario. +- [Switch from Windows 10 S to Windows 10 Pro Education](#switch-from-windows-10-s-to-windows-10-pro-education) +- [Switch from Windows 10 Pro to Windows 10 Pro Education](#switch-from-windows-10-pro-to-windows-10-pro-education) + +To take advantage of this offering, make sure you meet the [requirements for switching](#requirements-for-switching). For academic customers who are eligible to switch to Windows 10 Pro Education, but are unable to use the above methods, contact Microsoft Support for assistance. + +## Requirements for switching +Before you switch to Windows 10 Pro Education, make sure you meet these requirements: +- Devices must be running Windows 10 Pro, version 1607 or higher; or running Windows 10 S, version 1703 +- Devices must be Azure Active Directory joined, or domain joined with Azure AD Connect. Customers who are federated with Azure AD are also eligible. For more information, see [Review requirements on devices](#review-requirements-on-devices). + + If you haven't domain joined your devices already, [prepare for deployment of Windows 10 Pro Education licenses](#preparing-for-deployment-of-windows-10-pro-education-licenses). + +- The Azure AD tenant must be recognized as an education approved tenant. +- You must have a Microsoft Store for Education account. +- The user making the changes must be a member of the Azure AD global administrator group. + +## Compare Windows 10 Pro and Pro Education editions +You can [compare Windows 10 Editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare) to find out more about the features we support in other editions of Windows 10. + +For more info about Windows 10 default settings and recommendations for education customers, see [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md). + + +## Switch from Windows 10 S to Windows 10 Pro Education +There are two ways to switch from Windows 10 S to Windows 10 Pro Education, outlined below. Regardless of how you switch to Windows 10 Pro Education, note that you can only switch devices back to Windows 10 S through reimaging. + +1. **Bulk switch through Microsoft Store for Education** + + In this scenario, the global admin for the Azure AD education tenant can use Microsoft Store to switch all Windows 10 S devices on the tenant to Windows 10 Pro Education. See [Switch using Microsoft Store for Education](#switch-using-microsoft-store-for-education) for details on how to do this. + +2. **Asynchronous switch** + + In this scenario, the global admin must acquire the necessary keys and then select a method for key distribution. + + **Key acquisition options:** + + - Volume Licensing customers - For schools with active Microsoft Volume Licensing agreements, global admins can obtain free MAK keys for Windows 10 Pro Education. + + > [!NOTE] + > Windows 10 S is a Qualified OS (QOS) for Academic Volume Licensing only. + + - Non-Volume Licensing customers - For schools without an active Microsoft Volume Licensing agreement, the global admin can contact CSS, fill out a form and provide a proof of purchase to receive MAK keys for Windows 10 Pro Education. + + **Key distribution options:** + + - Bulk key distribution - You can apply MAK keys to switch the operating system on select devices or groups of devices using one of these methods: + - Use Microsoft Intune for Education. See [Switch using Intune for Education](#switch-using-intune-for-education) for details on how to do this. + - Use Windows Configuration Designer to create a provisioning package that will provision the switch on the device(s). See [Switch using Windows Configuration Designer](#switch-using-windows-configuration-designer) for details on how to do this. + - Use the mobile device management (MDM) policy, **UpgradeEditionWithProductKey**. See [Switch using MDM](#switch-using-mdm) for details on how to do this. + - Use scripting. See [Switch using scripting](#switch-using-scripting) for details on how to do this. + + - Manual key entry - You can also manually apply the MAK key using one of these methods: + - Enter the MAK key in the Windows **Settings > Activation** page. See [Switch using the Activation page](#switch-using-the-activation-page) for details on how to do this. + - Install with a media and key through Windows setup. We don't recommend this option due to the potential for multi-reboot requirements. + + +## Switch from Windows 10 Pro to Windows 10 Pro Education + +For schools that want to standardize all their Windows 10 Pro devices to Windows 10 Pro Education, a global admin for the school can opt-in to a free switch through the Microsoft Store for Education. + +In this scenario: + +- The IT admin of the tenant chooses to turn on the switch for all Azure AD joined devices. +- Any device that joins the Azure AD will switch automatically to Windows 10 Pro Education. +- The IT admin has the option to automatically roll back to Windows 10 Pro, if desired. See [Roll back Windows 10 Pro Education to Windows 10 Pro](#roll-back-windows-10-pro-education-to-windows-10-pro). + +See [Switch using Microsoft Store for Education](#switch-using-microsoft-store-for-education) for details on how to do this. + +## Switch options from Windows 10 S to Windows 10 Pro Education +If you want to switch only a few or a select group of Windows 10 S devices to Windows 10 Pro Education, you can use one of the following key distribution options once you've obtained the MAK keys for Windows 10 Pro Education. See [Switch from Windows 10 S to Windows 10 Pro Education](#switch-from-windows-10-s-to-windows-10-pro-education) for more info. + +### Switch using Intune for Education + +1. In Intune for Education, select **Groups** and then choose the group that you want to apply the MAK license key to. + + For example, to apply the switch for all teachers, select **All Teachers** and then select **Settings**. + +2. In the settings page, find **Edition upgrade** and then: + 1. Select the edition in the **Edition to upgrade to** field + 2. Enter the MAK license key in the **Product key** field + + **Figure 1** - Enter the details for the Windows edition switch + + ![Enter the details for the Windows edition switch](images/i4e_editionupgrade.png) + +3. The switch will automatically be applied to the group you selected. + + +### Switch using Windows Configuration Designer +You can use Windows Configuration Designer to create a provisioning package that you can use to switch the Windows edition for your device(s). [Install Windows Configuration Designer from the Microsoft Store](https://www.microsoft.com/store/apps/9nblggh4tx22) to create a provisioning package. + +1. In Windows Configuration Designer, select **Provision desktop devices** to open the simple editor and create a provisioning package for Windows desktop editions. +2. In the **Set up device** page, enter the MAK license key in the **Enter product key** field to switch to Windows 10 Pro Education. + + **Figure 2** - Enter the license key + + ![Enter the license key to switch to Windows 10 Pro Education](images/wcd_productkey.png) + +3. Complete the rest of the process for creating a provisioning package and then apply the package to the devices you want to switch to Windows 10 Pro Education. + + For more information about using Windows Configuration Designer, see [Set up student PCs to join domain](https://technet.microsoft.com/en-us/edu/windows/set-up-students-pcs-to-join-domain). + +### Switch using MDM + +To switch Windows 10 S to Windows 10 Pro Education, enter the product key for the Windows 10 Pro Education edition in the **UpgradeEditionWithProductKey** policy setting of the [WindowsLicensing CSP](https://msdn.microsoft.com/en-us/windows/hardware/commercialize/customize/mdm/windowslicensing-csp). + +### Switch using scripting + +You can switch from Windows 10 S to Windows 10 Pro Education by running the changepk.exe command-line tool. To do this, run the following command: + +``` +changepk.exe /ProductKey MAK_key_or_product_key +``` + +Replace *MAK_key_or_product_key* with the MAK key that you obtained for the Windows 10 edition switch. + + +### Switch using the Activation page + +1. On the Windows device that you want to switch, open the **Settings** app. +2. Select **Update & security** > **Activation**, and then click **Change product key**. +3. In the **Enter a product key** window, enter the MAK key for Windows 10 Pro Education and click **Next**. + + +## Education customers with Azure AD joined devices + +Academic institutions can easily move from Windows 10 S or Windows 10 Pro to Windows 10 Pro Education without using activation keys or reboots. When one of your users enters their Azure AD credentials associated with a Windows 10 Pro Education license, the operating system switches to Windows 10 Pro Education and all the appropriate Windows 10 Pro Education features are unlocked. Previously, only schools or organizations purchasing devices as part of the Shape the Future K-12 program or with a Microsoft Volume Licensing Agreement could deploy Windows 10 Pro Education to their users. Now, if you have an Azure AD for your organization, you can take advantage of the Windows 10 Pro Education features. + +When you switch to Windows 10 Pro Education, you get the following benefits: + +- **Windows 10 Pro Education edition**. Devices currently running Windows 10 Pro, version 1607 or higher, or Windows 10 S, version 1703, can get Windows 10 Pro Education Current Branch (CB). This benefit does not include Long Term Service Branch (LTSB). +- **Support from one to hundreds of users**. The Windows 10 Pro Education program does not have a limitation on the number of licenses an organization can have. +- **Roll back options to Windows 10 Pro** + - When a user leaves the domain or you turn off the setting to automatically switch to Windows 10 Pro Education, the device reverts seamlessly to Windows 10 Pro edition (after a grace period of up to 30 days). + - For devices that originally had Windows 10 Pro edition installed, when a license expires or is transferred to another user, the Windows 10 Pro Education device seamlessly steps back down to Windows 10 Pro. + + See [Roll back Windows 10 Pro Education to Windows 10 Pro](#roll-back-windows-10-pro-education-to-windows-10-pro) for more info. + + For devices that originally had Windows 10 S installed, Windows 10 Pro Education cannot step back down to Windows 10 S. You will need to reimage these devices with Windows 10 S if you need to step down from Windows 10 Pro Education to Windows 10 S. + + +### Switch using Microsoft Store for Education +Once you enable the setting to switch to Windows 10 Pro Education, the switch will begin only after a user signs in to their device. The setting applies to the entire organization or tenant, so you cannot select which users will receive the switch. The switch will only apply to Windows 10 S and Windows 10 Pro devices. + +**To turn on the automatic switch to Windows 10 Pro Education** + +1. Sign in to [Microsoft Store for Education](https://educationstore.microsoft.com/) with your work or school account. + + If this is the first time you're signing into the Microsoft Store for Education, you'll be prompted to accept the Microsoft Store for Education Terms of Use. + +2. Click **Manage** from the top menu and then select the **Benefits tile**. +3. In the **Benefits** tile, look for the **Switch to Windows 10 Pro Education for free** link and then click it. + + You will see the following page informing you that your school is eligible to switch free to Windows 10 Pro Education from Windows 10 S or Windows 10 Pro. + + **Figure 3** - Switch Windows 10 Pro to Windows 10 Pro Education + + ![Eligible for free Windows 10 Pro to Windows 10 Pro Education switch](images/msfe_manage_benefits_switchtoproedu.png) + +4. In the **Switch all your devices to Windows 10 Pro Education for free** page, check box next to **I understand enabling this setting will switch all domain-joined devices running Windows 10 Pro or Windows 10 S in my organization**. + + **Figure 4** - Check the box to confirm + + ![Check the box to confirm](images/msfe_manage_benefits_checktoconfirm.png) + +5. Click **Switch all my devices**. + + A confirmation window pops up to let you know that an email has been sent to you to enable the switch. + +6. Close the confirmation window and check the email to proceed to the next step. +7. In the email, click the link to **Switch to Windows 10 Pro Education**. Once you click the link, this will take you back to the Microsoft Store for Education portal. + + **Figure 5** - Click the link in the email to switch to Windows 10 Pro Education + + ![Click the email link to switch to Windows 10 Pro Education](images/msfe_clickemaillink_switchtoproedu.png) + +8. Click **Switch now** in the **Switching your device to Windows 10 Pro Education for free** page in the Microsoft Store. + + You will see a window that confirms you've successfully switched all the devices in your organization to Windows 10 Pro Education, and each Azure AD joined device running Windows 10 Pro or Windows 10 S will automatically switch the next time someone in your organization signs in to the device. + +9. Click **Close** in the **Success** window. + +Enabling the automatic switch also triggers an email message notifying all global administrators in your organization about the switch. It also contains a link that enables any global administrators to cancel the switch if they choose. For more info about rolling back or canceling the switch, see [Roll back Windows 10 Pro Education to Windows 10 Pro](#roll-back-windows-10-pro-education-to-windows-10-pro).\ + +**Figure 6** - Email notifying all global admins about the switch + +![Email notifying all global admins about the switch](images/msfe_switchtoproedu_globaladminsemail_cancelswitch.png) + + +## Explore the switch experience + +So what will users experience? How will they switch their devices? + +### For existing Azure AD joined devices +Existing Azure AD domain joined devices will be switched to Windows 10 Pro Education the next time the user logs in. That's it! No additional steps are needed. + +### For new devices that are not Azure AD joined +Now that you've turned on the setting to automatically switch to Windows 10 Pro Education, the users are ready to switch their devices running Windows 10 Pro, version 1607 or higher or Windows 10 S, version 1703 to Windows 10 Pro Education edition. + +#### Step 1: Join users’ devices to Azure AD + +Users can join a device to Azure AD the first time they start the device (during setup), or they can join a device that they already use running Windows 10 Pro, version 1607 or higher, or Windows 10 S, version 1703. + +**To join a device to Azure AD the first time the device is started** + +There are different methods you can use to join a device to Azure AD: +- For multiple devices, we recommend using the [Set up School PCs app](use-set-up-school-pcs-app.md) to create a provisioning package to quickly provision and set up Windows 10 devices for education. +- For individual devices, you can use the Set up School PCs app or go through the Windows 10 device setup experience. If you choose this option, see the following steps. + +**To join a device to Azure AD using Windows device setup** + +If the Windows device is running Windows 10, version 1703, follow these steps. + +1. During initial device setup, on the **How would you like to set up?** page, select **Set up for an organization**, and then click **Next**. + + **Figure 7** - Select how you'd like to set up the device + + ![Select how you'd like to set up the device](images/1_howtosetup.png) + +2. On the **Sign in with Microsoft** page, enter the username and password to use with Office 365 or other services from Microsoft, and then click **Next**. + + **Figure 8** - Enter the account details + + ![Enter the account details you use with Office 365 or other Microsoft services](images/2_signinwithms.png) + +3. Go through the rest of Windows device setup. Once you're done, the device will be Azure AD joined to your school's subscription. + + +**To join a device to Azure AD when the device already has Windows 10 Pro, version 1703 or Windows 10 S, version 1703 installed and set up** + +If the Windows device is running Windows 10, version 1703, follow these steps. + +1. Go to **Settings > Accounts > Access work or school**. + + **Figure 9** - Go to **Access work or school** in Settings + + ![Go to Access work or school in Settings](images/settings_workorschool_1.png) + +2. In **Access work or school**, click **Connect**. +3. In the **Set up a work or school account** window, click the **Join this device to Azure Active Directory** option at the bottom. + + **Figure 10** - Select the option to join the device to Azure Active Directory + + ![Select the option to join the device to Azure Active Directory](images/settings_setupworkorschoolaccount_2.png) + +4. On the **Let's get you signed in** window, enter the Azure AD credentials (username and password) and sign in. This will join the device to the school's Azure AD. +5. To verify that the device was successfully joined to Azure AD, go back to **Settings > Accounts > Access work or school**. You should now see a connection under the **Connect to work or school** section that indicates the device is connected to Azure AD. + + **Figure 11** - Verify the device connected to Azure AD + + ![Verify the device is connected to Azure AD](images/settings_connectedtoazuread_3.png) + + +#### Step 2: Sign in using Azure AD account + +Once the device is joined to your Azure AD subscription, the user will sign in by using his or her Azure AD account. The Windows 10 Pro Education license associated with the user will enable Windows 10 Pro Education edition capabilities on the device. + + +#### Step 3: Verify that Pro Education edition is enabled + +You can verify the Windows 10 Pro Education in **Settings > Update & Security > Activation**. + +**Figure 12** - Windows 10 Pro Education in Settings + +Windows 10 activated and subscription active + +If there are any problems with the Windows 10 Pro Education license or the activation of the license, the **Activation** panel will display the appropriate error message or status. You can use this information to help you diagnose the licensing and activation process. + +### Troubleshoot the user experience + +In some instances, users may experience problems with the Windows 10 Pro Education switch. The most common problems that users may experience are as follows: + +- The existing operating system (Windows 10 Pro, version 1607 or higher, or Windows 10 S, version 1703) is not activated. +- The Windows 10 Pro Education switch has lapsed or has been removed. + +Use the following figures to help you troubleshoot when users experience these common problems: + +**Figure 13** - Illustrates a device in a healthy state, where the existing operating system is activated, and the Windows 10 Pro Education switch is active. + +Windows 10 activated and subscription active

    + + +**Figure 14** - Illustrates a device on which the existing operating system is not activated, but the Windows 10 Pro Education switch is active. + +Windows 10 not activated and subscription active

    + + +### Review requirements on devices + +Devices must be running Windows 10 Pro, version 1607 or higher, or Windows 10 S, version 1703 and be Azure AD joined, or domain joined with Azure AD Connect. Customers who are federated with Azure AD are also eligible. You can use the following procedures to review whether a particular device meets requirements. + +**To determine if a device is Azure AD joined** + +1. Open a command prompt and type the following: + + ``` + dsregcmd /status + ``` + +2. Review the output under Device State. If the **AzureAdJoined** status is YES, the device is Azure Active Directory joined. + +**To determine the version of Windows 10** + +- At a command prompt, type: + + ``` + winver + ``` + + A popup window will display the Windows 10 version number and detailed OS build information. + + > [!NOTE] + > If a device is running a previous version of Windows 10 Pro (for example, version 1511), it will not be switched to Windows 10 Pro Education when a user signs in, even if the user has been assigned a license. + +### Roll back Windows 10 Pro Education to Windows 10 Pro + +If your organization has the Windows 10 Pro to Windows 10 Pro Education switch enabled, and you decide to roll back to Windows 10 Pro or to cancel the switch, you can do this by: + +- Logging into Microsoft Store for Education page and turning off the automatic switch. +- Selecting the link to turn off the automatic switch from the notification email sent to all global administrators. + +Once the automatic switch to Windows 10 Pro Education is turned off, the change is effective immediately. Devices that were switched will revert to Windows 10 Pro only after the license has been refreshed (every 30 days) and the next time the user signs in. This means that a user whose device was switched may not immediately see Windows 10 Pro Education rolled back to Windows 10 Pro for up to 30 days. However, users who haven't signed in during the time that a switch was enabled and then turned off will never see their device change from Windows 10 Pro. + +> [!NOTE] +> Devices that were switched from Windows 10 S to Windows 10 Pro Education cannot roll back to Windows 10 S. + +**To roll back Windows 10 Pro Education to Windows 10 Pro** + +1. Log in to [Microsoft Store for Education](https://educationstore.microsoft.com/) with your school or work account, or follow the link from the notification email to turn off the automatic switch. +2. Select **Manage > Benefits** and locate the section **Windows 10 Pro Education** and follow the link. +3. In the **Revert to Windows 10 Pro** page, click **Revert to Windows 10 Pro**. + + **Figure 15** - Revert to Windows 10 Pro + + ![Revert to Windows 10 Pro](images/msfe_manage_reverttowin10pro.png) + +4. You will be asked if you're sure that you want to turn off automatic switches to Windows 10 Pro Education. Click **Yes**. +5. Click **Close** in the **Success** page. + + All global admins get a confirmation email that a request was made to roll back your organization to Windows 10 Pro. If you, or another global admin, decide later that you want to turn on automatic switches again, you can do this by selecting **Switch to Windows 10 Pro Education for free** from the **Manage > Benefits** in the Microsoft Store for Education. + + +## Preparing for deployment of Windows 10 Pro Education licenses + +If you have on-premises Active Directory Domain Services (AD DS) domains, users will use their domain-based credentials to sign in to the AD DS domain. Before you start deploying Windows 10 Pro Education to users, you need to synchronize the identities in the on-premises AD DS domain with Azure AD. + +You need to synchronize these identities so that users will have a *single identity* that they can use to access their on-premises apps and cloud services that use Azure AD (such as Windows 10 Pro Education). This means that users can use their existing credentials to sign in to Azure AD and access the cloud services that you provide and manage for them. + +Figure 11 illustrates the integration between the on-premises AD DS domain with Azure AD. [Microsoft Azure Active Directory Connect](http://www.microsoft.com/en-us/download/details.aspx?id=47594) (Azure AD Connect) is responsible for synchronization of identities between the on-premises AD DS domain and Azure AD. Azure AD Connect is a service that you can install on-premises or in a virtual machine in Azure. + +**Figure 16** - On-premises AD DS integrated with Azure AD + +![Illustration of Azure Active Directory Connect](images/windows-ad-connect.png) + +For more information about integrating on-premises AD DS domains with Azure AD, see these resources: +- [Integrating your on-premises identities with Azure Active Directory](http://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect/) +- [Azure AD + Domain Join + Windows 10](https://blogs.technet.microsoft.com/enterprisemobility/2016/02/17/azure-ad-domain-join-windows-10/) + +## Related topics + +[Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md) +[Deploy Windows 10 in a school district](deploy-windows-10-in-a-school-district.md) +[Compare Windows 10 editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare) diff --git a/education/windows/use-set-up-school-pcs-app.md b/education/windows/use-set-up-school-pcs-app.md index 8512b79b49..7338cfbdc0 100644 --- a/education/windows/use-set-up-school-pcs-app.md +++ b/education/windows/use-set-up-school-pcs-app.md @@ -34,13 +34,10 @@ Set up School PCs makes it easy to set up Windows 10 PCs with Microsoft's recomm * Prevents students from removing the PC from the school's device management system * Prevents students from removing the Set up School PCs settings - Keeps student PCs up-to-date without interfering with class time using Windows Update and maintenance hours - -A student PC that's set up using the Set up School PCs provisioning package is tailored to provide students with the tools they need for learning while removing apps and features that they don't need. - * Customizes the Start layout with Office - * Installs OneDrive for cloud-based documents and places it on the Start menu and taskbar - * Uninstalls apps not specific to education, such as Solitaire - * [Gets the student PC ready for use in an education environment](configure-windows-for-education.md) - * Prevents students from adding personal Microsoft accounts to the PC +- Customizes the Start layout with Office +- Installs OneDrive for storing cloud-based documents and Sway for creating interactive reports, presentations, and more +- Uninstalls apps not specific to education, such as Solitaire +- Prevents students from adding personal Microsoft accounts to the PC ## Tips for success diff --git a/education/windows/windows-10-pro-to-pro-edu-upgrade.md b/education/windows/windows-10-pro-to-pro-edu-upgrade.md deleted file mode 100644 index 373293b8ac..0000000000 --- a/education/windows/windows-10-pro-to-pro-edu-upgrade.md +++ /dev/null @@ -1,263 +0,0 @@ ---- -title: Switch Windows 10 Pro to Pro Education -description: Describes how IT Pros can opt into switching from Windows 10 Pro to Windows 10 Pro Education from the Microsoft Store for Education. -keywords: switch, Pro to Pro Education, education customers -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: edu -localizationpriority: high -author: CelesteDG ---- - -# Switch Windows 10 Pro to Pro Education from Microsoft Store for Education - -Windows 10 Pro Education is a new offering in Windows 10 Anniversary Update (Windows 10, version 1607). This edition builds on the commercial version of Windows 10 Pro and provides important management controls needed in schools by providing education-specific default settings. - -If you have an education tenant and use Windows 10 Pro in your schools now, global administrators can opt-in to a free switch to Windows 10 Pro Education through the Microsoft Store for Education. To take advantage of this offering, make sure you meet the [requirements for switching](#requirements-for-switching). - -Starting with Windows 10, version 1607, academic institutions can easily move from Windows 10 Pro to Windows 10 Pro Education—no keys and no reboots. After one of your users enters the Azure AD credentials associated with a Windows 10 Pro Education license, the operating system turns from Windows 10 Pro to Windows 10 Pro Education and all the appropriate Windows 10 Pro Education features are unlocked. When a license expires or is transferred to another user, the Windows 10 Pro Education device seamlessly steps back down to Windows 10 Pro. - -Previously, only schools or organizations purchasing devices as part of the Shape the Future K-12 program or with a Microsoft Volume Licensing Agreement could deploy Windows 10 Pro Education to their users. Now, if you have a Azure AD for your organization, you can take advantage of the Windows 10 Pro Education features. - -When you switch to Windows 10 Pro Education, you get the following benefits: - -- **Windows 10 Pro Education edition**. Devices currently running Windows 10 Pro, version 1607 can get Windows 10 Pro Education Current Branch (CB). This benefit does not include Long Term Service Branch (LTSB). -- **Support from one to hundreds of users**. The Windows 10 Pro Education program does not have a limitation on the number of licenses an organization can have. -- **Roll back to Windows 10 Pro at any time**. When a user leaves the domain or you turn off the setting to automatic switch to Windows 10 Pro Education, the device reverts seamlessly to Windows 10 Pro edition (after a grace period of up to 30 days). - -In summary, the Windows 10 Pro Education free switch through the Microsoft Store for Education is an offering that provides organizations easier, more flexible access to the benefits of Windows 10 Pro Education edition. - -## Compare Windows 10 Pro and Pro Education editions - -In Windows 10, version 1607, the Windows 10 Pro Education edition contains the same features as the Windows 10 Pro edition except for the following differences: - -- Cortana is removed from Windows 10 Pro Education -- Options to manage Windows 10 tips and tricks and Windows Store suggestions - -See [Windows 10 editions for education customers](windows-editions-for-education-customers.md) for more info about Windows 10 Pro Education and you can also [Compare Windows 10 Editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare) to find out more about the features we support in other editions of Windows 10. - -## Requirements for switching - -Before you switch from Windows 10 Pro to Windows 10 Pro Education, make sure you meet these requirements: -- Devices must be: - - Running Windows 10 Pro, version 1607 - - Must be Azure Active Directory joined, or domain joined with Azure AD Connect. Customers who are federated with Azure Active Directory are also eligible. For more information, see [Review requirements on devices](#review-requirements-on-devices). - - If you haven't domain joined your devices already, [prepare for deployment of Windows 10 Pro Education licenses](#preparing-for-deployment-of-windows-10-pro-education-licenses). -- The user making the changes must be a member of the Azure AD global administrator group. -- The Azure AD tenant must be recognized as an education approved tenant. -- You must have a Microsoft Store for Education account. - -## Switch from Windows 10 Pro to Windows 10 Pro Education -Once you enable the setting to switch Windows 10 Pro to Windows 10 Pro Education, the switch will begin only after a user signs in to their device. The setting applies to the entire organization so you cannot select which users will receive the switch. - -**To turn on the automatic switch from Windows 10 Pro to Windows 10 Pro Education** - -1. Sign in to [Microsoft Store for Education](https://businessstore.microsoft.com/en-us/Store/Apps) with your work or school account. - - If this is the first time you're signing into the Microsoft Store, you'll be prompted to accept the Microsoft Store for Business and Education License Agreement. - -2. Go to **Manage > Account information**. -3. In the **Account information** page, look for the **Automatic Windows 10 Pro Education upgrade** section and follow the link. - - You will see the following page informing you that your school is eligible for a free automatic switch from Windows 10 Pro to Windows 10 Pro Education. - - ![Eligible for free Windows 10 Pro to Windows 10 Pro Education switch](images/wsfb_win10_pro_to proedu_upgrade_eligibility_page.png) - - **Figure 1** - Switch Windows 10 Pro to Windows 10 Pro Education - -4. Select **I understand enabling this setting will impact all devices running Windows 10 Pro in my organization**. -5. Click **Send me email with a link to enable this upgrade** to receive an email with a link to the switch. - - ![Email with Windows 10 Pro to Pro Education switch link](images/wsfb_win10_pro_to_proedu_email_upgrade_link.png) - - **Figure 2** - Email notification with a link to enable the switch - -6. Click **Enable the automatic upgrade now** to turn on automatic switches. - - ![Enable the automatic switch](images/wsfb_win10_pro_to proedu_upgrade_enable.png). - - **Figure 3** - Enable the automatic switch - - Enabling the automatic switch also triggers an email message notifying all global administrators in your organization about the switch. It also contains a link that enables any global administrators to cancel the switch, if they choose. For more info about rolling back or canceling the switch, see [Roll back Windows 10 Pro Education to Windows 10 Pro](#roll-back-windows-10-pro-education-to-windows-10-pro). - - ![Email informing other global admins about the switch](images/wsfb_win10_pro_to proedu_upgrade_email_global_admins.png). - - **Figure 4** - Notification email sent to all global administrators - -7. Click **Close** in the **Success** page. - - In the **Upgrade Windows 10 Pro to Windows 10 Pro Education** page, you will see a message informing you when the switch was enabled and the name of the admin who enabled the switch. - - ![Summary page about the switch](images/wsfb_win10_pro_to proedu_upgrade_summary.png) - - **Figure 5** - Details about the automatic switch - - -## Explore the switch experience - -So what will the users experience? How will they switch their devices? - -### For existing Azure AD domain joined devices -Existing Azure AD domain joined devices will be switched from Windows 10 Pro to Windows 10 Pro Education the next time the user logs in. That's it! No additional steps are needed. - -### For new devices that are not Azure AD domain joined -Now that you've turned on the setting to automatically switch Windows 10 Pro to Windows 10 Pro Education, the users are ready to switch their devices running Windows 10 Pro, version 1607 edition to Windows 10 Pro Education edition. - -#### Step 1: Join users’ devices to Azure AD - -Users can join a device to Azure AD the first time they start the device (during setup), or they can join a device that they already use running Windows 10 Pro, version 1607. - -**To join a device to Azure AD the first time the device is started** - -1. During the initial setup, on the **Who owns this PC?** page, select **My organization**, and then click **Next**, as illustrated in **Figure 6**. - - Who owns this PC? page in Windows 10 setup - - **Figure 6** - The “Who owns this PC?” page in initial Windows 10 setup - -2. On the **Choose how you’ll connect** page, select **Join Azure AD**, and then click **Next**, as illustrated in **Figure 7**. - - Choose how you'll connect - page in Windows 10 setup - - **Figure 7** - The “Choose how you’ll connect” page in initial Windows 10 setup - -3. On the **Let’s get you signed in** page, enter the Azure AD credentials, and then click **Sign in**, as illustrated in **Figure 8**. - - Let's get you signed in - page in Windows 10 setup - - **Figure 8** - The “Let’s get you signed in” page in initial Windows 10 setup - -Now the device is Azure AD joined to the company’s subscription. - -**To join a device to Azure AD when the device already has Windows 10 Pro, version 1607 installed and set up** - -1. Go to **Settings > Accounts > Access work or school**, as illustrated in **Figure 9**. - - Connect to work or school configuration - - **Figure 9** - Connect to work or school configuration in Settings - -2. In **Set up a work or school account**, click **Join this device to Azure Active Directory**, as illustrated in **Figure 10**. - - Set up a work or school account - - **Figure 10** - Set up a work or school account - -3. On the **Let’s get you signed in** page, enter the Azure AD credentials, and then click **Sign in**, as illustrated in **Figure 11**. - - Let's get you signed in - dialog box - - **Figure 11** - The “Let’s get you signed in” dialog box - -Now the device is Azure AD joined to the company’s subscription. - -#### Step 2: Sign in using Azure AD account - -Once the device is joined to your Azure AD subscription, the user will sign in by using his or her Azure AD account, as illustrated in **Figure 12**. The Windows 10 Pro Education license associated with the user will enable Windows 10 Pro Education edition capabilities on the device. - -Sign in, Windows 10 - -**Figure 12** - Sign in by using Azure AD account - -#### Step 3: Verify that Pro Education edition is enabled - -You can verify the Windows 10 Pro Education in **Settings > Update & Security > Activation**, as illustrated in **Figure 13**. - - - -**Figure 13** - Windows 10 Pro Education in Settings - -Windows 10 activated and subscription active - -If there are any problems with the Windows 10 Pro Education license or the activation of the license, the **Activation** panel will display the appropriate error message or status. You can use this information to help you diagnose the licensing and activation process. - -## Troubleshoot the user experience - -In some instances, users may experience problems with the Windows 10 Pro Education switch. The most common problems that users may experience are as follows: - -- The existing Windows 10 Pro, version 1607 operating system is not activated. - -- The Windows 10 Pro Education switch has lapsed or has been removed. - -Use the following figures to help you troubleshoot when users experience these common problems: - - - -**Figure 13** - Illustrates a device in a healthy state, where Windows 10 Pro, version 1607 is activated and the Windows 10 Pro Education switch is active. - -Windows 10 activated and subscription active - - - -**Figure 14** - Illustrates a device on which Windows 10 Pro, version 1607 is not activated, but the Windows 10 Pro Education switch is active. - -Windows 10 not activated and subscription active

    - - -### Review requirements on devices - -Devices must be running Windows 10 Pro, version 1607, and be Azure Active Directory joined, or domain joined with Azure AD Connect. Customers who are federated with Azure Active Directory are also eligible. You can use the following procedures to review whether a particular device meets requirements. - -**To determine if a device is Azure Active Directory joined** - -1. Open a command prompt and type **dsregcmd /status**. - -2. Review the output under Device State. If the **AzureAdJoined** status is YES, the device is Azure Active Directory joined. - -**To determine the version of Windows 10** - -- At a command prompt, type: - **winver** - - A popup window will display the Windows 10 version number and detailed OS build information. - - If a device is running a previous version of Windows 10 Pro (for example, version 1511), it will not be switched to Windows 10 Pro Education when a user signs in, even if the user has been assigned a license. - -## Roll back Windows 10 Pro Education to Windows 10 Pro - -If your organization has the Windows 10 Pro to Windows 10 Pro Education switch enabled, and you decide to roll back to Windows 10 Pro or to cancel the switch, you can do this by: -- Logging into Microsoft Store for Education page and turning off the automatic switch. -- Selecting the link to turn off the automatic switch from the notification email sent to all global administrators. - -Once the automatic switch to Windows 10 Pro Education is turned off, the change is effective immediately. Devices that were switched will revert to Windows 10 Pro only after the license has been refreshed (every 30 days) and the next time the user signs in. This means that a user whose device was switched may not immediately see Windows 10 Pro Education rolled back to Windows 10 Pro for up to 30 days. However, users who haven't signed in during the time that an switch was enabled and then turned off will never see their device change from Windows 10 Pro. - -**To roll back Windows 10 Pro Education to Windows 10 Pro** -1. Log in to [Microsoft Store for Education](https://businessstore.microsoft.com/en-us/Store/Apps) with your school or work account, or follow the link from the notification email to turn off the automatic switch. -2. Select **Manage > Account information** and locate the section **Automatic Windows 10 Pro Education upgrade** and follow the link. -3. In the **Upgrade Windows 10 Pro to Windows 10 Pro Education** page, select **Turn off the automatic upgrade to Windows 10 Pro Education**. - - ![Turn off automatic switch to Windows 10 Pro Education](images/wsfb_win10_pro_to proedu_upgrade_disable.png) - - **Figure 15** - Link to turn off the automatic switch - -4. You will be asked if you're sure that you want to turn off automatic switches to Windows 10 Pro Education. Click **Yes**. -5. Click **Close** in the **Success** page. -6. In the **Upgrade Windows 10 Pro to Windows 10 Pro Education** page, you will see information on when the switch was disabled. - - If you decide later that you want to turn on automatic switches again, you can do this from the **Upgrade Windows 10 Pro to Windows 10 Pro Education**. - -## Preparing for deployment of Windows 10 Pro Education licenses - -If you have on-premises Active Directory Domain Services (AD DS) domains, users will use their domain-based credentials to sign in to the AD DS domain. Before you start deploying Windows 10 Pro Education to users, you need to synchronize the identities in the on-premises AD DS domain with Azure AD. - -You need to synchronize these identities so that users will have a *single identity* that they can use to access their on-premises apps and cloud services that use Azure AD (such as Windows 10 Pro Education). This means that users can use their existing credentials to sign in to Azure AD and access the cloud services that you provide and manage for them. - -**Figure 16** illustrates the integration between the on-premises AD DS domain with Azure AD. [Microsoft Azure Active Directory Connect](http://www.microsoft.com/en-us/download/details.aspx?id=47594) (Azure AD Connect) is responsible for synchronization of identities between the on-premises AD DS domain and Azure AD. Azure AD Connect is a service that you can install on-premises or in a virtual machine in Azure. - -![Illustration of Azure Active Directory Connect](images/windows-ad-connect.png) - -**Figure 16** - On-premises AD DS integrated with Azure AD - -For more information about integrating on-premises AD DS domains with Azure AD, see these resources: -- [Integrating your on-premises identities with Azure Active Directory](http://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect/) -- [Azure AD + Domain Join + Windows 10](https://blogs.technet.microsoft.com/enterprisemobility/2016/02/17/azure-ad-domain-join-windows-10/) - -## Related topics - -[Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md) - -[Deploy Windows 10 in a school district](deploy-windows-10-in-a-school-district.md) - -[Compare Windows 10 editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare) diff --git a/store-for-business/update-windows-store-for-business-account-settings.md b/store-for-business/update-windows-store-for-business-account-settings.md index e2266ea8a6..637220cb67 100644 --- a/store-for-business/update-windows-store-for-business-account-settings.md +++ b/store-for-business/update-windows-store-for-business-account-settings.md @@ -61,13 +61,13 @@ Taxes for Microsoft Store for Business purchases are determined by your business - Switzerland - United Kingdom -These countries can provide their VAT number or local equivalent in **Payments & billing**. However, they can only acquire free apps. +These countries can provide their VAT number or local equivalent in **Payments & billing**. |Market| Tax identifier | |------|----------------| -| Brazil | CPNJ (required), CCMID (optional) | -| India | CST ID, VAT ID | -| Taiwan | Unified business number| +| Brazil | CNPJ (required) | +| India | CST ID, VAT ID (both are optional) | +| Taiwan | VAT ID (optional) | ### Tax-exempt status diff --git a/store-for-business/windows-store-for-business-overview.md b/store-for-business/windows-store-for-business-overview.md index 92902b6347..0edcf1dfa2 100644 --- a/store-for-business/windows-store-for-business-overview.md +++ b/store-for-business/windows-store-for-business-overview.md @@ -157,6 +157,193 @@ For more information, see [Manage settings in the Store for Business](manage-set Microsoft Store for Business and Education is currently available in these markets. + +### Support for free and paid apps @@ -294,22 +481,29 @@ Microsoft Store for Business and Education is currently available in these marke
    Support for free and paid apps
    - - - - - - - -
    Support for free apps only
    -
      -
    • Brazil
      • -
    • India
      • -
    • Russia
      • -
    • Taiwan
      • -
    • Ukraine
      • -
    -
    +### Support for free apps +Customers in these markets can use Microsoft Store for Business and Education to acquire free apps: +- India +- Russia + +### Support for free apps and Minecraft: Education Edition +Customers in these markets can use Microsoft Store for Business and Education to acquire free apps and Minecraft: Education Edition: +- Brazil +- Taiwan +- Ukraine + +This table summarize what customers can purchase, depending on which Microsoft Store they are using. + +| Store | Free apps | Minecraft: Education Edition | +| ----- | --------- | ---------------------------- | +| Microsoft Store for Business | supported | not supported | +| Microsoft Store for Education | supported | supported; invoice payment required | + +> [!NOTE] +> **Microsoft Store for Education customers with support for free apps and Minecraft: Education Edition** +- Admins can acquire free apps from **Microsoft Store for Education**. +- Admins need to use an invoice to purchase **Minecraft: Education Edition**. For more information, see [Invoice payment option](https://docs.microsoft.com/education/windows/school-get-minecraft#invoices). +- Teachers, or people with the Basic Purachaser role, can acquire free apps, but not **Minecraft: Education Edition**. ## Privacy notice diff --git a/windows/access-protection/enterprise-certificate-pinning.md b/windows/access-protection/enterprise-certificate-pinning.md index c1713b7bac..c5c53ac5e6 100644 --- a/windows/access-protection/enterprise-certificate-pinning.md +++ b/windows/access-protection/enterprise-certificate-pinning.md @@ -71,141 +71,41 @@ Each PinRule element contains a sequence of one or more Site elements and a sequ The PinRules element can have the following attributes. For help with formatting Pin Rules, see [Representing a Date in XML](#representing-a-date-in-xml) or [Representing a Duration in XML](#representing-a-duration-in-xml). -- **Duration** or **NextUpdate** - - Specifies when the Pin Rules will expire. - Either is required. - **NextUpdate** takes precedence if both are specified. - - **Duration**, represented as an XML TimeSpan data type, does not allow years and months. - You represent the **NextUpdate** attribute as a XML DateTime data type in UTC. - - **Required?** Yes. At least one is required. - -- **LogDuration** or **LogEndDate** - - Configures auditing only to extend beyond the expiration of enforcing the Pin Rules. - - **LogEndDate**, represented as an XML DateTime data type in UTC, takes precedence if both are specified. - - You represent **LogDuration** as an XML TimeSpan data type, which does not allow years and months. - - If neither attribute is specified, auditing expiration uses **Duration** or **NextUpdate** attributes. - - **Required?** No. - -- **ListIdentifier** - - Provides a friendly name for the list of pin rules. - Windows does not use this attribute for certificate pinning enforcement, however it is included when the pin rules are converted to a certificate trust list (CTL). - - **Required?** No. +| Attribute | Description | Required | +|-----------|-------------|----------| +| **Duration** or **NextUpdate** | Specifies when the Pin Rules will expire. Either is required. **NextUpdate** takes precedence if both are specified.
    **Duration**, represented as an XML TimeSpan data type, does not allow years and months. You represent the **NextUpdate** attribute as a XML DateTime data type in UTC. | **Required?** Yes. At least one is required. | +| **LogDuration** or **LogEndDate** | Configures auditing only to extend beyond the expiration of enforcing the Pin Rules.
    **LogEndDate**, represented as an XML DateTime data type in UTC, takes precedence if both are specified.
    You represent **LogDuration** as an XML TimeSpan data type, which does not allow years and months.
    If neither attribute is specified, auditing expiration uses **Duration** or **NextUpdate** attributes. | No. | +| **ListIdentifier** | Provides a friendly name for the list of pin rules. Windows does not use this attribute for certificate pinning enforcement, however it is included when the pin rules are converted to a certificate trust list (CTL). | No. | #### PinRule Element -The **PinRule** element can have the following attributes: +The **PinRule** element can have the following attributes. -- **Name** - - Uniquely identifies the **PinRule**. - Windows uses this attribute to identify the element for a parsing error or for verbose output. - The attribute is not included in the generated certificate trust list (CTL). - - **Required?** Yes. - -- **Error** - - Describes the action Windows performs when it encounters a PIN mismatch. - You can choose from the following string values: - - **Revoked** - Windows reports the certificate protecting the site as if it was revoked. This typically prevents the user from accessing the site. - - **InvalidName** - Windows reports the certificate protecting the site as if the name on the certificate does not match the name of the site. This typically results in prompting the user before accessing the site. - - **None** - The default value. No error is returned. You can use this setting to audit the pin rules without introducing any user friction. - - **Required?** No. - -- **Log** - - A Boolean value represent as string that equals **true** or **false**. - By default, logging is enabled (**true**). - - **Required?** No. +| Attribute | Description | Required | +|-----------|-------------|----------| +| **Name** | Uniquely identifies the **PinRule**. Windows uses this attribute to identify the element for a parsing error or for verbose output. The attribute is not included in the generated certificate trust list (CTL). | Yes.| +| **Error** | Describes the action Windows performs when it encounters a PIN mismatch. You can choose from the following string values:
    - **Revoked** - Windows reports the certificate protecting the site as if it was revoked. This typically prevents the user from accessing the site.
    - **InvalidName** - Windows reports the certificate protecting the site as if the name on the certificate does not match the name of the site. This typically results in prompting the user before accessing the site.
    - **None** - The default value. No error is returned. You can use this setting to audit the pin rules without introducing any user friction. | No. | +| **Log** | A Boolean value represent as string that equals **true** or **false**. By default, logging is enabled (**true**). | No. | #### Certificate element -The **Certificate** element can have the following attributes: +The **Certificate** element can have the following attributes. -- **File** - - Path to a file containing one or more certificates. - Where the certificate(s) can be encoded as: - - single certificate - - p7b - - sst. - - These files can also be Base64 formatted. - All **Site** elements included in the same **PinRule** element can match any of these certificates. - - **Required?** Yes (File, Directory or Base64 must be present). - -- **Directory** - - Path to a directory containing one or more of the above certificate files. - Skips any files not containing any certificates. - - **Required?** Yes (File, Directory or Base64 must be present). - -- **Base64** - - Base64 encoded certificate(s). - Where the certificate(s) can be encoded as: - - single certificate - - p7b - - sst. - - This allows the certificates to be included in the XML file without a file directory dependency. - - > [!Note] - > You can use **certutil -encode** to a .cer file into base64. You can then use Notepad to copy and paste the base64 encoded certificate into the pin rule. - - **Required?** Yes (File, Directory or Base64 must be present). - -- **EndDate** - - Enables you to configure an expiration date for when the certificate is no longer valid in the pin rule. - - If you are in the process of switching to a new root or CA, you can set the **EndDate** to allow matching of this element’s certificates. - - If the current time is past the **EndDate**, then, when creating the certificate trust list (CTL), the parser outputs a warning message and exclude the certificate(s) from the Pin Rule in the generated CTL. - - For help with formatting Pin Rules, see [Representing a Date in XML](#representing-a-date-in-xml). - - **Required?** No. +| Attribute | Description | Required | +|-----------|-------------|----------| +| **File** | Path to a file containing one or more certificates. Where the certificate(s) can be encoded as:
    - single certificate
    - p7b
    - sst
    These files can also be Base64 formatted. All **Site** elements included in the same **PinRule** element can match any of these certificates. | Yes (File, Directory or Base64 must be present). | +| **Directory** | Path to a directory containing one or more of the above certificate files. Skips any files not containing any certificates. | Yes (File, Directory or Base64 must be present). | +| **Base64** | Base64 encoded certificate(s). Where the certificate(s) can be encoded as:
    - single certificate
    - p7b
    - sst
    This allows the certificates to be included in the XML file without a file directory dependency.
    Note:
    You can use **certutil -encode** to convert a .cer file into base64. You can then use Notepad to copy and paste the base64 encoded certificate into the pin rule. | Yes (File, Directory or Base64 must be present). | +| **EndDate** | Enables you to configure an expiration date for when the certificate is no longer valid in the pin rule.
    If you are in the process of switching to a new root or CA, you can set the **EndDate** to allow matching of this element’s certificates.
    If the current time is past the **EndDate**, then, when creating the certificate trust list (CTL), the parser outputs a warning message and exclude the certificate(s) from the Pin Rule in the generated CTL.
    For help with formatting Pin Rules, see [Representing a Date in XML](#representing-a-date-in-xml).| No.| #### Site element -The **Site** element can have the following attributes: +The **Site** element can have the following attributes. -- **Domain** - - Contains the DNS name to be matched for this pin rule. - When creating the certificate trust list, the parser normalizes the input name string value as follows: - - If the DNS name has a leading "*" it is removed. - - Non-ASCII DNS name are converted to ASCII Puny Code. - - Upper case ASCII characters are converted to lower case. - - If the normalized name has a leading ".", then, wildcard left hand label matching is enabled. - For example, ".xyz.com" would match "abc.xyz.com". - - **Required?** Yes. - -- **AllSubdomains** - - By default, wildcard left hand label matching is restricted to a single left hand label. - This attribute can be set to "true" to enable wildcard matching of all of the left hand labels. - - For example, setting this attribute would also match "123.abc.xyz.com" for the ".xyz.com" domain value. - - **Required?** No. +| Attribute | Description | Required | +|-----------|-------------|----------| +| **Domain** | Contains the DNS name to be matched for this pin rule. When creating the certificate trust list, the parser normalizes the input name string value as follows:
    - If the DNS name has a leading "*" it is removed.
    - Non-ASCII DNS name are converted to ASCII Puny Code.
    - Upper case ASCII characters are converted to lower case.
    If the normalized name has a leading ".", then, wildcard left hand label matching is enabled. For example, ".xyz.com" would match "abc.xyz.com". | Yes.| +| **AllSubdomains** | By default, wildcard left hand label matching is restricted to a single left hand label. This attribute can be set to "true" to enable wildcard matching of all of the left-hand labels.
    For example, setting this attribute would also match "123.abc.xyz.com" for the ".xyz.com" domain value.| No.| ### Create a Pin Rules Certificate Trust List @@ -289,9 +189,12 @@ Sign-in to the reference computer using domain administrator equivalent credenti 8. Right-click the **Registry** node and click **New**. 9. In the **New Registry Properties** dialog box, select **Update** from the **Action** list. Select **HKEY_LOCAL_MACHINE** from the **Hive** list. 10. For the **Key Path**, click **…** to launch the **Registry Item Browser**. Navigate to the following registry key and select the **PinRules** registry value name: + HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType0\CertDllCreateCertificateChainEngine\Config + Click **Select** to close the **Registry Item Browser**. -11. The **Key Path** should contain the selected registry key. The **Value name** configuration should contain the registry value name **_PinRules_**. **Value type** should read **_REGBINARY_** and **Value data** should contain a long series of numbers from 0-9 and letters ranging from A-F (hexadecimal). Click **OK** to save your settings and close the dialog box. + +11. The **Key Path** should contain the selected registry key. The **Value name** configuration should contain the registry value name **_PinRules_**. **Value type** should read **_REG\_BINARY_** and **Value data** should contain a long series of numbers from 0-9 and letters ranging from A-F (hexadecimal). Click **OK** to save your settings and close the dialog box. ![PinRules Properties](images/enterprise-certificate-pinning-pinrules-properties.png) @@ -302,10 +205,6 @@ Sign-in to the reference computer using domain administrator equivalent credenti To assist in constructing certificate pinning rules, you can configure the **PinRulesLogDir** setting under the certificate chain configuration registry key to include a parent directory to log pin rules. -```code -HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType0\CertDllCreateCertificateChainEngine\Config -``` - | Name | Value | |------|-------| | Key | HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType0\CertDllCreateCertificateChainEngine\Config | diff --git a/windows/access-protection/windows-firewall/create-wmi-filters-for-the-gpo.md b/windows/access-protection/windows-firewall/create-wmi-filters-for-the-gpo.md index 80474a70be..d8344768fc 100644 --- a/windows/access-protection/windows-firewall/create-wmi-filters-for-the-gpo.md +++ b/windows/access-protection/windows-firewall/create-wmi-filters-for-the-gpo.md @@ -85,7 +85,7 @@ First, create the WMI filter and configure it to look for a specified version (o After you have created a filter with the correct query, link the filter to the GPO. Filters can be reused with many GPOs simultaneously; you do not have to create a new one for each GPO if an existing one meets your needs. -1. Open theGroup Policy Management console. +1. Open the Group Policy Management console. 2. In the navigation pane, find and then click the GPO that you want to modify. diff --git a/windows/client-management/TOC.md b/windows/client-management/TOC.md index 120dc8ffe8..57e0175c71 100644 --- a/windows/client-management/TOC.md +++ b/windows/client-management/TOC.md @@ -9,5 +9,5 @@ ## [Reset a Windows 10 Mobile device](reset-a-windows-10-mobile-device.md) ## [Windows 10 Mobile deployment and management guide](windows-10-mobile-and-mdm.md) ## [Windows libraries](windows-libraries.md) -## [Mobile Device Management](mdm/index.md) +## [Mobile device management protocol](mdm/index.md) ## [Change history for Client management](change-history-for-client-management.md) diff --git a/windows/client-management/join-windows-10-mobile-to-azure-active-directory.md b/windows/client-management/join-windows-10-mobile-to-azure-active-directory.md index a7c3befabe..69f6f73aa0 100644 --- a/windows/client-management/join-windows-10-mobile-to-azure-active-directory.md +++ b/windows/client-management/join-windows-10-mobile-to-azure-active-directory.md @@ -191,7 +191,7 @@ To see the Notebooks that your Azure AD account has access to, tap **More Notebo ## Use Windows Store for Business -[Windows Store for Business](/microsoft-store/index) allows you to specify applications to be available to your users in the Windows Store application. These applications show up on a tab titled for your company. Applications approved in the Windows Store for Business portal can be installed by users. +[Microsoft Store for Business](/microsoft-store/index) allows you to specify applications to be available to your users in the Windows Store application. These applications show up on a tab titled for your company. Applications approved in the Microsoft Store for Business portal can be installed by users. ![company tab on store](images/aadjwsfb.jpg) diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index 35f400979f..45051db6b8 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -141,6 +141,8 @@ #### [EnterpriseModernAppManagement DDF](enterprisemodernappmanagement-ddf.md) #### [EnterpriseModernAppManagement XSD](enterprisemodernappmanagement-xsd.md) ### [FileSystem CSP](filesystem-csp.md) +### [Firewall CSP](firewall-csp.md) +#### [Firewall DDF file](firewall-ddf-file.md) ### [HealthAttestation CSP](healthattestation-csp.md) #### [HealthAttestation DDF](healthattestation-ddf.md) ### [HotSpot CSP](hotspot-csp.md) @@ -196,6 +198,8 @@ #### [SUPL DDF file](supl-ddf-file.md) ### [SurfaceHub CSP](surfacehub-csp.md) #### [SurfaceHub DDF file](surfacehub-ddf-file.md) +### [TPMPolicy CSP](tpmpolicy-csp.md) +#### [TPMPolicy DDF file](tpmpolicy-ddf-file.md) ### [UnifiedWriteFilter CSP](unifiedwritefilter-csp.md) #### [UnifiedWriteFilter DDF file](unifiedwritefilter-ddf.md) ### [Update CSP](update-csp.md) diff --git a/windows/client-management/mdm/activesync-csp.md b/windows/client-management/mdm/activesync-csp.md index 71356fcfe5..a395891a14 100644 --- a/windows/client-management/mdm/activesync-csp.md +++ b/windows/client-management/mdm/activesync-csp.md @@ -1,19 +1,14 @@ --- title: ActiveSync CSP description: ActiveSync CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: c65093ef-bd36-4f32-9dab-edb7bcfb3188 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # ActiveSync CSP diff --git a/windows/client-management/mdm/activesync-ddf-file.md b/windows/client-management/mdm/activesync-ddf-file.md index 9b4cd8e771..8aa90d6d7c 100644 --- a/windows/client-management/mdm/activesync-ddf-file.md +++ b/windows/client-management/mdm/activesync-ddf-file.md @@ -1,19 +1,14 @@ --- title: ActiveSync DDF file description: ActiveSync DDF file -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: c4cd4816-ad8f-45b2-9b81-8abb18254096 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # ActiveSync DDF file diff --git a/windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md b/windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md index aa3bb1fee0..e1c6986fe5 100644 --- a/windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md +++ b/windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md @@ -1,19 +1,14 @@ --- title: Add an Azure AD tenant and Azure AD subscription description: Here's a step-by-step guide to adding an Azure Active Directory tenant, adding an Azure AD subscription, and registering your subscription. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 36D94BEC-A6D8-47D2-A547-EBD7B7D163FA -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Add an Azure AD tenant and Azure AD subscription Here's a step-by-step guide to adding an Azure Active Directory tenant, adding an Azure AD subscription, and registering your subscription. diff --git a/windows/client-management/mdm/alljoynmanagement-csp.md b/windows/client-management/mdm/alljoynmanagement-csp.md index 1532ee174a..0746ed4175 100644 --- a/windows/client-management/mdm/alljoynmanagement-csp.md +++ b/windows/client-management/mdm/alljoynmanagement-csp.md @@ -1,19 +1,14 @@ --- title: AllJoynManagement CSP description: The AllJoynManagement configuration service provider (CSP) allows an IT administrator to enumerate the AllJoyn devices that are connected to the AllJoyn bus. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 468E0EE5-EED3-48FF-91C0-89F9D159AA8C -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # AllJoynManagement CSP diff --git a/windows/client-management/mdm/alljoynmanagement-ddf.md b/windows/client-management/mdm/alljoynmanagement-ddf.md index de3a888d38..ebc2840da3 100644 --- a/windows/client-management/mdm/alljoynmanagement-ddf.md +++ b/windows/client-management/mdm/alljoynmanagement-ddf.md @@ -1,19 +1,14 @@ --- title: AllJoynManagement DDF description: AllJoynManagement DDF -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 540C2E60-A041-4749-A027-BBAF0BB046E4 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # AllJoynManagement DDF diff --git a/windows/client-management/mdm/application-csp.md b/windows/client-management/mdm/application-csp.md index 15807c6fae..463b2e0c07 100644 --- a/windows/client-management/mdm/application-csp.md +++ b/windows/client-management/mdm/application-csp.md @@ -1,19 +1,14 @@ --- title: APPLICATION configuration service provider description: APPLICATION configuration service provider -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 0705b5e9-a1e7-4d70-a73d-7f758ffd8099 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # APPLICATION configuration service provider diff --git a/windows/client-management/mdm/applicationrestrictions-xsd.md b/windows/client-management/mdm/applicationrestrictions-xsd.md index c1b28b4f7b..312d90524e 100644 --- a/windows/client-management/mdm/applicationrestrictions-xsd.md +++ b/windows/client-management/mdm/applicationrestrictions-xsd.md @@ -1,19 +1,14 @@ --- title: ApplicationRestrictions XSD description: Here's the XSD for the ApplicationManagement/ApplicationRestrictions policy. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: A5AA2B59-3736-473E-8F70-A90FD61EE426 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # ApplicationRestrictions XSD diff --git a/windows/client-management/mdm/applocker-csp.md b/windows/client-management/mdm/applocker-csp.md index 5d2380c7e7..a73544002c 100644 --- a/windows/client-management/mdm/applocker-csp.md +++ b/windows/client-management/mdm/applocker-csp.md @@ -1,19 +1,14 @@ --- title: AppLocker CSP description: AppLocker CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 32FEA2C9-3CAD-40C9-8E4F-E3C69637580F -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # AppLocker CSP @@ -338,343 +333,7 @@ When you create a list of allowed apps in Windows 10 Mobile, you must also incl The product name is first part of the PackageFullName followed by the version number. | Settings app name | PackageFullName or Product name | ProductID | -|--- -title: AppLocker CSP -description: AppLocker CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 32FEA2C9-3CAD-40C9-8E4F-E3C69637580F -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: AppLocker CSP -description: AppLocker CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 32FEA2C9-3CAD-40C9-8E4F-E3C69637580F -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: AppLocker CSP -description: AppLocker CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 32FEA2C9-3CAD-40C9-8E4F-E3C69637580F -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: AppLocker CSP -description: AppLocker CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 32FEA2C9-3CAD-40C9-8E4F-E3C69637580F -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: AppLocker CSP -description: AppLocker CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 32FEA2C9-3CAD-40C9-8E4F-E3C69637580F -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: AppLocker CSP -description: AppLocker CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 32FEA2C9-3CAD-40C9-8E4F-E3C69637580F -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- -|--- -title: AppLocker CSP -description: AppLocker CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 32FEA2C9-3CAD-40C9-8E4F-E3C69637580F -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: AppLocker CSP -description: AppLocker CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 32FEA2C9-3CAD-40C9-8E4F-E3C69637580F -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: AppLocker CSP -description: AppLocker CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 32FEA2C9-3CAD-40C9-8E4F-E3C69637580F -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: AppLocker CSP -description: AppLocker CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 32FEA2C9-3CAD-40C9-8E4F-E3C69637580F -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: AppLocker CSP -description: AppLocker CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 32FEA2C9-3CAD-40C9-8E4F-E3C69637580F -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: AppLocker CSP -description: AppLocker CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 32FEA2C9-3CAD-40C9-8E4F-E3C69637580F -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: AppLocker CSP -description: AppLocker CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 32FEA2C9-3CAD-40C9-8E4F-E3C69637580F -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: AppLocker CSP -description: AppLocker CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 32FEA2C9-3CAD-40C9-8E4F-E3C69637580F -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: AppLocker CSP -description: AppLocker CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 32FEA2C9-3CAD-40C9-8E4F-E3C69637580F -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: AppLocker CSP -description: AppLocker CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 32FEA2C9-3CAD-40C9-8E4F-E3C69637580F -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: AppLocker CSP -description: AppLocker CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 32FEA2C9-3CAD-40C9-8E4F-E3C69637580F -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: AppLocker CSP -description: AppLocker CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 32FEA2C9-3CAD-40C9-8E4F-E3C69637580F -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- --|--- -title: AppLocker CSP -description: AppLocker CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 32FEA2C9-3CAD-40C9-8E4F-E3C69637580F -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: AppLocker CSP -description: AppLocker CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 32FEA2C9-3CAD-40C9-8E4F-E3C69637580F -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: AppLocker CSP -description: AppLocker CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 32FEA2C9-3CAD-40C9-8E4F-E3C69637580F -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: AppLocker CSP -description: AppLocker CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 32FEA2C9-3CAD-40C9-8E4F-E3C69637580F -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: AppLocker CSP -description: AppLocker CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 32FEA2C9-3CAD-40C9-8E4F-E3C69637580F -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: AppLocker CSP -description: AppLocker CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 32FEA2C9-3CAD-40C9-8E4F-E3C69637580F -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---| +|------------------------------------|-------------------------------------------------------------------------|--------------------------------------| | Work or school account | Microsoft.AAD.BrokerPlugin | e5f8b2c4-75ae-45ee-9be8-212e34f77747 | | Email and accounts | Microsoft.AccountsControl | 39cf127b-8c67-c149-539a-c02271d07060 | | SettingsPageKeyboard | 5b04b775-356b-4aa0-aaf8-6491ffea5608\_1.1.0.0\_neutral\_\_cw8ffb7c56vgc | 5b04b775-356b-4aa0-aaf8-6491ffea5608 | diff --git a/windows/client-management/mdm/applocker-ddf-file.md b/windows/client-management/mdm/applocker-ddf-file.md index 7781f3eb37..e332216b02 100644 --- a/windows/client-management/mdm/applocker-ddf-file.md +++ b/windows/client-management/mdm/applocker-ddf-file.md @@ -1,19 +1,14 @@ --- title: AppLocker DDF file description: AppLocker DDF file -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 79E199E0-5454-413A-A57A-B536BDA22496 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # AppLocker DDF file diff --git a/windows/client-management/mdm/applocker-xsd.md b/windows/client-management/mdm/applocker-xsd.md index 939fbbfe39..1d578d006d 100644 --- a/windows/client-management/mdm/applocker-xsd.md +++ b/windows/client-management/mdm/applocker-xsd.md @@ -1,19 +1,14 @@ --- title: AppLocker XSD description: Here's the XSD for the AppLocker CSP. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 70CF48DD-AD7D-4BCF-854F-A41BFD95F876 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # AppLocker XSD diff --git a/windows/client-management/mdm/appv-deploy-and-config.md b/windows/client-management/mdm/appv-deploy-and-config.md index 244b995317..d7f18cf787 100644 --- a/windows/client-management/mdm/appv-deploy-and-config.md +++ b/windows/client-management/mdm/appv-deploy-and-config.md @@ -1,18 +1,13 @@ --- title: Deploy and configure App-V apps using MDM description: Deploy and configure App-V apps using MDM -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Deploy and configure App-V apps using MDM ## Executive summary diff --git a/windows/client-management/mdm/assign-seats.md b/windows/client-management/mdm/assign-seats.md index 2c84feb19c..b39d6d9cdf 100644 --- a/windows/client-management/mdm/assign-seats.md +++ b/windows/client-management/mdm/assign-seats.md @@ -1,19 +1,14 @@ --- title: Assign seat description: The Assign seat operation assigns seat for a specified user in the Windows Store for Business. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: B42BF490-35C9-405C-B5D6-0D9F0E377552 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Assign seat The **Assign seat** operation assigns seat for a specified user in the Windows Store for Business. diff --git a/windows/client-management/mdm/assignedaccess-csp.md b/windows/client-management/mdm/assignedaccess-csp.md index 4cf1d13eea..aad87ff0e5 100644 --- a/windows/client-management/mdm/assignedaccess-csp.md +++ b/windows/client-management/mdm/assignedaccess-csp.md @@ -1,19 +1,14 @@ --- title: AssignedAccess CSP description: The AssignedAccess configuration service provider (CSP) is used set the device to run in kiosk mode. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 421CC07D-6000-48D9-B6A3-C638AAF83984 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # AssignedAccess CSP diff --git a/windows/client-management/mdm/assignedaccess-ddf.md b/windows/client-management/mdm/assignedaccess-ddf.md index 04d5fceef3..4f2fae2306 100644 --- a/windows/client-management/mdm/assignedaccess-ddf.md +++ b/windows/client-management/mdm/assignedaccess-ddf.md @@ -1,19 +1,14 @@ --- title: AssignedAccess DDF description: AssignedAccess DDF -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 224FADDB-0EFD-4E5A-AE20-1BD4ABE24306 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # AssignedAccess DDF diff --git a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md index 9abecc4213..ebdb1d406e 100644 --- a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md +++ b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md @@ -1,19 +1,14 @@ --- title: Azure Active Directory integration with MDM description: Azure Active Directory is the world largest enterprise cloud identity management service. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: D03B0765-5B5F-4C7B-9E2B-18E747D504EE -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md index bc3d76dd25..308b678f24 100644 --- a/windows/client-management/mdm/bitlocker-csp.md +++ b/windows/client-management/mdm/bitlocker-csp.md @@ -1,18 +1,13 @@ --- title: BitLocker CSP description: BitLocker CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # BitLocker CSP The BitLocker configuration service provider (CSP) is used by the enterprise to manage encryption of PCs and devices. This CSP was added in Windows 10, version 1703. @@ -676,7 +671,7 @@ The following example is provided to show proper format and should not be taken 110 - ./Device/Vendor/MSFT/BitLocker/DisableWarningForOtherDiskEncryption + ./Device/Vendor/MSFT/BitLocker/AllowWarningForOtherDiskEncryption int diff --git a/windows/client-management/mdm/bitlocker-ddf-file.md b/windows/client-management/mdm/bitlocker-ddf-file.md index 5e03820995..2b0491ab35 100644 --- a/windows/client-management/mdm/bitlocker-ddf-file.md +++ b/windows/client-management/mdm/bitlocker-ddf-file.md @@ -1,18 +1,13 @@ --- title: BitLocker DDF file description: BitLocker DDF file -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # BitLocker DDF file This topic shows the OMA DM device description framework (DDF) for the **BitLocker** configuration service provider. diff --git a/windows/client-management/mdm/bootstrap-csp.md b/windows/client-management/mdm/bootstrap-csp.md index 0e2b11ce78..86259803e4 100644 --- a/windows/client-management/mdm/bootstrap-csp.md +++ b/windows/client-management/mdm/bootstrap-csp.md @@ -1,19 +1,14 @@ --- title: BOOTSTRAP CSP description: BOOTSTRAP CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: b8acbddc-347f-4543-a45b-ad2ffae3ffd0 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # BOOTSTRAP CSP diff --git a/windows/client-management/mdm/browserfavorite-csp.md b/windows/client-management/mdm/browserfavorite-csp.md index 05053a182c..e762d03a4f 100644 --- a/windows/client-management/mdm/browserfavorite-csp.md +++ b/windows/client-management/mdm/browserfavorite-csp.md @@ -1,19 +1,14 @@ --- title: BrowserFavorite CSP description: BrowserFavorite CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 5d2351ff-2d6a-4273-9b09-224623723cbf -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # BrowserFavorite CSP @@ -34,35 +29,7 @@ The following diagram shows the BrowserFavorite configuration service provider i ![browserfavorite csp (cp)](images/provisioning-csp-browserfavorite-cp.png) -***favorite name*** +***favorite name*** Required. Specifies the user-friendly name of the favorite URL that is displayed in the Favorites list of Internet Explorer. > **Note**  The *favorite name* should contain only characters that are valid in the Windows file system. The invalid characters are: \\ / : \* ? " < > | diff --git a/windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md b/windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md index c427039252..3d370d247f 100644 --- a/windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md +++ b/windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md @@ -1,19 +1,14 @@ --- title: Bulk assign and reclaim seats from users description: The Bulk assign and reclaim seats from users operation returns reclaimed or assigned seats in the Windows Store for Business. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 99E2F37D-1FF3-4511-8969-19571656780A -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Bulk assign and reclaim seats from users The **Bulk assign and reclaim seats from users** operation returns reclaimed or assigned seats in the Windows Store for Business. diff --git a/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md b/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md index 00f1f33788..dca0fac617 100644 --- a/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md +++ b/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md @@ -4,20 +4,15 @@ description: Bulk enrollment is an efficient way to set up a large number of dev MS-HAID: - 'p\_phdevicemgmt.bulk\_enrollment' - 'p\_phDeviceMgmt.bulk\_enrollment\_using\_Windows\_provisioning\_tool' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: DEB98FF3-CC5C-47A1-9277-9EF939716C87 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Bulk enrollment Bulk enrollment is an efficient way to set up a large number of devices to be managed by an MDM server without the need to re-image the devices. In Windows 10 desktop and mobile devices, you can use the [Provisioning CSP](provisioning-csp.md) for bulk enrollment, except for the Azure Active Directory Join (Cloud Domain Join) enrollment scenario. diff --git a/windows/client-management/mdm/cellularsettings-csp.md b/windows/client-management/mdm/cellularsettings-csp.md index ff5072351a..2eb3f56669 100644 --- a/windows/client-management/mdm/cellularsettings-csp.md +++ b/windows/client-management/mdm/cellularsettings-csp.md @@ -1,19 +1,14 @@ --- title: CellularSettings CSP description: CellularSettings CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: ce8b6f16-37ca-4aaf-98b0-306d12e326df -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # CellularSettings CSP The CellularSettings configuration service provider is used to configure cellular settings on a mobile device. diff --git a/windows/client-management/mdm/certificate-authentication-device-enrollment.md b/windows/client-management/mdm/certificate-authentication-device-enrollment.md index b489b37570..06d6f265b6 100644 --- a/windows/client-management/mdm/certificate-authentication-device-enrollment.md +++ b/windows/client-management/mdm/certificate-authentication-device-enrollment.md @@ -1,19 +1,14 @@ --- title: Certificate authentication device enrollment description: This section provides an example of the mobile device enrollment protocol using certificate authentication policy. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 57DB3C9E-E4C9-4275-AAB5-01315F9D3910 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Certificate authentication device enrollment diff --git a/windows/client-management/mdm/certificate-renewal-windows-mdm.md b/windows/client-management/mdm/certificate-renewal-windows-mdm.md index 6d0c05c4e3..03875bfea6 100644 --- a/windows/client-management/mdm/certificate-renewal-windows-mdm.md +++ b/windows/client-management/mdm/certificate-renewal-windows-mdm.md @@ -4,19 +4,14 @@ description: The enrolled client certificate expires after a period of use. MS-HAID: - 'p\_phdevicemgmt.certificate\_renewal' - 'p\_phDeviceMgmt.certificate\_renewal\_windows\_mdm' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: F910C50C-FF67-40B0-AAB0-CA7CE02A9619 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Certificate Renewal diff --git a/windows/client-management/mdm/certificatestore-csp.md b/windows/client-management/mdm/certificatestore-csp.md index 5bf532427c..20bda706fb 100644 --- a/windows/client-management/mdm/certificatestore-csp.md +++ b/windows/client-management/mdm/certificatestore-csp.md @@ -1,19 +1,14 @@ --- title: CertificateStore CSP description: CertificateStore CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 0fe28629-3cc3-42a0-91b3-3624c8462fd3 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # CertificateStore CSP diff --git a/windows/client-management/mdm/certificatestore-ddf-file.md b/windows/client-management/mdm/certificatestore-ddf-file.md index d3895bcae0..dce1073030 100644 --- a/windows/client-management/mdm/certificatestore-ddf-file.md +++ b/windows/client-management/mdm/certificatestore-ddf-file.md @@ -1,19 +1,14 @@ --- title: CertificateStore DDF file description: This topic shows the OMA DM device description framework (DDF) for the CertificateStore configuration service provider. DDF files are used only with OMA DM provisioning XML. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: D9A12D4E-3122-45C3-AD12-CC4FFAEC08B8 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # CertificateStore DDF file diff --git a/windows/client-management/mdm/cleanpc-csp.md b/windows/client-management/mdm/cleanpc-csp.md index 6955777c97..4f2d5cc211 100644 --- a/windows/client-management/mdm/cleanpc-csp.md +++ b/windows/client-management/mdm/cleanpc-csp.md @@ -1,18 +1,13 @@ --- title: CleanPC CSP description: The CleanPC configuration service provider (CSP) allows removal of user-installed and pre-installed applications, with the option to persist user data. This CSP was added in Windows 10, version 1703. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # CleanPC CSP The CleanPC configuration service provider (CSP) allows removal of user-installed and pre-installed applications, with the option to persist user data. This CSP was added in Windows 10, version 1703. diff --git a/windows/client-management/mdm/cleanpc-ddf.md b/windows/client-management/mdm/cleanpc-ddf.md index e72d8d98b5..cfbd44cc65 100644 --- a/windows/client-management/mdm/cleanpc-ddf.md +++ b/windows/client-management/mdm/cleanpc-ddf.md @@ -1,19 +1,14 @@ --- title: CleanPC DDF description: This topic shows the OMA DM device description framework (DDF) for the CleanPC configuration service provider. DDF files are used only with OMA DM provisioning XML. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: A2182898-1577-4675-BAE5-2A3A9C2AAC9B -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # CleanPC DDF This topic shows the OMA DM device description framework (DDF) for the **CleanPC** configuration service provider. DDF files are used only with OMA DM provisioning XML. diff --git a/windows/client-management/mdm/clientcertificateinstall-csp.md b/windows/client-management/mdm/clientcertificateinstall-csp.md index cc971079c8..6391e50c7d 100644 --- a/windows/client-management/mdm/clientcertificateinstall-csp.md +++ b/windows/client-management/mdm/clientcertificateinstall-csp.md @@ -1,19 +1,14 @@ --- title: ClientCertificateInstall CSP description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # ClientCertificateInstall CSP @@ -59,1001 +54,294 @@ The following image shows the ClientCertificateInstall configuration service pro

    The data type is an integer corresponding to one of the following values: | Value | Description | -|--- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- --|--- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- -| +|-------|---------------------------------------------------------------------------------------------------------------| +| 1 | Install to TPM if present, fail if not present. | +| 2 | Install to TPM if present. If not present, fallback to software. | +| 3 | Install to software. | +| 4 | Install to Windows Hello for Business (formerly known as Microsoft Passport for Work) whose name is specified | + + +**ClientCertificateInstall/PFXCertInstall/*UniqueID*/ContainerName** +

    ptional. Specifies the Windows Hello for Business (formerly known as Microsoft Passport for Work) container name (if Windows Hello for Business storage provider (KSP) is chosen for the KeyLocation). If this node is not specified when Windows Hello for Business KSP is chosen, enrollment will fail. + +

    Date type is string. + +

    Supported operations are Get, Add, and Replace. + +**ClientCertificateInstall/PFXCertInstall/*UniqueID*/PFXCertBlob** +

    CRYPT\_DATA\_BLOB structure that contains a PFX packet with the exported and encrypted certificates and keys. The Add operation triggers the addition to the PFX certificate. This requires that all the other nodes under UniqueID that are parameters for PFX installation (Container Name, KeyLocation, CertPassword, KeyExportable) are present before this is called. This also sets the Status node to the current Status of the operation. + +

    The data type format is binary. + +

    Supported operations are Get, Add, and Replace. + +

    If a blob already exists, the Add operation will fail. If Replace is called on this node, the existing certificates are overwritten. + +

    If Add is called on this node for a new PFX, the certificate will be added. When a certificate does not exist, Replace operation on this node will fail. + +

    In other words, using Replace or Add will result in the effect of either overwriting the old certificate or adding a new certificate CRYPT\_DATA\_BLOB, which can be found in [CRYPT\_INTEGER\_BLOB](http://go.microsoft.com/fwlink/p/?LinkId=523871). + +**ClientCertificateInstall/PFXCertInstall/*UniqueID*/PFXCertPassword** +

    Password that protects the PFX blob. This is required if the PFX is password protected. + +

    Data Type is a string. + +

    Supported operations are Get, Add, and Replace. + +**ClientCertificateInstall/PFXCertInstall/*UniqueID*/PFXCertPasswordEncryptionType** +

    Optional. Used to specify whtether the PFX certificate password is encrypted with the MDM certificate by the MDM sever. + +

    The data type is int. Valid values: + +- 0 - Password is not encrypted. +- 1 - Password is encrypted with the MDM certificate. +- 2 - Password is encrypted with custom certificate. + +

    When PFXCertPasswordEncryptionType =2, you must specify the store name in PFXCertPasswordEncryptionStore setting. + +

    Supported operations are Get, Add, and Replace. + +**ClientCertificateInstall/PFXCertInstall/*UniqueID*/PFXKeyExportable** +

    Optional. Used to specify if the private key installed is exportable (and can be exported later). The PFX is not exportable when it is installed to TPM. + +> **Note**  You can only set PFXKeyExportable to true if KeyLocation=3. For any other KeyLocation value, the CSP will fail. + +  +

    The data type bool. + +

    Supported operations are Get, Add, and Replace. + +**ClientCertificateInstall/PFXCertInstall/*UniqueID*/Thumbprint** +

    Returns the thumbprint of the installed PFX certificate. + +

    The datatype is a string. + +

    Supported operation is Get. + +**ClientCertificateInstall/PFXCertInstall/*UniqueID*/Status** +

    Required. Returns the error code of the PFX installation from the GetLastError command called after the PfxImportCertStore. + +

    Data type is an integer. + +

    Supported operation is Get. + +**ClientCertificateInstall/PFXCertInstall/*UniqueID*/PFXCertPasswordEncryptionStore** +

    Added in Windows 10, version 1511. When PFXCertPasswordEncryptionType = 2, it specifies the store name of the certificate used for decrypting the PFXCertPassword. + +

    Data type is string. + +

    Supported operations are Add, Get, and Replace. + +**ClientCertificateInstall/SCEP** +

    Node for SCEP. + +> **Note**  An alert is sent after the SCEP certificate is installed. + +  +**ClientCertificateInstall/SCEP/****_UniqueID_** +

    A unique ID to differentiate different certificate installation requests. + +

    Supported operations are Get, Add, Replace, and Delete. + +**ClientCertificateInstall/SCEP/*UniqueID*/Install** +

    A node required for SCEP certificate enrollment. Parent node to group SCEP cert installation related requests. + +

    Supported operations are Get, Add, Replace, and Delete. + +> **Note**  Although the child nodes under Install support Replace commands, once the Exec command is sent to the device, the device will take the values that are set when the Exec command is accepted. The server should not expect the node value change after Exec command is accepted, as it will impact the current enrollment underway. The server should check the Status node value and make sure the device is not at an unknown state before changing child node values. + +  +**ClientCertificateInstall/SCEP/*UniqueID*/Install/ServerURL** +

    Required for SCEP certificate enrollment. Specifies the certificate enrollment server. Multiple server URLs can be listed, separated by semicolons. + +

    Data type is string. + +

    Supported operations are Get, Add, and Replace. + +**ClientCertificateInstall/SCEP/*UniqueID*/Install/Challenge** +

    Required for SCEP certificate enrollment. B64 encoded SCEP enrollment challenge. Challenge is deleted shortly after the Exec command is accepted. + +

    Data type is string. + +

    Supported operations are Add, Get, and Replace. + +**ClientCertificateInstall/SCEP/*UniqueID*/Install/EKUMapping** +

    Required. Specifies extended key usages. Subject to SCEP server configuration. The list of OIDs are separated by a plus **+**. For example, *OID1*+*OID2*+*OID3*. + +Data type is string. +

    Required for enrollment. Specifies the key usage bits (0x80, 0x20, 0xA0, etc.) for the certificate in decimal format. The value should at least have the second (0x20), fourth (0x80) or both bits set. If the value doesn’t have those bits set, the configuration will fail. + +

    Data type is int. + +

    Supported operations are Add, Get, and Replace. + +**ClientCertificateInstall/SCEP/*UniqueID*/Install/SubjectName** +

    Required. Specifies the subject name. + +

    Data type is string. + +

    Supported operations are Add, Get, and Replace. + +**ClientCertificateInstall/SCEP/*UniqueID*/Install/KeyProtection** +

    Optional. Specifies where to keep the private key. + +> **Note**  Even if the private key is protected by TPM, it is not protected with a TPM PIN. + +  +

    The data type is an integer corresponding to one of the following values: + +| Value | Description | +|-------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| 1 | Private key protected by TPM. | +| 2 | Private key protected by phone TPM if the device supports TPM. All Windows Phone 8.1 devices support TPM and will treat value 2 as 1. | +| 3 | (Default) Private key saved in software KSP. | +| 4 | Private key protected by Windows Hello for Business (formerly known as Microsoft Passport for Work). If this option is specified, the ContainerName must be specifed, otherwise enrollment will fail. | + +  +

    Supported operations are Add, Get, and Replace. + +**ClientCertificateInstall/SCEP/*UniqueID*/Install/RetryDelay** +

    Optional. When the SCEP server sends a pending status, this value specifies the device retry waiting time in minutes. + +

    Data type format is an integer. + +

    The default value is 5. + +

    The minimum value is 1. + +

    Supported operations are Add, Get, and Replace. + +**ClientCertificateInstall/SCEP/*UniqueID*/Install/RetryCount** +

    Optional. Unique to SCEP. Specifies the device retry times when the SCEP server sends a pending status. + +

    Data type is integer. + +

    Default value is 3. + +

    Maximum value is 30. If the value is larger than 30, the device will use 30. + +

    Minimum value is 0, which indicates no retry. + +

    Supported operations are Add, Get, and Replace. + +**ClientCertificateInstall/SCEP/*UniqueID*/Install/TemplateName** +

    Optional. OID of certificate template name. + +> **Note**  This name is typically ignored by the SCEP server; therefore the MDM server typically doesn’t need to provide it. + +  +

    Data type is string. + +

    Supported operations are Add, Get, and Replace. + +**ClientCertificateInstall/SCEP/*UniqueID*/Install/KeyLength** +

    Required for enrollment. Specify private key length (RSA). + +

    Data type is integer. + +

    Valid values are 1024, 2048, and 4096. + +

    For Windows Hello for Business (formerly known as Microsoft Passport for Work) , only 2048 is the supported key length. + +

    Supported operations are Add, Get, and Replace. + +**ClientCertificateInstall/SCEP/*UniqueID*/Install/HashAlgorithm** +

    Required. Hash algorithm family (SHA-1, SHA-2, SHA-3) specified by MDM server. If multiple hash algorithm families are specified, they must be separated with **+**. + +

    For Windows Hello for Business, only SHA256 is the supported algorithm. + +

    Data type is string. + +

    Supported operations are Add, Get, and Replace. + +**ClientCertificateInstall/SCEP/*UniqueID*/Install/CAThumbprint** +

    Required. Specifies Root CA thumbprint. This is a 20-byte value of the SHA1 certificate hash specified as a hexadecimal string value. When client authenticates the SCEP server, it checks the CA certificate from the SCEP server to verify a match with this certificate. If it is not a match, the authentication will fail. + +

    Data type is string. + +

    Supported operations are Add, Get, and Replace. + +**ClientCertificateInstall/SCEP/*UniqueID*/Install/SubjectAlternativeNames** +

    Optional. Specifies subject alternative names (SAN). Multiple alternative names can be specified by this node. Each name is the combination of name format+actual name. Refer to the name type definitions in MSDN for more information. + +

    Each pair is separated by semicolon. For example, multiple SANs are presented in the format of *\[name format1\]*+*\[actual name1\]*;*\[name format 2\]*+*\[actual name2\]*. + +

    Data type is string. + +

    Supported operations are Add, Get, and Replace. + +**ClientCertificateInstall/SCEP/*UniqueID*/Install/ValidPeriod** +

    Optional. Specifies the units for the valid certificate period. + +

    Data type is string. + +

    Valid values are: + +- Days (Default) +- Months +- Years + +> **Note**  The device only sends the MDM server expected certificate validation period (ValidPeriodUnits + ValidPeriod) to the SCEP server as part of certificate enrollment request. Depending on the server configuration, the server defines how to use this valid period to create the certificate. + +  +

    Supported operations are Add, Get, and Replace. + +**ClientCertificateInstall/SCEP/*UniqueID*/Install/ValidPeriodUnits** +

    Optional. Specifies the desired number of units used in the validity period. This is subject to SCEP server configuration. Default value is 0. The unit type (days, months, or years) are defined in the ValidPeriod node. Note the valid period specified by MDM will overwrite the valid period specified in the certificate template. For example, if ValidPeriod is Days and ValidPeriodUnits is 30, it means the total valid duration is 30 days. + +

    Data type is string. + +>**Note**  The device only sends the MDM server expected certificate validation period (ValidPeriodUnits + ValidPeriod) to the SCEP server as part of certificate enrollment request. Depending on the server configuration, the server defines how to use this valid period to create the certificate. + +  +

    Supported operations are Add, Get, and Replace. + +**ClientCertificateInstall/SCEP/*UniqueID*/Install/ContainerName** +

    Optional. Specifies the Windows Hello for Business container name (if Windows Hello for Business KSP is chosen for the node). If this node is not specified when Windows Hello for Business KSP is chosen, the enrollment will fail. + +

    Data type is string. + +

    Supported operations are Add, Get, and Replace. + +**ClientCertificateInstall/SCEP/*UniqueID*/Install/CustomTextToShowInPrompt** +

    Optional. Specifies the custom text to show on the Windows Hello for Business PIN prompt during certificate enrollment. The admin can choose to provide more contextual information in this field for why the user needs to enter the PIN and what the certificate will be used for. + +

    Data type is string. + +

    Supported operations are Add, Get, and Replace. + +**ClientCertificateInstall/SCEP/*UniqueID*/Install/Enroll** +

    Required. Triggers the device to start the certificate enrollment. The device will not notify MDM server after certificate enrollment is done. The MDM server could later query the device to find out whether new certificate is added. + +

    The date type format is Null, meaning this node doesn’t contain a value. + +

    The only supported operation is Execute. + +**ClientCertificateInstall/SCEP/*UniqueID*/Install/AADKeyIdentifierList** +

    Optional. Specify the AAD Key Identifier List as a list of semicolon separated values. On Enroll, the values in this list are validated against the AAD Key present on the device. If no match is found, enrollment will fail. + +

    Data type is string. + +

    Supported operations are Add, Get, Delete, and Replace. + +**ClientCertificateInstall/SCEP/*UniqueID*/CertThumbprint** +

    Optional. Specifies the current certificate’s thumbprint if certificate enrollment succeeds. It is a 20-byte value of the SHA1 certificate hash specified as a hexadecimal string value. + +

    If the certificate on the device becomes invalid (Cert expired, Cert chain is not valid, private key deleted) then it will return an empty string. + +

    Data type is string. + +

    The only supported operation is Get. + +**ClientCertificateInstall/SCEP/*UniqueID*/Status** +

    Required. Specifies latest status of the certificated during the enrollment request. + +

    Data type is string. Valid values: + +

    The only supported operation is Get. + +| Value | Description | +|-------|---------------------------------------------------------------------------------------------------| | 1 | Finished successfully | | 2 | Pending (the device hasn’t finished the action but has received the SCEP server pending response) | | 16 | Action failed | diff --git a/windows/client-management/mdm/clientcertificateinstall-ddf-file.md b/windows/client-management/mdm/clientcertificateinstall-ddf-file.md index 485cc1cb24..d94173af03 100644 --- a/windows/client-management/mdm/clientcertificateinstall-ddf-file.md +++ b/windows/client-management/mdm/clientcertificateinstall-ddf-file.md @@ -1,19 +1,14 @@ --- title: ClientCertificateInstall DDF file description: ClientCertificateInstall DDF file -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 7F65D045-A750-4CDE-A1CE-7D152AA060CA -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # ClientCertificateInstall DDF file diff --git a/windows/client-management/mdm/cm-cellularentries-csp.md b/windows/client-management/mdm/cm-cellularentries-csp.md index d299078b0f..94a6e27f51 100644 --- a/windows/client-management/mdm/cm-cellularentries-csp.md +++ b/windows/client-management/mdm/cm-cellularentries-csp.md @@ -1,19 +1,14 @@ --- title: CM\_CellularEntries CSP description: CM\_CellularEntries CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: f8dac9ef-b709-4b76-b6f5-34c2e6a3c847 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # CM\_CellularEntries CSP The CM\_CellularEntries configuration service provider is used to configure the General Packet Radio Service (GPRS) entries on the device. It defines each GSM data access point. diff --git a/windows/client-management/mdm/cm-proxyentries-csp.md b/windows/client-management/mdm/cm-proxyentries-csp.md index 1d563cacbf..693b4feb34 100644 --- a/windows/client-management/mdm/cm-proxyentries-csp.md +++ b/windows/client-management/mdm/cm-proxyentries-csp.md @@ -1,19 +1,14 @@ --- title: CM\_ProxyEntries CSP description: CM\_ProxyEntries CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: f4c3dc71-c85a-4c68-9ce9-19f408ff7a0a -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # CM\_ProxyEntries CSP diff --git a/windows/client-management/mdm/cmpolicy-csp.md b/windows/client-management/mdm/cmpolicy-csp.md index f54f8561f3..e83953965b 100644 --- a/windows/client-management/mdm/cmpolicy-csp.md +++ b/windows/client-management/mdm/cmpolicy-csp.md @@ -1,19 +1,14 @@ --- title: CMPolicy CSP description: CMPolicy CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 62623915-9747-4eb1-8027-449827b85e6b -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # CMPolicy CSP diff --git a/windows/client-management/mdm/cmpolicyenterprise-csp.md b/windows/client-management/mdm/cmpolicyenterprise-csp.md index e795eede23..a3c9b663bf 100644 --- a/windows/client-management/mdm/cmpolicyenterprise-csp.md +++ b/windows/client-management/mdm/cmpolicyenterprise-csp.md @@ -1,19 +1,14 @@ --- title: CMPolicyEnterprise CSP description: CMPolicyEnterprise CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: A0BE3458-ABED-4F80-B467-F842157B94BF -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # CMPolicyEnterprise CSP diff --git a/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md b/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md index ad655720b7..6305ea17c3 100644 --- a/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md +++ b/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md @@ -1,19 +1,14 @@ --- title: CMPolicyEnterprise DDF file description: CMPolicyEnterprise DDF file -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 065EF07A-0CF3-4EE5-B620-3464A75B7EED -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # CMPolicyEnterprise DDF file diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md index 661aa382de..a6d30377d2 100644 --- a/windows/client-management/mdm/configuration-service-provider-reference.md +++ b/windows/client-management/mdm/configuration-service-provider-reference.md @@ -1,24 +1,28 @@ --- title: Configuration service provider reference description: A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 71823658-951f-4163-9c40-c4d4adceaaec -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Configuration service provider reference +> [!WARNING] +> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. + A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. These settings map to registry keys or files. Some configuration service providers support the WAP format, some support SyncML, and some support both. SyncML is only used over–the–air for Open Mobile Alliance Device Management (OMA DM), whereas WAP can be used over–the–air for OMA Client Provisioning, or it can be included in the phone image as a .provxml file that is installed during boot. -For information about the bridge WMI provider classes that map to these CSPs, see [MDM Bridge WMI Provider](https://msdn.microsoft.com/library/windows/hardware/dn905224). See the [list of CSPs supported in Windows Holographic](#hololens) and the [list of CSPs supported in Microsoft Surface Hub ](#surfacehubcspsupport) for additional information. +For information about the bridge WMI provider classes that map to these CSPs, see [MDM Bridge WMI Provider](https://msdn.microsoft.com/library/windows/hardware/dn905224). + +Additional lists: +- [List of CSPs supported in Windows Holographic](#hololens) +- [List of CSPs supported in Microsoft Surface Hub ](#surfacehubcspsupport) +- [List of CSPs supported in Windows 10 IoT Core](#iotcoresupport) +- [List of CSPs supported in Windows 10 S](#windows10s) The following tables show the configuration service providers support in Windows 10. @@ -1147,6 +1151,34 @@ The following tables show the configuration service providers support in Windows + +[Firewall CSP](firewall-csp.md) + + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobile Enterprise
    cross markcheck mark3check mark3check mark3check mark3cross markcross mark
    + + + + [HealthAttestation CSP](healthattestation-csp.md) @@ -2015,6 +2047,34 @@ The following tables show the configuration service providers support in Windows + +[TPMPolicy CSP](tpmpolicy-csp.md) + + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobile Enterprise
    cross markcheck markcheck markcheck markcheck markcheck markcheck mark
    + + + + [UnifiedWriteFilter CSP](unifiedwritefilter-csp.md) @@ -2329,7 +2389,8 @@ The following tables show the configuration service providers support in Windows  Footnotes: - 1 - Added in Windows 10, version 1607 -- 2 - Added in Windows 10, version 1703 +- 2 - Added in Windows 10, version 1703 +- 3 - Added in the next major update to Windows 10 > [!Note] > You can download the Windows 10 version 1607 DDF files from [here](http://download.microsoft.com/download/2/3/E/23E27D6B-6E23-4833-B143-915EDA3BDD44/Windows10_1607_DDF.zip). @@ -2341,427 +2402,7 @@ The following tables show the configuration service providers support in Windows The following list shows the configuration service providers supported in Windows Holographic editions. | Configuration service provider | Windows Holographic edition | Windows Holographic for Business edition | -|--- -title: Configuration service provider reference -description: A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 71823658-951f-4163-9c40-c4d4adceaaec -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: Configuration service provider reference -description: A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 71823658-951f-4163-9c40-c4d4adceaaec -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: Configuration service provider reference -description: A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 71823658-951f-4163-9c40-c4d4adceaaec -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: Configuration service provider reference -description: A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 71823658-951f-4163-9c40-c4d4adceaaec -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: Configuration service provider reference -description: A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 71823658-951f-4163-9c40-c4d4adceaaec -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: Configuration service provider reference -description: A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 71823658-951f-4163-9c40-c4d4adceaaec -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: Configuration service provider reference -description: A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 71823658-951f-4163-9c40-c4d4adceaaec -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: Configuration service provider reference -description: A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 71823658-951f-4163-9c40-c4d4adceaaec -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: Configuration service provider reference -description: A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 71823658-951f-4163-9c40-c4d4adceaaec -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: Configuration service provider reference -description: A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 71823658-951f-4163-9c40-c4d4adceaaec -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: Configuration service provider reference -description: A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 71823658-951f-4163-9c40-c4d4adceaaec -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: Configuration service provider reference -description: A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 71823658-951f-4163-9c40-c4d4adceaaec -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: Configuration service provider reference -description: A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 71823658-951f-4163-9c40-c4d4adceaaec -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: Configuration service provider reference -description: A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 71823658-951f-4163-9c40-c4d4adceaaec -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: Configuration service provider reference -description: A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 71823658-951f-4163-9c40-c4d4adceaaec -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: Configuration service provider reference -description: A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 71823658-951f-4163-9c40-c4d4adceaaec -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: Configuration service provider reference -description: A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 71823658-951f-4163-9c40-c4d4adceaaec -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- --|--- -title: Configuration service provider reference -description: A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 71823658-951f-4163-9c40-c4d4adceaaec -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: Configuration service provider reference -description: A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 71823658-951f-4163-9c40-c4d4adceaaec -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: Configuration service provider reference -description: A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 71823658-951f-4163-9c40-c4d4adceaaec -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: Configuration service provider reference -description: A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 71823658-951f-4163-9c40-c4d4adceaaec -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: Configuration service provider reference -description: A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 71823658-951f-4163-9c40-c4d4adceaaec -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: Configuration service provider reference -description: A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 71823658-951f-4163-9c40-c4d4adceaaec -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- --|--- -title: Configuration service provider reference -description: A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 71823658-951f-4163-9c40-c4d4adceaaec -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: Configuration service provider reference -description: A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 71823658-951f-4163-9c40-c4d4adceaaec -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: Configuration service provider reference -description: A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 71823658-951f-4163-9c40-c4d4adceaaec -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: Configuration service provider reference -description: A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 71823658-951f-4163-9c40-c4d4adceaaec -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: Configuration service provider reference -description: A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 71823658-951f-4163-9c40-c4d4adceaaec -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: Configuration service provider reference -description: A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 71823658-951f-4163-9c40-c4d4adceaaec -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: Configuration service provider reference -description: A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 71823658-951f-4163-9c40-c4d4adceaaec -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- --| +|-------------------------------------------------------------------------------------------------------|-------------------------------------|-------------------------------------------| | [Application CSP](application-csp.md) | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png) | | [AppLocker CSP](applocker-csp.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) | | [CertificateStore CSP](certificatestore-csp.md) | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png) | @@ -2851,4 +2492,55 @@ Footnotes: - [RootCATrustedCertificates CSP](rootcacertificates-csp.md) - [Update CSP](update-csp.md) - [VPNv2 CSP](vpnv2-csp.md) -- [WiFi CSP](wifi-csp.md) \ No newline at end of file +- [WiFi CSP](wifi-csp.md) + +## CSPs supported in Windows 10 S + +The CSPs supported in Windows 10 S is the same as in Windows 10 Pro except that Office CSP and EnterpriseDesktop CSP are not available in Windows 10 S. Here is the list: + +- [ActiveSync CSP](activesync-csp.md) +- [APPLICATION CSP](application-csp.md) +- [AppLocker CSP](applocker-csp.md) +- [BOOTSTRAP CSP](bootstrap-csp.md) +- [CellularSettings CSP](cellularsettings-csp.md) +- [CertificateStore CSP](certificatestore-csp.md) +- [ClientCertificateInstall CSP](clientcertificateinstall-csp.md) +- [CM_CellularEntries CSP](cm-cellularentries-csp.md) +- [Defender CSP](defender-csp.md) +- [DevDetail CSP](devdetail-csp.md) +- [DeviceManageability CSP](devicemanageability-csp.md) +- [DeviceStatus CSP](devicestatus-csp.md) +- [DevInfo CSP](devinfo-csp.md) +- [DiagnosticLog CSP](diagnosticlog-csp.md) +- [DMAcc CSP](dmacc-csp.md) +- [DMClient CSP](dmclient-csp.md) +- [EMAIL2 CSP](email2-csp.md) +- [EnterpriseAPN CSP](enterpriseapn-csp.md) +- [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md) +- [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md) +- [HealthAttestation CSP](healthattestation-csp.md) +- [NAP CSP](nap-csp.md) +- [NAPDEF CSP](napdef-csp.md) +- [NetworkProxy CSP](networkproxy-csp.md) +- [NodeCache CSP](nodecache-csp.md) +- [PassportForWork CSP](passportforwork-csp.md) +- [Policy CSP](policy-configuration-service-provider.md) +- [Provisioning CSP](provisioning-csp.md) +- [PROXY CSP](proxy-csp.md) +- [PXLOGICAL CSP](pxlogical-csp.md) +- [Reboot CSP](reboot-csp.md) +- [RemoteFind CSP](remotefind-csp.md) +- [RemoteWipe CSP](remotewipe-csp.md) +- [Reporting CSP](reporting-csp.md) +- [RootCATrustedCertificates CSP](rootcacertificates-csp.md) +- [SecureAssessment CSP](secureassessment-csp.md) +- [SecurityPolicy CSP](securitypolicy-csp.md) +- [SharedPC CSP](sharedpc-csp.md) +- [Storage CSP](storage-csp.md) +- [SUPL CSP](supl-csp.md) +- [Update CSP](update-csp.md) +- [VPNv2 CSP](vpnv2-csp.md) +- [WiFi CSP](wifi-csp.md) +- [Win32AppInventory CSP](win32appinventory-csp.md) +- [WindowsAdvancedThreatProtection CSP](windowsadvancedthreatprotection-csp.md) +- [WindowsLicensing CSP](windowslicensing-csp.md) diff --git a/windows/client-management/mdm/create-a-custom-configuration-service-provider.md b/windows/client-management/mdm/create-a-custom-configuration-service-provider.md index 60223280aa..1d424f8364 100644 --- a/windows/client-management/mdm/create-a-custom-configuration-service-provider.md +++ b/windows/client-management/mdm/create-a-custom-configuration-service-provider.md @@ -1,19 +1,14 @@ --- title: Create a custom configuration service provider description: Create a custom configuration service provider -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 0cb37f03-5bf2-4451-8276-23f4a1dee33f -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Create a custom configuration service provider Mobile device OEMs can create custom configuration service providers to manage their devices. A configuration service provider includes an interface for creating, editing, and deleting nodes, and the nodes themselves. Each node contains data for one registry value and can optionally support get, set, and delete operations. diff --git a/windows/client-management/mdm/customdeviceui-csp.md b/windows/client-management/mdm/customdeviceui-csp.md index f3b84990d7..955159f333 100644 --- a/windows/client-management/mdm/customdeviceui-csp.md +++ b/windows/client-management/mdm/customdeviceui-csp.md @@ -1,19 +1,14 @@ --- title: CustomDeviceUI CSP description: CustomDeviceUI CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 20ED1867-7B9E-4455-B397-53B8B15C95A3 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # CustomDeviceUI CSP The CustomDeviceUI configuration service provider allows OEMs to implement their custom foreground application, as well as the background tasks to run on an IoT device running IoT Core. Only one foreground application is supported per device. Multiple background tasks are supported. diff --git a/windows/client-management/mdm/customdeviceui-ddf.md b/windows/client-management/mdm/customdeviceui-ddf.md index a47de010ff..d44a97a49e 100644 --- a/windows/client-management/mdm/customdeviceui-ddf.md +++ b/windows/client-management/mdm/customdeviceui-ddf.md @@ -1,19 +1,14 @@ --- title: CustomDeviceUI DDF description: CustomDeviceUI DDF -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: E6D6B902-C57C-48A6-9654-CCBA3898455E -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # CustomDeviceUI DDF diff --git a/windows/client-management/mdm/data-structures-windows-store-for-business.md b/windows/client-management/mdm/data-structures-windows-store-for-business.md index 3fef0e074e..18b093df38 100644 --- a/windows/client-management/mdm/data-structures-windows-store-for-business.md +++ b/windows/client-management/mdm/data-structures-windows-store-for-business.md @@ -3,20 +3,15 @@ title: Data structures for Windows Store for Business MS-HAID: - 'p\_phdevicemgmt.business\_store\_data\_structures' - 'p\_phDeviceMgmt.data\_structures\_windows\_store\_for\_business' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: ABE44EC8-CBE5-4775-BA8A-4564CB73531B description: -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Data structures for Windows Store for Business diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md index ac54595ed9..71e91e480e 100644 --- a/windows/client-management/mdm/defender-csp.md +++ b/windows/client-management/mdm/defender-csp.md @@ -1,19 +1,14 @@ --- title: Defender CSP description: Defender CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 481AA74F-08B2-4A32-B95D-5A3FD05B335C -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Defender CSP @@ -70,77 +65,7 @@ The data type is a integer. The following table describes the supported values: | Value | Description | -|--- -title: Defender CSP -description: Defender CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 481AA74F-08B2-4A32-B95D-5A3FD05B335C -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- --|--- -title: Defender CSP -description: Defender CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 481AA74F-08B2-4A32-B95D-5A3FD05B335C -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: Defender CSP -description: Defender CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 481AA74F-08B2-4A32-B95D-5A3FD05B335C -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: Defender CSP -description: Defender CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 481AA74F-08B2-4A32-B95D-5A3FD05B335C -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: Defender CSP -description: Defender CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 481AA74F-08B2-4A32-B95D-5A3FD05B335C -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ------| +|-------|-----------------------------| | 0 | Invalid | | 1 | Adware | | 2 | Spyware | diff --git a/windows/client-management/mdm/defender-ddf.md b/windows/client-management/mdm/defender-ddf.md index 9c70f69058..f6856761c6 100644 --- a/windows/client-management/mdm/defender-ddf.md +++ b/windows/client-management/mdm/defender-ddf.md @@ -1,19 +1,14 @@ --- title: Defender DDF file description: Defender DDF file -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 39B9E6CF-4857-4199-B3C3-EC740A439F65 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Defender DDF file diff --git a/windows/client-management/mdm/design-a-custom-windows-csp.md b/windows/client-management/mdm/design-a-custom-windows-csp.md index 75b047e0e1..ed969ccbee 100644 --- a/windows/client-management/mdm/design-a-custom-windows-csp.md +++ b/windows/client-management/mdm/design-a-custom-windows-csp.md @@ -4,19 +4,14 @@ description: Design a custom configuration service provider MS-HAID: - 'p\_phDeviceMgmt.designing\_a\_custom\_configuration\_service\_provider' - 'p\_phDeviceMgmt.design\_a\_custom\_windows\_csp' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 0fff9516-a71a-4036-a57b-503ef1a81a37 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Design a custom configuration service provider To design a custom configuration service provider, the OEM must perform the following steps: diff --git a/windows/client-management/mdm/devdetail-csp.md b/windows/client-management/mdm/devdetail-csp.md index d49219959a..40ee770991 100644 --- a/windows/client-management/mdm/devdetail-csp.md +++ b/windows/client-management/mdm/devdetail-csp.md @@ -1,19 +1,14 @@ --- title: DevDetail CSP description: DevDetail CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 719bbd2d-508d-439b-b175-0874c7e6c360 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # DevDetail CSP The DevDetail configuration service provider handles the management object which provides device-specific parameters to the OMA DM server. These device parameters are not sent from the client to the server automatically, but can be queried by servers using OMA DM commands. diff --git a/windows/client-management/mdm/devdetail-ddf-file.md b/windows/client-management/mdm/devdetail-ddf-file.md index 92f254ee57..e7fbbcac7a 100644 --- a/windows/client-management/mdm/devdetail-ddf-file.md +++ b/windows/client-management/mdm/devdetail-ddf-file.md @@ -1,19 +1,14 @@ --- title: DevDetail DDF file description: DevDetail DDF file -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 645fc2b5-2d2c-43b1-9058-26bedbe9f00d -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # DevDetail DDF file This topic shows the OMA DM device description framework (DDF) for the **DevDetail** configuration service provider. DDF files are used only with OMA DM provisioning XML. diff --git a/windows/client-management/mdm/developersetup-csp.md b/windows/client-management/mdm/developersetup-csp.md index fa31f7b25c..1a00b5f67c 100644 --- a/windows/client-management/mdm/developersetup-csp.md +++ b/windows/client-management/mdm/developersetup-csp.md @@ -1,19 +1,14 @@ --- title: DeveloperSetup CSP description: The DeveloperSetup configuration service provider (CSP) is used to configure developer mode on the device. This CSP was added in the next major update of Windows 10. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # DeveloperSetup CSP The DeveloperSetup configuration service provider (CSP) is used to configure Developer Mode on the device and connect to the Windows Device Portal. For more information about the Windows Device Portal, see [Windows Device Portal overview](https://msdn.microsoft.com/en-us/windows/uwp/debug-test-perf/device-portal). This CSP was added in Windows 10, version 1703. diff --git a/windows/client-management/mdm/developersetup-ddf.md b/windows/client-management/mdm/developersetup-ddf.md index 449305d48f..b9a3348cca 100644 --- a/windows/client-management/mdm/developersetup-ddf.md +++ b/windows/client-management/mdm/developersetup-ddf.md @@ -1,19 +1,14 @@ --- title: DeveloperSetup DDF file description: This topic shows the OMA DM device description framework (DDF) for the DeveloperSetup configuration service provider. This CSP was added in Windows 10, version 1703. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # DeveloperSetup DDF file This topic shows the OMA DM device description framework (DDF) for the DeveloperSetup configuration service provider. This CSP was added in Windows 10, version 1703. diff --git a/windows/client-management/mdm/device-update-management.md b/windows/client-management/mdm/device-update-management.md index 61da16eb81..724d2abe69 100644 --- a/windows/client-management/mdm/device-update-management.md +++ b/windows/client-management/mdm/device-update-management.md @@ -1,20 +1,15 @@ --- title: Device update management description: In the current device landscape of PC, tablets, phones, and IoT devices, the Mobile Device Management (MDM) solutions are becoming prevalent as a lightweight device management technology. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: C27BAEE7-2890-4FB7-9549-A6EACC790777 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Device update management In the current device landscape of PC, tablets, phones, and IoT devices, the Mobile Device Management (MDM) solutions are becoming prevalent as a lightweight device management technology. In Windows 10, we are investing heavily in extending the management capabilities available to MDMs. One key feature we are adding is the ability for MDMs to keep devices up-to-date with the latest Microsoft Updates. diff --git a/windows/client-management/mdm/deviceinstanceservice-csp.md b/windows/client-management/mdm/deviceinstanceservice-csp.md index e2c5565422..55339fb966 100644 --- a/windows/client-management/mdm/deviceinstanceservice-csp.md +++ b/windows/client-management/mdm/deviceinstanceservice-csp.md @@ -1,19 +1,14 @@ --- title: DeviceInstanceService CSP description: DeviceInstanceService CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: f113b6bb-6ce1-45ad-b725-1b6610721e2d -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # DeviceInstanceService CSP diff --git a/windows/client-management/mdm/devicelock-csp.md b/windows/client-management/mdm/devicelock-csp.md index a268cac2c0..47a36d95c3 100644 --- a/windows/client-management/mdm/devicelock-csp.md +++ b/windows/client-management/mdm/devicelock-csp.md @@ -1,19 +1,14 @@ --- title: DeviceLock CSP description: DeviceLock CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 9a547efb-738e-4677-95d3-5506d350d8ab -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # DeviceLock CSP @@ -39,49 +34,88 @@ The following image shows the DeviceLock configuration service provider in tree **Provider** Required. An interior node to group all policy providers. Scope is permanent. Supported operation is Get. -**DeviceValue/DevicePasswordEnable, …, MinDevicePasswordComplexCharacters** + ***ProviderID*** +Optional. The node that contains the configured management server's ProviderID. In Windows Phone 8, only one enterprise management server is supported. That is, there should be only one *ProviderID* node. Exchange ActiveSync policies set by Exchange are saved by the Sync client separately. Scope is dynamic. The following operations are supported: + +- **Add** - Add the management account to the configuration service provider tree. +- **Delete** - Delete all policies set by this account. This command could be used in enterprise unenrollment for removing policy values set by the enterprise management server. +- **Get** - Return all policies set by the management server. + +> **Note**   The value cannot be changed after it is added. The **Replace** command isn't supported. + +  + +***ProviderID*/DevicePasswordEnabled** +Optional. An integer value that specifies whether device lock is enabled. Possible values are one of the following: + +- 0 - Device lock is enabled. +- 1 (default) - Device lock not enabled. + +The scope is dynamic. + +Supported operations are Get, Add, and Replace. + +***ProviderID*/AllowSimpleDevicePassword** +Optional. An integer value that specifies whether simple passwords, such as "1111" or "1234", are allowed. Possible values for this node are one of the following: + +- 0 - Not allowed. +- 1 (default) - Allowed. + +Invalid values are treated as a configuration failure. The scope is dynamic. + +Supported operations are Get, Add, and Replace. + +***ProviderID*/MinDevicePasswordLength** +Optional. An integer value that specifies the minimum number of characters required in the PIN. Valid values are 4 to 18 inclusive. The default value is 4. Invalid values are treated as a configuration failure. The scope is dynamic. + +Supported operations are Get, Add, and Replace. + +***ProviderID*/AlphanumericDevicePasswordRequired** +Optional. An integer value that specifies the complexity of the password or PIN allowed. + +Valid values are one of the following: + +- 0 - Alphanumeric password required +- 1 - Users can choose a numeric or alphanumeric password +- 2 - Users can choose no password, numeric password, or alphanumeric password + +Invalid values are treated as a configuration failure. The scope is dynamic. + +Supported operations are Get, Add, and Replace. + +***ProviderID*/DevicePasswordExpiration** +Deprecated in Windows 10. + +***ProviderID*/DevicePasswordHistory** +Deprecated in Windows 10. + +***ProviderID*/MaxDevicePasswordFailedAttempts** +Optional. An integer value that specifies the number of authentication failures allowed before the device will be wiped. Valid values are 0 to 999. The default value is 0, which indicates the device will not be wiped regardless of the number of authentication failures. + +Invalid values are treated as a configuration failure. The scope is dynamic. + +Supported operations are Get, Add, and Replace. + +***ProviderID*/MaxInactivityTimeDeviceLock** +Optional. An integer value that specifies the amount of time (in minutes) that the device can remain idle before it is password locked. Valid values are 0 to 999. A value of 0 indicates no time-out is specified. In this case, the maximum screen time-out allowed by the UI applies. + +Invalid values are treated as a configuration failure. The scope is dynamic. + +Supported operations are Get, Add, and Replace. + +***ProviderID*/MinDevicePasswordComplexCharacters** +Optional. An integer value that specifies the number of complex element types (uppercase and lowercase letters, numbers, and punctuation) required for a strong password. Valid values are 1 to 4 for mobile and 1 to 3 for desktop. The default value is 1. + +Invalid values are treated as a configuration failure. The scope is dynamic. + +Supported operations are Get, Add, and Replace. + +**DeviceValue** +Required. A permanent node that groups the policy values applied to the device. The server can query this node to discover what policy values are actually applied to the device. The scope is permanent. + +Supported operation is Get. + +**DeviceValue/DevicePasswordEnable, …, MinDevicePasswordComplexCharacters** Required. This node has the same set of policy nodes as the **ProviderID** node. All nodes under **DeviceValue** are read-only permanent nodes. Each node represents the current device lock policy. For detailed descriptions of each policy, see the ***ProviderID*** subnode descriptions. ## OMA DM examples diff --git a/windows/client-management/mdm/devicelock-ddf-file.md b/windows/client-management/mdm/devicelock-ddf-file.md index 2b13637b6a..466bcbbf38 100644 --- a/windows/client-management/mdm/devicelock-ddf-file.md +++ b/windows/client-management/mdm/devicelock-ddf-file.md @@ -1,19 +1,14 @@ --- title: DeviceLock DDF file description: DeviceLock DDF file -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 46a691b9-6350-4987-bfc7-f8b1eece3ad9 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # DeviceLock DDF file diff --git a/windows/client-management/mdm/devicemanageability-csp.md b/windows/client-management/mdm/devicemanageability-csp.md index 2bd82e72ec..8adc363d59 100644 --- a/windows/client-management/mdm/devicemanageability-csp.md +++ b/windows/client-management/mdm/devicemanageability-csp.md @@ -1,19 +1,14 @@ --- title: DeviceManageability CSP description: The DeviceManageability configuration service provider (CSP) is used retrieve the general information about MDM configuration capabilities on the device. This CSP was added in Windows 10, version 1607. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: FE563221-D5B5-4EFD-9B60-44FE4066B0D2 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # DeviceManageability CSP diff --git a/windows/client-management/mdm/devicemanageability-ddf.md b/windows/client-management/mdm/devicemanageability-ddf.md index 83cb72ad21..1adb50855e 100644 --- a/windows/client-management/mdm/devicemanageability-ddf.md +++ b/windows/client-management/mdm/devicemanageability-ddf.md @@ -1,19 +1,14 @@ --- title: DeviceManageability DDF description: This topic shows the OMA DM device description framework (DDF) for the DeviceManageability configuration service provider. This CSP was added in Windows 10, version 1607. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: D7FA8D51-95ED-40D2-AA84-DCC4BBC393AB -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # DeviceManageability DDF diff --git a/windows/client-management/mdm/devicestatus-csp.md b/windows/client-management/mdm/devicestatus-csp.md index b4706c89a2..e89043b5c1 100644 --- a/windows/client-management/mdm/devicestatus-csp.md +++ b/windows/client-management/mdm/devicestatus-csp.md @@ -1,19 +1,14 @@ --- title: DeviceStatus CSP description: The DeviceStatus configuration service provider is used by the enterprise to keep track of device inventory and query the state of compliance of these devices with their enterprise policies. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 039B2010-9290-4A6E-B77B-B2469B482360 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # DeviceStatus CSP diff --git a/windows/client-management/mdm/devicestatus-ddf.md b/windows/client-management/mdm/devicestatus-ddf.md index 9bf9e71a9f..b0e6ad935c 100644 --- a/windows/client-management/mdm/devicestatus-ddf.md +++ b/windows/client-management/mdm/devicestatus-ddf.md @@ -1,19 +1,14 @@ --- title: DeviceStatus DDF description: This topic shows the OMA DM device description framework (DDF) for the DeviceStatus configuration service provider. DDF files are used only with OMA DM provisioning XML. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 780DC6B4-48A5-4F74-9F2E-6E0D88902A45 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # DeviceStatus DDF diff --git a/windows/client-management/mdm/devinfo-csp.md b/windows/client-management/mdm/devinfo-csp.md index 9ff3d6d8a1..b11d4a12cf 100644 --- a/windows/client-management/mdm/devinfo-csp.md +++ b/windows/client-management/mdm/devinfo-csp.md @@ -1,19 +1,14 @@ --- title: DevInfo CSP description: DevInfo CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: d3eb70db-1ce9-4c72-a13d-651137c1713c -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # DevInfo CSP diff --git a/windows/client-management/mdm/devinfo-ddf-file.md b/windows/client-management/mdm/devinfo-ddf-file.md index 22fa9bd67b..0ee45fd363 100644 --- a/windows/client-management/mdm/devinfo-ddf-file.md +++ b/windows/client-management/mdm/devinfo-ddf-file.md @@ -1,19 +1,14 @@ --- title: DevInfo DDF file description: DevInfo DDF file -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: beb07cc6-4133-4c0f-aa05-64db2b4a004f -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # DevInfo DDF file diff --git a/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md b/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md index 396962dfe9..d4c94639bd 100644 --- a/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md +++ b/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md @@ -1,19 +1,14 @@ --- title: Diagnose MDM failures in Windows 10 description: To help diagnose enrollment or device management issues in Windows 10 devices managed by an MDM server, you can examine the MDM logs collected from the desktop or mobile device. The following sections describe the procedures for collecting MDM logs. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 12D8263B-D839-4B19-9346-31E0CDD0CBF9 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Diagnose MDM failures in Windows 10 To help diagnose enrollment or device management issues in Windows 10 devices managed by an MDM server, you can examine the MDM logs collected from the desktop or mobile device. The following sections describe the procedures for collecting MDM logs. @@ -135,217 +130,7 @@ Since there is no Event Viewer in Windows 10 Mobile, you can use the [Field Med The following table contains a list of common providers and their corresponding GUIDs. | GUID | Provider Name | -|--- -title: Diagnose MDM failures in Windows 10 -description: To help diagnose enrollment or device management issues in Windows 10 devices managed by an MDM server, you can examine the MDM logs collected from the desktop or mobile device. The following sections describe the procedures for collecting MDM logs. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 12D8263B-D839-4B19-9346-31E0CDD0CBF9 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: Diagnose MDM failures in Windows 10 -description: To help diagnose enrollment or device management issues in Windows 10 devices managed by an MDM server, you can examine the MDM logs collected from the desktop or mobile device. The following sections describe the procedures for collecting MDM logs. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 12D8263B-D839-4B19-9346-31E0CDD0CBF9 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: Diagnose MDM failures in Windows 10 -description: To help diagnose enrollment or device management issues in Windows 10 devices managed by an MDM server, you can examine the MDM logs collected from the desktop or mobile device. The following sections describe the procedures for collecting MDM logs. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 12D8263B-D839-4B19-9346-31E0CDD0CBF9 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: Diagnose MDM failures in Windows 10 -description: To help diagnose enrollment or device management issues in Windows 10 devices managed by an MDM server, you can examine the MDM logs collected from the desktop or mobile device. The following sections describe the procedures for collecting MDM logs. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 12D8263B-D839-4B19-9346-31E0CDD0CBF9 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: Diagnose MDM failures in Windows 10 -description: To help diagnose enrollment or device management issues in Windows 10 devices managed by an MDM server, you can examine the MDM logs collected from the desktop or mobile device. The following sections describe the procedures for collecting MDM logs. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 12D8263B-D839-4B19-9346-31E0CDD0CBF9 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: Diagnose MDM failures in Windows 10 -description: To help diagnose enrollment or device management issues in Windows 10 devices managed by an MDM server, you can examine the MDM logs collected from the desktop or mobile device. The following sections describe the procedures for collecting MDM logs. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 12D8263B-D839-4B19-9346-31E0CDD0CBF9 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---|--- -title: Diagnose MDM failures in Windows 10 -description: To help diagnose enrollment or device management issues in Windows 10 devices managed by an MDM server, you can examine the MDM logs collected from the desktop or mobile device. The following sections describe the procedures for collecting MDM logs. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 12D8263B-D839-4B19-9346-31E0CDD0CBF9 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: Diagnose MDM failures in Windows 10 -description: To help diagnose enrollment or device management issues in Windows 10 devices managed by an MDM server, you can examine the MDM logs collected from the desktop or mobile device. The following sections describe the procedures for collecting MDM logs. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 12D8263B-D839-4B19-9346-31E0CDD0CBF9 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: Diagnose MDM failures in Windows 10 -description: To help diagnose enrollment or device management issues in Windows 10 devices managed by an MDM server, you can examine the MDM logs collected from the desktop or mobile device. The following sections describe the procedures for collecting MDM logs. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 12D8263B-D839-4B19-9346-31E0CDD0CBF9 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: Diagnose MDM failures in Windows 10 -description: To help diagnose enrollment or device management issues in Windows 10 devices managed by an MDM server, you can examine the MDM logs collected from the desktop or mobile device. The following sections describe the procedures for collecting MDM logs. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 12D8263B-D839-4B19-9346-31E0CDD0CBF9 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: Diagnose MDM failures in Windows 10 -description: To help diagnose enrollment or device management issues in Windows 10 devices managed by an MDM server, you can examine the MDM logs collected from the desktop or mobile device. The following sections describe the procedures for collecting MDM logs. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 12D8263B-D839-4B19-9346-31E0CDD0CBF9 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: Diagnose MDM failures in Windows 10 -description: To help diagnose enrollment or device management issues in Windows 10 devices managed by an MDM server, you can examine the MDM logs collected from the desktop or mobile device. The following sections describe the procedures for collecting MDM logs. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 12D8263B-D839-4B19-9346-31E0CDD0CBF9 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: Diagnose MDM failures in Windows 10 -description: To help diagnose enrollment or device management issues in Windows 10 devices managed by an MDM server, you can examine the MDM logs collected from the desktop or mobile device. The following sections describe the procedures for collecting MDM logs. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 12D8263B-D839-4B19-9346-31E0CDD0CBF9 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: Diagnose MDM failures in Windows 10 -description: To help diagnose enrollment or device management issues in Windows 10 devices managed by an MDM server, you can examine the MDM logs collected from the desktop or mobile device. The following sections describe the procedures for collecting MDM logs. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 12D8263B-D839-4B19-9346-31E0CDD0CBF9 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: Diagnose MDM failures in Windows 10 -description: To help diagnose enrollment or device management issues in Windows 10 devices managed by an MDM server, you can examine the MDM logs collected from the desktop or mobile device. The following sections describe the procedures for collecting MDM logs. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 12D8263B-D839-4B19-9346-31E0CDD0CBF9 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---| +|--------------------------------------|--------------------------------------------------------| | 099614a5-5dd7-4788-8bc9-e29f43db28fc | Microsoft-Windows-LDAP-Client | | 0f67e49f-fe51-4e9f-b490-6f2948cc6027 | Microsoft-Windows-Kernel-Processor-Power | | 0ff1c24b-7f05-45c0-abdc-3c8521be4f62 | Microsoft-Windows-Mobile-Broadband-Experience-SmsApi | diff --git a/windows/client-management/mdm/diagnosticlog-csp.md b/windows/client-management/mdm/diagnosticlog-csp.md index 02eee80ad6..da0d026cab 100644 --- a/windows/client-management/mdm/diagnosticlog-csp.md +++ b/windows/client-management/mdm/diagnosticlog-csp.md @@ -1,19 +1,14 @@ --- title: DiagnosticLog CSP description: DiagnosticLog CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: F76E0056-3ACD-48B2-BEA1-1048C96571C3 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # DiagnosticLog CSP @@ -172,49 +167,7 @@ The supported operation is Get. The following table represents the possible values: | Value | Description | -|--- -title: DiagnosticLog CSP -description: DiagnosticLog CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: F76E0056-3ACD-48B2-BEA1-1048C96571C3 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- --|--- -title: DiagnosticLog CSP -description: DiagnosticLog CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: F76E0056-3ACD-48B2-BEA1-1048C96571C3 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: DiagnosticLog CSP -description: DiagnosticLog CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: F76E0056-3ACD-48B2-BEA1-1048C96571C3 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- --| +|-------|-------------| | 0 | Stopped | | 1 | Started | @@ -262,63 +215,7 @@ The data type is a string. The following table lists the possible values: | Value | Description | -|--- -title: DiagnosticLog CSP -description: DiagnosticLog CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: F76E0056-3ACD-48B2-BEA1-1048C96571C3 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- --|--- -title: DiagnosticLog CSP -description: DiagnosticLog CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: F76E0056-3ACD-48B2-BEA1-1048C96571C3 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: DiagnosticLog CSP -description: DiagnosticLog CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: F76E0056-3ACD-48B2-BEA1-1048C96571C3 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: DiagnosticLog CSP -description: DiagnosticLog CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: F76E0056-3ACD-48B2-BEA1-1048C96571C3 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---| +|-------|--------------------| | START | Start log tracing. | | STOP | Stop log tracing | diff --git a/windows/client-management/mdm/diagnosticlog-ddf.md b/windows/client-management/mdm/diagnosticlog-ddf.md index 45a672208b..48154f0bad 100644 --- a/windows/client-management/mdm/diagnosticlog-ddf.md +++ b/windows/client-management/mdm/diagnosticlog-ddf.md @@ -1,19 +1,14 @@ --- title: DiagnosticLog DDF description: DiagnosticLog DDF -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 9DD75EDA-5913-45B4-9BED-20E30CDEBE16 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # DiagnosticLog DDF diff --git a/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md b/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md index a6b80f5528..29889b69f1 100644 --- a/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md +++ b/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md @@ -4,20 +4,15 @@ description: Disconnecting may be initiated either locally by the user from the MS-HAID: - 'p\_phdevicemgmt.disconnecting\_from\_the\_management\_infrastructure\_\_unenrollment\_' - 'p\_phDeviceMgmt.disconnecting\_from\_mdm\_unenrollment' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 33B2B248-631B-451F-B534-5DA095C4C8E8 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Disconnecting from the management infrastructure (unenrollment) Disconnecting may be initiated either locally by the user from the phone or remotely by the IT admin using management server. User-initiated disconnection is performed much like the initial connection, and it is initiated from the same location in the Setting Control Panel as creating the workplace account. Users may choose to disconnect for any number of reasons, including leaving the company or getting a new device and no longer needing access to their LOB apps on the old device. When an administrator initiates a disconnection, the enrollment client performs the disconnection during its next regular maintenance session. Administrators may choose to disconnect a user’s device after they’ve left the company or because the device is regularly failing to comply with the organization’s security settings policy. diff --git a/windows/client-management/mdm/dmacc-csp.md b/windows/client-management/mdm/dmacc-csp.md index ff9bfa21ac..df7701702a 100644 --- a/windows/client-management/mdm/dmacc-csp.md +++ b/windows/client-management/mdm/dmacc-csp.md @@ -1,19 +1,14 @@ --- title: DMAcc CSP description: DMAcc CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 43e73d8a-6617-44e7-8459-5c96f4422e63 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # DMAcc CSP diff --git a/windows/client-management/mdm/dmacc-ddf-file.md b/windows/client-management/mdm/dmacc-ddf-file.md index 39c3b7a2f1..dbca78b881 100644 --- a/windows/client-management/mdm/dmacc-ddf-file.md +++ b/windows/client-management/mdm/dmacc-ddf-file.md @@ -1,19 +1,14 @@ --- title: DMAcc DDF file description: DMAcc DDF file -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 44dc99aa-2a85-498b-8f52-a81863765606 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # DMAcc DDF file diff --git a/windows/client-management/mdm/dmclient-csp.md b/windows/client-management/mdm/dmclient-csp.md index 819fc66b36..59c7ae444e 100644 --- a/windows/client-management/mdm/dmclient-csp.md +++ b/windows/client-management/mdm/dmclient-csp.md @@ -1,19 +1,14 @@ --- title: DMClient CSP description: The DMClient configuration service provider is used to specify additional enterprise-specific mobile device management configuration settings for identifying the device in the enterprise domain, security mitigation for certificate renewal, and server-triggered enterprise unenrollment. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: a5cf35d9-ced0-4087-a247-225f102f2544 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # DMClient CSP diff --git a/windows/client-management/mdm/dmclient-ddf-file.md b/windows/client-management/mdm/dmclient-ddf-file.md index b3daba3ccc..85bc763412 100644 --- a/windows/client-management/mdm/dmclient-ddf-file.md +++ b/windows/client-management/mdm/dmclient-ddf-file.md @@ -1,19 +1,14 @@ --- title: DMClient DDF file description: DMClient DDF file -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: A21B33AF-DB76-4059-8170-FADF2CB898A0 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # DMClient DDF file diff --git a/windows/client-management/mdm/dmprocessconfigxmlfiltered.md b/windows/client-management/mdm/dmprocessconfigxmlfiltered.md index 4c3357dbc1..c78e43cc7d 100644 --- a/windows/client-management/mdm/dmprocessconfigxmlfiltered.md +++ b/windows/client-management/mdm/dmprocessconfigxmlfiltered.md @@ -1,9 +1,6 @@ --- title: DMProcessConfigXMLFiltered function description: Configures phone settings by using OMA Client Provisioning XML. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' Search.Refinement.TopicID: 184 ms.assetid: 31D79901-6206-454C-AE78-9B85A3B3487F keywords: ["DMProcessConfigXMLFiltered function"] @@ -15,15 +12,13 @@ api_location: - dmprocessxmlfiltered.dll api_type: - DllExport -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # DMProcessConfigXMLFiltered function > **Important**   diff --git a/windows/client-management/mdm/dmsessionactions-csp.md b/windows/client-management/mdm/dmsessionactions-csp.md index 2c99d9ad68..17fa2ec201 100644 --- a/windows/client-management/mdm/dmsessionactions-csp.md +++ b/windows/client-management/mdm/dmsessionactions-csp.md @@ -1,18 +1,13 @@ --- title: DMSessionActions CSP description: DMSessionActions CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # DMSessionActions CSP diff --git a/windows/client-management/mdm/dmsessionactions-ddf.md b/windows/client-management/mdm/dmsessionactions-ddf.md index 258cad28d9..1983b804cc 100644 --- a/windows/client-management/mdm/dmsessionactions-ddf.md +++ b/windows/client-management/mdm/dmsessionactions-ddf.md @@ -1,18 +1,13 @@ --- title: DMSessionActions DDF file description: DMSessionActions DDF file -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # DMSessionActions DDF file diff --git a/windows/client-management/mdm/dynamicmanagement-csp.md b/windows/client-management/mdm/dynamicmanagement-csp.md index 0f5410244f..b0a286169f 100644 --- a/windows/client-management/mdm/dynamicmanagement-csp.md +++ b/windows/client-management/mdm/dynamicmanagement-csp.md @@ -1,18 +1,13 @@ --- title: DynamicManagement CSP description: DynamicManagement CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # DynamicManagement CSP Windows 10 allows you to manage devices differently depending on location, network, or time.  In Windows 10, version 1703 the focus is on the most common areas of concern expressed by organizations. For example, managed devices can have cameras disabled when at a work location, the cellular service can be disabled when outside the country to avoid roaming charges, or the wireless network can be disabled when the device is not within the corporate building or campus. Once configured, these settings will be enforced even if the device can’t reach the management server when the location or network changes. The Dynamic Management CSP enables configuration of policies that change how the device is managed in addition to setting the conditions on which the change occurs. diff --git a/windows/client-management/mdm/dynamicmanagement-ddf.md b/windows/client-management/mdm/dynamicmanagement-ddf.md index 2cd27c674b..c1b15243de 100644 --- a/windows/client-management/mdm/dynamicmanagement-ddf.md +++ b/windows/client-management/mdm/dynamicmanagement-ddf.md @@ -1,19 +1,14 @@ --- title: DynamicManagement DDF file description: DynamicManagement DDF file -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 7e266db0-2fd9-4412-b428-4550f41a1738 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # DynamicManagement DDF file This topic shows the OMA DM device description framework (DDF) for the **DynamicManagement** configuration service provider. diff --git a/windows/client-management/mdm/eap-configuration.md b/windows/client-management/mdm/eap-configuration.md index 0e5d732e25..23d7112ba0 100644 --- a/windows/client-management/mdm/eap-configuration.md +++ b/windows/client-management/mdm/eap-configuration.md @@ -1,19 +1,14 @@ --- title: EAP configuration description: The topic provides a step-by-step guide for creating an Extensible Authentication Protocol (EAP) configuration XML for the VPN profile and information about EAP certificate filtering in Windows 10. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: DD3F2292-4B4C-4430-A57F-922FED2A8FAE -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # EAP configuration diff --git a/windows/client-management/mdm/email2-csp.md b/windows/client-management/mdm/email2-csp.md index e53368852f..54fe0d1273 100644 --- a/windows/client-management/mdm/email2-csp.md +++ b/windows/client-management/mdm/email2-csp.md @@ -1,19 +1,14 @@ --- title: EMAIL2 CSP description: EMAIL2 CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: bcfc9d98-bc2e-42c6-9b81-0b5bf65ce2b8 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # EMAIL2 CSP diff --git a/windows/client-management/mdm/email2-ddf-file.md b/windows/client-management/mdm/email2-ddf-file.md index dca325ed91..58614e459a 100644 --- a/windows/client-management/mdm/email2-ddf-file.md +++ b/windows/client-management/mdm/email2-ddf-file.md @@ -1,19 +1,14 @@ --- title: EMAIL2 DDF file description: EMAIL2 DDF file -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 7e266db0-2fd9-4412-b428-4550f41a1738 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # EMAIL2 DDF file diff --git a/windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md b/windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md index a0b5b488af..6fc5284a64 100644 --- a/windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md +++ b/windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md @@ -1,19 +1,14 @@ --- title: Enable offline upgrades to Windows 10 for Windows Embedded 8.1 Handheld devices description: Like any Windows devices, Windows 10 Mobile devices use Microsoft Update by default to download updates over the Internet. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: ED3DAF80-847C-462B-BDB1-486577906772 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Enable offline upgrades to Windows 10 for Windows Embedded 8.1 Handheld devices diff --git a/windows/client-management/mdm/enterprise-app-management.md b/windows/client-management/mdm/enterprise-app-management.md index 8f2a4417fc..d6b71a088d 100644 --- a/windows/client-management/mdm/enterprise-app-management.md +++ b/windows/client-management/mdm/enterprise-app-management.md @@ -1,19 +1,14 @@ --- title: Enterprise app management description: This topic covers one of the key mobile device management (MDM) features in Windows 10 for managing the lifecycle of apps across all of Windows. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 225DEE61-C3E3-4F75-BC79-5068759DFE99 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Enterprise app management This topic covers one of the key mobile device management (MDM) features in Windows 10 for managing the lifecycle of apps across all of Windows. It is the ability to manage both Store and non-Store apps as part of the native MDM capabilities. New in Windows 10 is the ability to take inventory of all your apps. diff --git a/windows/client-management/mdm/enterpriseapn-csp.md b/windows/client-management/mdm/enterpriseapn-csp.md index a55f54bd78..c61db977e9 100644 --- a/windows/client-management/mdm/enterpriseapn-csp.md +++ b/windows/client-management/mdm/enterpriseapn-csp.md @@ -1,19 +1,14 @@ --- title: EnterpriseAPN CSP description: The EnterpriseAPN configuration service provider is used by the enterprise to provision an APN for the Internet. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: E125F6A5-EE44-41B1-A8CC-DF295082E6B2 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # EnterpriseAPN CSP The EnterpriseAPN configuration service provider (CSP) is used by the enterprise to provision an APN for the Internet. diff --git a/windows/client-management/mdm/enterpriseapn-ddf.md b/windows/client-management/mdm/enterpriseapn-ddf.md index 8ee641a01d..8d656ebb72 100644 --- a/windows/client-management/mdm/enterpriseapn-ddf.md +++ b/windows/client-management/mdm/enterpriseapn-ddf.md @@ -1,19 +1,14 @@ --- title: EnterpriseAPN DDF description: EnterpriseAPN DDF -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: A953ADEF-4523-425F-926C-48DA62EB9E21 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # EnterpriseAPN DDF diff --git a/windows/client-management/mdm/enterpriseappmanagement-csp.md b/windows/client-management/mdm/enterpriseappmanagement-csp.md index 260e692dd1..4067c76438 100644 --- a/windows/client-management/mdm/enterpriseappmanagement-csp.md +++ b/windows/client-management/mdm/enterpriseappmanagement-csp.md @@ -1,19 +1,14 @@ --- title: EnterpriseAppManagement CSP description: EnterpriseAppManagement CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 698b8bf4-652e-474b-97e4-381031357623 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # EnterpriseAppManagement CSP diff --git a/windows/client-management/mdm/enterpriseappvmanagement-csp.md b/windows/client-management/mdm/enterpriseappvmanagement-csp.md index 8500e82859..17b4288eb5 100644 --- a/windows/client-management/mdm/enterpriseappvmanagement-csp.md +++ b/windows/client-management/mdm/enterpriseappvmanagement-csp.md @@ -1,18 +1,13 @@ --- title: EnterpriseAppVManagement CSP description: EnterpriseAppVManagement CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # EnterpriseAppVManagement CSP The EnterpriseAppVManagement configuration service provider (CSP) is used to manage virtual applications in Windows 10 PCs (Enterprise and Education editions). This CSP was added in Windows 10, version 1703. diff --git a/windows/client-management/mdm/enterpriseappvmanagement-ddf.md b/windows/client-management/mdm/enterpriseappvmanagement-ddf.md index cb565a139c..19c14ddfc4 100644 --- a/windows/client-management/mdm/enterpriseappvmanagement-ddf.md +++ b/windows/client-management/mdm/enterpriseappvmanagement-ddf.md @@ -1,18 +1,13 @@ --- title: EnterpriseAppVManagement DDF file description: EnterpriseAppVManagement DDF file -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # EnterpriseAppVManagement DDF file This topic shows the OMA DM device description framework (DDF) for the **EnterpriseAppVManagement** configuration service provider. diff --git a/windows/client-management/mdm/enterpriseassignedaccess-csp.md b/windows/client-management/mdm/enterpriseassignedaccess-csp.md index 9588c5ed47..ed4d8e0a6e 100644 --- a/windows/client-management/mdm/enterpriseassignedaccess-csp.md +++ b/windows/client-management/mdm/enterpriseassignedaccess-csp.md @@ -1,19 +1,14 @@ --- title: EnterpriseAssignedAccess CSP description: EnterpriseAssignedAccess CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 5F88E567-77AA-4822-A0BC-3B31100639AA -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # EnterpriseAssignedAccess CSP @@ -21,9 +16,8 @@ The EnterpriseAssignedAccess configuration service provider allows IT administra > **Note**   The EnterpriseAssignedAccess CSP is only supported in Windows 10 Mobile. -  -For more information about how to interact with the lockdown XML at runtime, see [**DeviceLockdownProfile class**](https://msdn.microsoft.com/library/windows/hardware/mt186983). +To use an app to create a lockdown XML see [Use the Lockdown Designer app to create a Lockdown XML file](https://docs.microsoft.com/en-us/windows/configuration/mobile-devices/mobile-lockdown-designer). For more information about how to interact with the lockdown XML at runtime, see [**DeviceLockdownProfile class**](https://msdn.microsoft.com/library/windows/hardware/mt186983). The following diagram shows the EnterpriseAssignedAccess configuration service provider in tree format as used by both the Open Mobile Alliance (OMA) Device Management (DM) and OMA Client Provisioning. @@ -49,137 +43,103 @@ When using the AssignedAccessXml in the EnterpriseAssignedAccess CSP through an When using the AssignedAccessXml in a provisioning package using the Windows Imaging and Configuration Designer (ICD) tool, do not use escaped characters. -  +Entry | Description +----------- | ------------ +ActionCenter | You can enable or disable the Action Center (formerly known as Notification Center) on the device. Set to true to enable the Action Center, or set to false to disable the Action Center. +ActionCenter | Example: `` +ActionCenter | In Windows 10, when the Action Center is disabled, Above Lock notifications and toasts are also disabled. When the Action Center is enabled, the following policies are also enabled; **AboveLock/AllowActionCenterNotifications** and **AboveLock/AllowToasts**. For more information about these policies, see [Policy CSP](policy-configuration-service-provider.md) +ActionCenter | You can also add the following optional attributes to the ActionCenter element to override the default behavior: **aboveLockToastEnabled** and **actionCenterNotificationEnabled**. Valid values are 0 (policy disabled), 1 (policy enabled), and -1 (not set, policy enabled). In this example, the Action Center is enabled and both policies are disabled.: `` +ActionCenter | These optional attributes are independent of each other. In this example, Action Center is enabled, the notifications policy is disabled, and the toast policy is enabled by default because it is not set. `` +StartScreenSize | Specify the size of the Start screen. In addition to 4/6 columns, you can also use 4/6/8 depending on screen resolutions. Valid values: **Small** - sets the width to 4 columns on device with short axis <400epx or 6 columns on devices with short axis >=400epx. **Large** - sets the width to 6 columns on devices with short axis <400epx or 8 columns on devices with short axis >=400epx. +StartScreenSize | If you have existing lockdown XML, you must update it if your device has >=400epx on its short axis so that tiles on Start can fill all 8 columns if you want to use all 8 columns instead of 6, or use 6 columns instead of 4. Example: `Large` +Application | Provide the product ID for each app that will be available on the device. You can find the product ID for a locally developed app in the AppManifest.xml file of the app. For the list of product ID and AUMID see [ProductIDs in Windows 10 Mobile](#productid). +Application | To turn on the notification for a Windows app, you must include the application's AUMID in the lockdown XML. However, the user can change the setting at any time from user interface. Example: `` +Application | modern app notification +Application | Include PinToStart to display an app on the Start screen. For apps pinned to the Start screen, identify a tile size (small, medium, or large), and a location. The size of a small tile is 1 column x 1 row, a medium tile is 2 x 2, and a large tile is 4 x 2. For the tile location, the first value indicates the column and the second value indicates the row. A value of 0 (zero) indicates the first column, a value of 1 indicates the second column, and so on. Include autoRun as an attribute to configure the application to run automatically. + +Application example: +``` syntax + + + Large + + 0 + 2 + + + +``` + +Entry | Description +----------- | ------------ +Application | Multiple App Packages enable multiple apps to exist inside the same package. Since ProductIds identify packages and not applications, specifying a ProductId is not enough to distinguish between individual apps inside a multiple app package. Trying to include application from a multiple app package with just a ProductId can result in unexpected behavior. To support pinning applications in multiple app packages, use an AUMID parameter in lockdown XML. For the list of product ID and AUMID, see [ProductIDs in Windows 10 Mobile](#productid). The following example shows how to pin both Outlook mail and Outlook calendar. + +Application example: +``` syntax + + + + + Large + + 1 + 4 + + + + + + + Large + + 1 + 6 + + + + +``` + +Entry | Description +----------- | ------------ +Folder | A folder should be contained in <Applications/> node among with other <Application/> nodes, it shares most grammar with the Application Node, **folderId** is mandatory, **folderName** is optional, which is the folder name displayed on Start. **folderId** is a unique unsigned integer for each folder. + +Folder example: +``` syntax + + + Large + + 0 + 2 + + + +``` +An application that belongs in the folder would add an optional attribute **ParentFolderId**, which maps to **folderId** of the folder. In this case, the location of this application will be located inside the folder. + +``` syntax + + + Medium + + 0 + 0 + + 2 + + +``` + +Entry | Description +----------- | ------------ +Settings | Starting in Windows 10, version 1511, you can specify the following settings pages in the lockdown XML file. + +> [!Important] +> Do not specify a group entry without a page entry because it will cause an undefined behavior. - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    EntryDescription

    ActionCenter

    You can enable or disable the Action Center (formerly known as Notification Center) on the device. Set to true to enable the Action Center, or set to false to disable the Action Center.

    -

    Example:

    -
    <ActionCenter enabled="true"></ActionCenter>
    -

    In Windows 10, when the Action Center is disabled, Above Lock notifications and toasts are also disabled. When the Action Center is enabled, the following policies are also enabled:

    -
      -
    • AboveLock/AllowActionCenterNotifications
      • -
    • AboveLock/AllowToasts
      • -
    -

    For more information about these policies, see [Policy CSP](policy-configuration-service-provider.md)

    -

    You can also add the following optional attributes to the ActionCenter element to override the default behavior:

    -
      -
    • aboveLockToastEnabled
      • -
    • actionCenterNotificationEnabled
      • -
    -

    Valid values are 0 (policy disabled), 1 (policy enabled), and -1 (not set, policy enabled).

    -

    In this example, the Action Center is enabled and both policies are disabled.

    -
    <ActionCenter enabled="true" aboveLockToastEnabled="0" actionCenterNotificationEnabled="0"/>
    -

    These optional attributes are independent of each other.

    -

    In this example, Action Center is enabled, the notifications policy is disabled, and the toast policy is enabled by default because it is not set.

    -
    <ActionCenter enabled="true" actionCenterNotificationEnabled="0"/>

    StartScreenSize

    Specify the size of the Start screen. In addition to 4/6 columns, you can also use 4/6/8 depending on screen resolutions.

    -

    Valid values:

    -
      -
    • Small sets the width to 4 columns on device with short axis <400epx or 6 columns on devices with short axis >=400epx.
      • -
    • Large sets the width to 6 columns on devices with short axis <400epx or 8 columns on devices with short axis >=400epx.
      • -
    -

    If you have existing lockdown XML, you must update it if your device has >=400epx on its short axis so that tiles on Start can fill all 8 columns if you want to use all 8 columns instead of 6, or use 6 columns instead of 4.

    -

    Example:

    -
    <StartScreenSize>Large</StartScreenSize>

    Application

    Provide the product ID for each app that will be available on the device.

    -

    You can find the product ID for a locally developed app in the AppManifest.xml file of the app. For the list of product ID and AUMID see [ProductIDs in Windows 10 Mobile](#productid).

    -

    To turn on the notification for a Windows app, you must include the application's AUMID in the lockdown XML. However, the user can change the setting at any time from user interface.

    -
    <Application productId="{A558FEBA-85D7-4665-B5D8-A2FF9C19799B}" aumid="microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowslive.mail"/>
    -modern app notification -

    Include PinToStart to display an app on the Start screen. For apps pinned to the Start screen, identify a tile size (small, medium, or large), and a location. The size of a small tile is 1 column x 1 row, a medium tile is 2 x 2, and a large tile is 4 x 2.

    -

    For the tile location, the first value indicates the column and the second value indicates the row. A value of 0 indicates the first column, a value of 1 indicates the second column, and so on.

    -

    Include autoRun as an attribute to configure the application to run automatically.

    -

    Example:

    -
    <Application productId="{2A4E62D8-8809-4787-89F8-69D0F01654FB}" autoRun="true">
-   <PinToStart>
-      <Size>Large</Size>
-      <Location>
-         <LocationX>0</LocationX>
-         <LocationY>2</LocationY>
-      </Location>
-   </PinToStart>
-</Application>
    -

    Multiple App Packages enable multiple apps to exist inside the same package. Since ProductIds identify packages and not applications, specifying a ProductId is not enough to distinguish between individual apps inside a multiple app package. Trying to include application from a multiple app package with just a ProductId can result in unexpected behavior.

    -

    To support pinning applications in multiple app packages, use an AUMID parameter in lockdown XML. For the list of product ID and AUMID, see [ProductIDs in Windows 10 Mobile](#productid). The following example shows how to pin both Outlook mail and Outlook calendar.

    -
    <Apps>
-    <!-- Outlook Calendar -->
-    <Application productId="{A558FEBA-85D7-4665-B5D8-A2FF9C19799B}" 
-aumid="microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowslive.calendar">
-        <PinToStart>
-            <Size>Large</Size>
-            <Location>
-                <LocationX>1</LocationX>
-                <LocationY>4</LocationY>
-            </Location>
-        </PinToStart>
-    </Application>
-    <!-- Outlook Mail-->
-    <Application productId="{A558FEBA-85D7-4665-B5D8-A2FF9C19799B}" 
-aumid="microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowslive.mail">
-        <PinToStart>
-            <Size>Large</Size>
-            <Location>
-                <LocationX>1</LocationX>
-                <LocationY>6</LocationY>
-            </Location>
-        </PinToStart>
-    </Application>
-</Apps>

    Folder

    A folder should be contained in <Applications/> node among with other <Application/> nodes, it shares most grammar with the Application Node, folderId is mandatory, folderName is optional, which is the folder name displayed on Start. folderId is a unique unsigned integer for each folder.

    -

    For example:

    -
    <Application folderId="4" folderName="foldername">
-    <PinToStart>
-        <Size>Large</Size>
-        <Location>
-            <LocationX>0</LocationX>
-            <LocationY>2</LocationY>
-        </Location>
-    </PinToStart>
-</Application>
    -

    An application that belongs in the folder would add an optional attribute ParentFolderId, which maps to folderId of the folder. In this case, the location of this application will be located inside the folder.

    -
    <Application productId="{2A4E62D8-8809-4787-89F8-69D0F01654FB}">
-    <PinToStart>
-        <Size>Medium</Size>
-        <Location>
-            <LocationX>0</LocationX>
-            <LocationY>0</LocationY>
-        </Location>
-        <ParentFolderId>2</ParentFolderId>
-    </PinToStart>
-</Application>

    Settings

    Settings pages

    -

    Starting in Windows 10, version 1511, you can specify the following settings pages in the lockdown XML file.

    -
    -Important  Do not specify a group entry without a page entry because it will cause an undefined behavior. -
    -
    -  -
    • System (main menu) - SettingsPageGroupPCSystem
        @@ -283,9 +243,14 @@ aumid="microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowsl
      • Extensibility - SettingsPageExtensibility
    -

    Quick action settings

    -

    Starting in Windows 10, version 1511, you can specify the following quick action settings in the lockdown XML file. The following list shows the quick action settings and settings page dependencies (group and page).

    -

    Note: Only Windows 10, versions 1511 and 1607, the dependent settings group and pages are automatically added when the quick action item is specified in the lockdown XML. This statement does not apply to Windows 10, version 1703.

    + +**Quick action settings** + +Starting in Windows 10, version 1511, you can specify the following quick action settings in the lockdown XML file. The following list shows the quick action settings and settings page dependencies (group and page). + +> [!Note] +> Only Windows 10, versions 1511 and 1607, the dependent settings group and pages are automatically added when the quick action item is specified in the lockdown XML. This statement does not apply to Windows 10, version 1703. +

    • SystemSettings_System_Display_QuickAction_Brightness

      Dependencies - SettingsPageSystemDisplay, SettingsPageDisplay

      • @@ -320,277 +285,265 @@ aumid="microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowsl

    • SystemSettings_QuickAction_Camera

      Dependencies - none

    -

    In this example, all settings pages and quick action settings are allowed. An empty <Settings> node indicates that none of the settings are blocked.

    -
    <Settings>
-</Settings>
    -

    In this example, all System setting pages are enabled. Note that the System page group is added as well as all of the System subpage names.

    -
    <Settings> 
-  <System name="SettingsPageGroupPCSystem" /> 
-  <System name="SettingsPageDisplay" /> 
-  <System name="SettingsPageAppsNotifications" />
-  <System name="SettingsPageCalls" />
-  <System name="SettingsPageMessaging" /> 
-  <System name="SettingsPageBatterySaver" /> 
-  <System name="SettingsPageStorageSenseStorageOverview" />
-  <System name="SettingsPageGroupPCSystemDeviceEncryption" /> 
-  <System name="SettingsPageDrivingMode" /> 
-  <System name="SettingsPagePCSystemInfo" /> 
- </Settings>
    -

    To remove access to all of the settings in the system, the settings application would simply not be listed in the app list for a particular role.

    Buttons

    The following list identifies the hardware buttons on the device that you can lock down in ButtonLockdownList. When a user taps a button that is in the lockdown list, nothing will happen.

    + +In this example, all settings pages and quick action settings are allowed. An empty \ node indicates that none of the settings are blocked. + +``` syntax + + +``` + +In this example, all System setting pages are enabled. Note that the System page group is added as well as all of the System subpage names. + +``` syntax + + + + + + + + + + + + +``` + +Entry | Description +----------- | ------------ +Buttons | The following list identifies the hardware buttons on the device that you can lock down in ButtonLockdownList. When a user taps a button that is in the lockdown list, nothing will happen. +

    • Start

      -
      -Note   -

      Lock down of the Start button only prevents the press and hold event.

      -
      -
      -  -

    • Back

    • Search

    • Camera

    • Custom1

    • Custom2

      • -

    • Custom3

      -
      -Note   -

      Custom buttons are hardware buttons that can be added to devices by OEMs.

      -
      -
      -  -
      • +

    • Custom3

    -

    Example:

    -
    <Buttons>
-   <ButtonLockdownList>
-      <!-- Lockdown all buttons -->
-         <Button name="Search">
-         </Button>
-         <Button name="Camera">
-         </Button>
-         <Button name="Custom1">
-         </Button>
-         <Button name="Custom2">
-         </Button>
-         <Button name="Custom3">
-         </Button>
-   </ButtonLockdownList>
    -

    The Search and custom buttons can be remapped or configured to open a specific application. Button remapping takes effect for the device and applies to all users.

    -
    -Note   -

    The lockdown settings for a button, per user role, will apply regardless of the button mapping.

    -
    -
    -  -
    -
    -Warning   -

    Button remapping can enable a user to open an application that is not in the Allow list. Use button lock down to prevent application access for a user role.

    -
    -
    -  -
    -

    To remap a button in lockdown XML, you supply the button name, the button event (typically "press"), and the product ID for the application the button will open.

    -

    Example:

    -
    <ButtonRemapList>
-   <Button name="Search">
-      <ButtonEvent name="Press">
-         <!-- Alarms -->
-         <Application productId="{08179793-ED2E-45EA-BA12-BDE3EE9C3CE3}" parameters="" />
-          </ButtonEvent>
-   </Button>
-</ButtonRemapList>
    -

    Disabling navigation buttons

    -

    To disable navigation buttons (such as Home or Back) in lockdown XML, you supply the name (for example, Start) and button event (typically "press").

    -

    The following section contains a sample lockdown XML file that shows how to disable navigation buttons.

    -

    Example:

    -
    <?xml version="1.0" encoding="utf-8"?>
-<HandheldLockdown version="1.0" >
-    <Default>
-        <ActionCenter enabled="false" />
-        <Apps>
-            <!-- Settings -->
-            <Application productId="{2A4E62D8-8809-4787-89F8-69D0F01654FB}">
-                <PinToStart>
-                    <Size>Large</Size>
-                    <Location>
-                        <LocationX>0</LocationX>
-                        <LocationY>0</LocationY>
-                    </Location>
-                </PinToStart>
-            </Application>
 
-            <!-- Phone Apps -->
-            <Application productId="{F41B5D0E-EE94-4F47-9CFE-3D3934C5A2C7}">
-                <PinToStart>
-                    <Size>Small</Size>
-                    <Location>
-                        <LocationX>2</LocationX>
-                        <LocationY>2</LocationY>
-                    </Location>
-                </PinToStart>
-            </Application>
-        </Apps>
-        <Buttons>
-            <ButtonLockdownList>
-                <Button name="Start">
-                    <ButtonEvent name="Press" />
-                </Button>
-                <Button name="Back">
-                    <ButtonEvent name="Press" />
-                    <ButtonEvent name="PressAndHold" />
-                </Button>
-                <Button name="Search">
-                    <ButtonEvent name="All" />
-                </Button>
-                <Button name="Camera">
-                    <ButtonEvent name="Press" />
-                    <ButtonEvent name="PressAndHold" />
-                </Button>
-                <Button name="Custom1">
-                    <ButtonEvent name="Press" />
-                    <ButtonEvent name="PressAndHold" />
-                </Button>
-                <Button name="Custom2">
-                    <ButtonEvent name="Press" />
-                    <ButtonEvent name="PressAndHold" />
-                </Button>
-                <Button name="Custom3">
-                    <ButtonEvent name="Press" />
-                    <ButtonEvent name="PressAndHold" />
-                </Button>
-            </ButtonLockdownList>
-            <ButtonRemapList />
-        </Buttons>
-        <MenuItems>
-            <DisableMenuItems/>
-        </MenuItems>
-        <Settings>
-        </Settings>
-        <Tiles>
-            <EnableTileManipulation/>
-        </Tiles>
-        <StartScreenSize>Small</StartScreenSize>
-    </Default>
-</HandheldLockdown>

    MenuItems

    Use DisableMenuItems to prevent use of the context menu, which is displayed when a user presses and holds an application in the All Programs list. You can include this entry in the default profile and in any additional user role profiles that you create.

    -

    Example:

    -
    <MenuItems>
-   <DisableMenuItems/>
-</MenuItems>
    -
    -Important   -

    If DisableMenuItems is not included in a profile, users of that profile can uninstall apps.

    -
    -
    -  -

    Tiles

    Turning-on tile manipulation

    -

    By default, under Assigned Access, tile manipulation is turned off (blocked) and only available if enabled in the user’s profile.

    -

    If tile manipulation is enabled in the user’s profile, they can pin/unpin, move, and resize tiles based on their preferences. When multiple people use one device and you want to enable tile manipulation for multiple users, you must enable it for each user in their user profile.

    -
    -Important   -

    If a device is turned off then back on, the tiles reset to their predefined layout. If a device has only one profile, the only way to reset the tiles is to turn off then turn on the device. If a device has multiple profiles, the device resets the tiles to the predefined layout based on the logged-in user’s profile.

    -
    -
    -  -
    -

    The following sample file contains configuration for enabling tile manipulation.

    -
    -Note   -

    Tile manipulation is disabled when you don’t have a <Tiles> node in lockdown XML, or if you have a <Tiles> node but don’t have the <EnableTileManipulation/> node.

    -
    -
    -  -
    -

    Example:

    -
    <?xml version="1.0" encoding="utf-8"?>
-<HandheldLockdown version="1.0" >
-    <Default>
-        <ActionCenter enabled="false" />
-        <Apps>
-            <!-- Settings -->
-            <Application productId="{2A4E62D8-8809-4787-89F8-69D0F01654FB}">
-                <PinToStart>
-                    <Size>Large</Size>
-                    <Location>
-                        <LocationX>0</LocationX>
-                        <LocationY>0</LocationY>
-                    </Location>
-                </PinToStart>
-            </Application>
+> [!Note]  
+> Lock down of the Start button only prevents the press and hold event.  
+>
+> Custom buttons are hardware buttons that can be added to devices by OEMs.
 
-            <!-- Phone Apps -->
-            <Application productId="{F41B5D0E-EE94-4F47-9CFE-3D3934C5A2C7}">
-                <PinToStart>
-                    <Size>Small</Size>
-                    <Location>
-                        <LocationX>2</LocationX>
-                        <LocationY>2</LocationY>
-                    </Location>
-                </PinToStart>
-            </Application>
-        </Apps>
-        <Buttons>
-            <ButtonLockdownList>
-                <Button name="Start">
-                    <ButtonEvent name="Press" />
-                </Button>
-                <Button name="Back">
-                    <ButtonEvent name="Press" />
-                    <ButtonEvent name="PressAndHold" />
-                </Button>
-                <Button name="Search">
-                    <ButtonEvent name="All" />
-                </Button>
-                <Button name="Camera">
-                    <ButtonEvent name="Press" />
-                    <ButtonEvent name="PressAndHold" />
-                </Button>
-                <Button name="Custom1">
-                    <ButtonEvent name="Press" />
-                    <ButtonEvent name="PressAndHold" />
-                </Button>
-                <Button name="Custom2">
-                    <ButtonEvent name="Press" />
-                    <ButtonEvent name="PressAndHold" />
-                </Button>
-                <Button name="Custom3">
-                    <ButtonEvent name="Press" />
-                    <ButtonEvent name="PressAndHold" />
-                </Button>
-            </ButtonLockdownList>
-            <ButtonRemapList />
-        </Buttons>
-        <MenuItems>
-            <DisableMenuItems/>
-        </MenuItems>
-        <Settings>
-        </Settings>
-        <Tiles>
-            <EnableTileManipulation/>
-        </Tiles>
-        <StartScreenSize>Small</StartScreenSize>
-    </Default>
-</HandheldLockdown>

    CSP Runner

    Allows CSPs to be executed on the device per user role. You can use this to implement role specific policies, such as changing the color scheme when an admin logs on the device, or to set configurations per role.

    +Buttons example: +``` syntax + + + + + + + + + +``` +The Search and custom buttons can be remapped or configured to open a specific application. Button remapping takes effect for the device and applies to all users. +> [!Note] +> The lockdown settings for a button, per user role, will apply regardless of the button mapping. +> +> Button remapping can enable a user to open an application that is not in the Allow list. Use button lock down to prevent application access for a user role. + +To remap a button in lockdown XML, you supply the button name, the button event (typically "press"), and the product ID for the application the button will open. + +``` syntax + + + +``` +**Disabling navigation buttons** +To disable navigation buttons (such as Home or Back) in lockdown XML, you supply the name (for example, Start) and button event (typically "press"). + +The following section contains a sample lockdown XML file that shows how to disable navigation buttons. + +``` syntax + + + + + + + + + Large + + 0 + 0 + + + + + + + + Small + + 2 + 2 + + + + + + + + + + + + + + + + + + + + + + + + + Small + + +``` + +Entry | Description +----------- | ------------ +MenuItems | Use **DisableMenuItems** to prevent use of the context menu, which is displayed when a user presses and holds an application in the All Programs list. You can include this entry in the default profile and in any additional user role profiles that you create. + +> [!Important] +> If **DisableMenuItems** is not included in a profile, users of that profile can uninstall apps. + +MenuItems example: + +``` syntax + + + +``` + +Entry | Description +----------- | ------------ +Tiles | **Turning-on tile manipulation** - By default, under Assigned Access, tile manipulation is turned off (blocked) and only available if enabled in the user’s profile. If tile manipulation is enabled in the user’s profile, they can pin/unpin, move, and resize tiles based on their preferences. When multiple people use one device and you want to enable tile manipulation for multiple users, you must enable it for each user in their user profile. + +> [!Important] +> If a device is turned off then back on, the tiles reset to their predefined layout. If a device has only one profile, the only way to reset the tiles is to turn off then turn on the device. If a device has multiple profiles, the device resets the tiles to the predefined layout based on the logged-in user’s profile. + +The following sample file contains configuration for enabling tile manipulation. + +> [!Note] +> Tile manipulation is disabled when you don’t have a `` node in lockdown XML, or if you have a `` node but don’t have the `` node. + +``` syntax + + + + + + + + + Large + + 0 + 0 + + + + + + + + Small + + 2 + 2 + + + + + + + + + + + + + + + + + + + + + + + + + Small + + +``` + +Entry | Description +----------- | ------------ +CSP Runner | Allows CSPs to be executed on the device per user role. You can use this to implement role specific policies, such as changing the color scheme when an admin logs on the device, or to set configurations per role.   **LockscreenWallpaper/** @@ -739,6 +692,8 @@ Not supported in Windows 10. Use doWipePersistProvisionedData in [RemoteWipe CS **Clock/TimeZone/** An integer that specifies the time zone of the device. The following table shows the possible values. +Supported operations are Get and Replace. + @@ -1166,9 +1121,6 @@ An integer that specifies the time zone of the device. The following table shows
    -  - -Supported operations are Get and Replace. **Locale/Language/** The culture code that identifies the language to display on a device, and specifies the formatting of numbers, currencies, time, and dates. For language values, see [Locale IDs Assigned by Microsoft](http://go.microsoft.com/fwlink/p/?LinkID=189567). @@ -1177,8 +1129,6 @@ The language setting is configured in the Default User profile only. > **Note**  Apply the Locale ID only after the corresponding language packs are built into and supported for the OS image running on the device. The specified language will be applied as the phone language and a restart may be required. -  - Supported operations are Get and Replace. ## OMA client provisioning examples diff --git a/windows/client-management/mdm/enterpriseassignedaccess-ddf.md b/windows/client-management/mdm/enterpriseassignedaccess-ddf.md index e3be505417..f98ed740fe 100644 --- a/windows/client-management/mdm/enterpriseassignedaccess-ddf.md +++ b/windows/client-management/mdm/enterpriseassignedaccess-ddf.md @@ -1,19 +1,14 @@ --- title: EnterpriseAssignedAccess DDF description: EnterpriseAssignedAccess DDF -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 8BD6FB05-E643-4695-99A2-633995884B37 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # EnterpriseAssignedAccess DDF diff --git a/windows/client-management/mdm/enterpriseassignedaccess-xsd.md b/windows/client-management/mdm/enterpriseassignedaccess-xsd.md index a392f31ff1..6d19a5aedd 100644 --- a/windows/client-management/mdm/enterpriseassignedaccess-xsd.md +++ b/windows/client-management/mdm/enterpriseassignedaccess-xsd.md @@ -1,19 +1,14 @@ --- title: EnterpriseAssignedAccess XSD description: EnterpriseAssignedAccess XSD -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: BB3B633E-E361-4B95-9D4A-CE6E08D67ADA -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # EnterpriseAssignedAccess XSD diff --git a/windows/client-management/mdm/enterprisedataprotection-csp.md b/windows/client-management/mdm/enterprisedataprotection-csp.md index 952f1adf5b..d75ed17826 100644 --- a/windows/client-management/mdm/enterprisedataprotection-csp.md +++ b/windows/client-management/mdm/enterprisedataprotection-csp.md @@ -1,19 +1,14 @@ --- title: EnterpriseDataProtection CSP description: The EnterpriseDataProtection configuration service provider (CSP) is used to configure Windows Information Protection (WIP) (formerly known as Enterprise Data Protection) specific settings. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: E2D4467F-A154-4C00-9208-7798EF3E25B3 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # EnterpriseDataProtection CSP The EnterpriseDataProtection configuration service provider (CSP) is used to configure Windows Information Protection (WIP) (formerly known as Enterprise Data Protection) specific settings. For more information about WIP, see [Protect your enterprise data using Windows Information Protection (WIP)](https://technet.microsoft.com/itpro/windows/keep-secure/protect-enterprise-data-using-wip). diff --git a/windows/client-management/mdm/enterprisedataprotection-ddf-file.md b/windows/client-management/mdm/enterprisedataprotection-ddf-file.md index 82b2e74992..a7914046b2 100644 --- a/windows/client-management/mdm/enterprisedataprotection-ddf-file.md +++ b/windows/client-management/mdm/enterprisedataprotection-ddf-file.md @@ -1,19 +1,14 @@ --- title: EnterpriseDataProtection DDF file description: The following topic shows the OMA DM device description framework (DDF) for the EnterpriseDataProtection configuration service provider. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: C6427C52-76F9-4EE0-98F9-DE278529D459 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # EnterpriseDataProtection DDF file The following topic shows the OMA DM device description framework (DDF) for the EnterpriseDataProtection configuration service provider. diff --git a/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md b/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md index 280224890a..bc056caa35 100644 --- a/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md +++ b/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md @@ -1,19 +1,14 @@ --- title: EnterpriseDesktopAppManagement CSP description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # EnterpriseDesktopAppManagement CSP @@ -56,903 +51,92 @@ Executes the download and installation of the application. Value type is string. Status of the application. Value type is string. Supported operation is Get. | Status | Value | -|--- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- -| +|---------------------------|-------| +| Initialized | 10 | +| Download In Progress | 20 | +| Pending Download Retry | 25 | +| Download Failed | 30 | +| Download Completed | 40 | +| Pending User Session | 48 | +| Enforcement In Progress | 50 | +| Pending Enforcement Retry | 55 | +| Enforcement Failed | 60 | +| Enforcement Completed | 70 | + +  + +**MSI/*ProductID*/LastError** +The last error code during the application installation process. This is typically stored as an HRESULT format. Depending on what was occurring when the error happened, this could be the result of executing MSIExec.exe or the error result from an API that failed. + +Value type is string. Supported operation is Get. + +**MSI/*ProductID*/LastErrorDesc** +Contains the last error code description. The LastErrorDesc value is looked up for the matching LastError value. Sometimes there is no LastErrorDesc returned. + +Value type is string. Supported operation is Get. + +**MSI/UpgradeCode** +Added in the March service release of Windows 10, version 1607. + +**MSI/UpgradeCode/_Guid_** +Added in the March service release of Windows 10, version 1607. A gateway (or device management server) uses this method to detect matching upgrade MSI product when a Admin wants to update an existing MSI app. If the same upgrade product is installed, then the update is allowed. + +Value type is string. Supported operation is Get. + + +## Examples + + +**SyncML to request CSP version information** + +``` syntax + + + + 12345 + + + ./Device/Vendor/MSFT/EnterpriseDesktopAppManagement?prop=Type + + + + + + +``` + +The following table describes the fields in the previous sample: + +| Name | Description | +|--------|-------------------------------------------------------------------------------------------------------------------------------| +| Get | Operation being performed. The Get operation is a request to return information. | +| CmdID | Input value used to reference the request. Responses will include this value which can be used to match request and response. | +| LocURI | Path to Win32 CSP command processor. | + +  + +**SyncML to perform MSI operations for application uninstall** + +``` syntax + + + + 12345 + + + ./Device/Vendor/MSFT/EnterpriseDesktopAppManagement/MSI/%7B1803A630-3C38-4D2B-9B9A-0CB37243539C%7D + + + + + + +``` + +The following table describes the fields in the previous sample: + +| Name | Description | +|--------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | Delete | Operation being performed. The Delete operation is a request to delete the CSP node that represents the specified MSI installed application and to perform and uninstall of the application as part of the process. | | CmdID | Input value used to reference the request. Responses will include this value which can be used to match request and response. | | LocURI | Path to Win32 CSP command processor, including the Product ID (in this example, 1803A630-3C38-4D2B-9B9A-0CB37243539C) property escaped for XML formatting. | @@ -980,385 +164,7 @@ author: nibr The following table describes the fields in the previous sample: | Name | Description | -|--- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---|--- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement CSP -description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- -| +|--------|------------------------------------------------------------------------------------------------------------------------------------------------------------| | Get | Operation being performed. The Get operation is a request to report the status of the specified MSI installed application. | | CmdID | Input value used to reference the request. Responses will include this value which can be used to match request and response. | | LocURI | Path to Win32 CSP command processor, including the Product ID (in this example, 1803A630-3C38-4D2B-9B9A-0CB37243539C) property escaped for XML formatting. | diff --git a/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md b/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md index e8910f1b27..5bd96246ec 100644 --- a/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md +++ b/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md @@ -1,19 +1,14 @@ --- title: EnterpriseDesktopAppManagement DDF description: This topic shows the OMA DM device description framework (DDF) for the EnterpriseDesktopAppManagement configuration service provider. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: EF448602-65AC-4D59-A0E8-779876542FE3 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # EnterpriseDesktopAppManagement DDF diff --git a/windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md b/windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md index 6f35447f5e..d5e415b890 100644 --- a/windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md +++ b/windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md @@ -1,19 +1,14 @@ --- title: EnterpriseDesktopAppManagement XSD description: This topic contains the XSD schema file for the EnterpriseDesktopAppManagement configuration service provider’s DownloadInstall parameter. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 60980257-4F48-4A68-8E8E-1EF0A3F090E2 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # EnterpriseDesktopAppManagement XSD @@ -80,455 +75,7 @@ The following table describes the various elements and attributes of the XSD fil   | Name | Description | -|--- -title: EnterpriseDesktopAppManagement XSD -description: This topic contains the XSD schema file for the EnterpriseDesktopAppManagement configuration service provider’s DownloadInstall parameter. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 60980257-4F48-4A68-8E8E-1EF0A3F090E2 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement XSD -description: This topic contains the XSD schema file for the EnterpriseDesktopAppManagement configuration service provider’s DownloadInstall parameter. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 60980257-4F48-4A68-8E8E-1EF0A3F090E2 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement XSD -description: This topic contains the XSD schema file for the EnterpriseDesktopAppManagement configuration service provider’s DownloadInstall parameter. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 60980257-4F48-4A68-8E8E-1EF0A3F090E2 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement XSD -description: This topic contains the XSD schema file for the EnterpriseDesktopAppManagement configuration service provider’s DownloadInstall parameter. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 60980257-4F48-4A68-8E8E-1EF0A3F090E2 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement XSD -description: This topic contains the XSD schema file for the EnterpriseDesktopAppManagement configuration service provider’s DownloadInstall parameter. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 60980257-4F48-4A68-8E8E-1EF0A3F090E2 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement XSD -description: This topic contains the XSD schema file for the EnterpriseDesktopAppManagement configuration service provider’s DownloadInstall parameter. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 60980257-4F48-4A68-8E8E-1EF0A3F090E2 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement XSD -description: This topic contains the XSD schema file for the EnterpriseDesktopAppManagement configuration service provider’s DownloadInstall parameter. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 60980257-4F48-4A68-8E8E-1EF0A3F090E2 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement XSD -description: This topic contains the XSD schema file for the EnterpriseDesktopAppManagement configuration service provider’s DownloadInstall parameter. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 60980257-4F48-4A68-8E8E-1EF0A3F090E2 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement XSD -description: This topic contains the XSD schema file for the EnterpriseDesktopAppManagement configuration service provider’s DownloadInstall parameter. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 60980257-4F48-4A68-8E8E-1EF0A3F090E2 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement XSD -description: This topic contains the XSD schema file for the EnterpriseDesktopAppManagement configuration service provider’s DownloadInstall parameter. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 60980257-4F48-4A68-8E8E-1EF0A3F090E2 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement XSD -description: This topic contains the XSD schema file for the EnterpriseDesktopAppManagement configuration service provider’s DownloadInstall parameter. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 60980257-4F48-4A68-8E8E-1EF0A3F090E2 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement XSD -description: This topic contains the XSD schema file for the EnterpriseDesktopAppManagement configuration service provider’s DownloadInstall parameter. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 60980257-4F48-4A68-8E8E-1EF0A3F090E2 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement XSD -description: This topic contains the XSD schema file for the EnterpriseDesktopAppManagement configuration service provider’s DownloadInstall parameter. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 60980257-4F48-4A68-8E8E-1EF0A3F090E2 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement XSD -description: This topic contains the XSD schema file for the EnterpriseDesktopAppManagement configuration service provider’s DownloadInstall parameter. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 60980257-4F48-4A68-8E8E-1EF0A3F090E2 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement XSD -description: This topic contains the XSD schema file for the EnterpriseDesktopAppManagement configuration service provider’s DownloadInstall parameter. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 60980257-4F48-4A68-8E8E-1EF0A3F090E2 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement XSD -description: This topic contains the XSD schema file for the EnterpriseDesktopAppManagement configuration service provider’s DownloadInstall parameter. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 60980257-4F48-4A68-8E8E-1EF0A3F090E2 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement XSD -description: This topic contains the XSD schema file for the EnterpriseDesktopAppManagement configuration service provider’s DownloadInstall parameter. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 60980257-4F48-4A68-8E8E-1EF0A3F090E2 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement XSD -description: This topic contains the XSD schema file for the EnterpriseDesktopAppManagement configuration service provider’s DownloadInstall parameter. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 60980257-4F48-4A68-8E8E-1EF0A3F090E2 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement XSD -description: This topic contains the XSD schema file for the EnterpriseDesktopAppManagement configuration service provider’s DownloadInstall parameter. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 60980257-4F48-4A68-8E8E-1EF0A3F090E2 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement XSD -description: This topic contains the XSD schema file for the EnterpriseDesktopAppManagement configuration service provider’s DownloadInstall parameter. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 60980257-4F48-4A68-8E8E-1EF0A3F090E2 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement XSD -description: This topic contains the XSD schema file for the EnterpriseDesktopAppManagement configuration service provider’s DownloadInstall parameter. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 60980257-4F48-4A68-8E8E-1EF0A3F090E2 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement XSD -description: This topic contains the XSD schema file for the EnterpriseDesktopAppManagement configuration service provider’s DownloadInstall parameter. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 60980257-4F48-4A68-8E8E-1EF0A3F090E2 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement XSD -description: This topic contains the XSD schema file for the EnterpriseDesktopAppManagement configuration service provider’s DownloadInstall parameter. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 60980257-4F48-4A68-8E8E-1EF0A3F090E2 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement XSD -description: This topic contains the XSD schema file for the EnterpriseDesktopAppManagement configuration service provider’s DownloadInstall parameter. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 60980257-4F48-4A68-8E8E-1EF0A3F090E2 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement XSD -description: This topic contains the XSD schema file for the EnterpriseDesktopAppManagement configuration service provider’s DownloadInstall parameter. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 60980257-4F48-4A68-8E8E-1EF0A3F090E2 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement XSD -description: This topic contains the XSD schema file for the EnterpriseDesktopAppManagement configuration service provider’s DownloadInstall parameter. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 60980257-4F48-4A68-8E8E-1EF0A3F090E2 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement XSD -description: This topic contains the XSD schema file for the EnterpriseDesktopAppManagement configuration service provider’s DownloadInstall parameter. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 60980257-4F48-4A68-8E8E-1EF0A3F090E2 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement XSD -description: This topic contains the XSD schema file for the EnterpriseDesktopAppManagement configuration service provider’s DownloadInstall parameter. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 60980257-4F48-4A68-8E8E-1EF0A3F090E2 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement XSD -description: This topic contains the XSD schema file for the EnterpriseDesktopAppManagement configuration service provider’s DownloadInstall parameter. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 60980257-4F48-4A68-8E8E-1EF0A3F090E2 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement XSD -description: This topic contains the XSD schema file for the EnterpriseDesktopAppManagement configuration service provider’s DownloadInstall parameter. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 60980257-4F48-4A68-8E8E-1EF0A3F090E2 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement XSD -description: This topic contains the XSD schema file for the EnterpriseDesktopAppManagement configuration service provider’s DownloadInstall parameter. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 60980257-4F48-4A68-8E8E-1EF0A3F090E2 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: EnterpriseDesktopAppManagement XSD -description: This topic contains the XSD schema file for the EnterpriseDesktopAppManagement configuration service provider’s DownloadInstall parameter. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 60980257-4F48-4A68-8E8E-1EF0A3F090E2 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ----| +|----------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | MsiInstallJob | Root element | | id | The application identifier for the application being installed. | | Product | Child element of MsiInstallJob | diff --git a/windows/client-management/mdm/enterpriseext-csp.md b/windows/client-management/mdm/enterpriseext-csp.md index 6f2f3601b5..2bb98165d4 100644 --- a/windows/client-management/mdm/enterpriseext-csp.md +++ b/windows/client-management/mdm/enterpriseext-csp.md @@ -1,19 +1,14 @@ --- title: EnterpriseExt CSP description: EnterpriseExt CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: ACA5CD79-BBD5-4DD1-86DA-0285B93982BD -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # EnterpriseExt CSP diff --git a/windows/client-management/mdm/enterpriseext-ddf.md b/windows/client-management/mdm/enterpriseext-ddf.md index 00d7cae2af..06bc4c0198 100644 --- a/windows/client-management/mdm/enterpriseext-ddf.md +++ b/windows/client-management/mdm/enterpriseext-ddf.md @@ -1,19 +1,14 @@ --- title: EnterpriseExt DDF description: EnterpriseExt DDF -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 71BF81D4-FBEC-4B03-BF99-F7A5EDD4F91B -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # EnterpriseExt DDF diff --git a/windows/client-management/mdm/enterpriseextfilessystem-csp.md b/windows/client-management/mdm/enterpriseextfilessystem-csp.md index f26af6f373..f6b332a182 100644 --- a/windows/client-management/mdm/enterpriseextfilessystem-csp.md +++ b/windows/client-management/mdm/enterpriseextfilessystem-csp.md @@ -1,19 +1,14 @@ --- title: EnterpriseExtFileSystem CSP description: EnterpriseExtFileSystem CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: F773AD72-A800-481A-A9E2-899BA56F4426 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # EnterpriseExtFileSystem CSP diff --git a/windows/client-management/mdm/enterpriseextfilesystem-ddf.md b/windows/client-management/mdm/enterpriseextfilesystem-ddf.md index 8c9b96880a..dc371ba33a 100644 --- a/windows/client-management/mdm/enterpriseextfilesystem-ddf.md +++ b/windows/client-management/mdm/enterpriseextfilesystem-ddf.md @@ -1,19 +1,14 @@ --- title: EnterpriseExtFileSystem DDF description: EnterpriseExtFileSystem DDF -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 2D292E4B-15EE-4AEB-8884-6FEE8B92D2D1 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # EnterpriseExtFileSystem DDF diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md index c4d3735bbc..23fea75c17 100644 --- a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md +++ b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md @@ -1,19 +1,14 @@ --- title: EnterpriseModernAppManagement CSP description: EnterpriseModernAppManagement CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 9DD0741A-A229-41A0-A85A-93E185207C42 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # EnterpriseModernAppManagement CSP The EnterpriseModernAppManagement configuration service provider (CSP) is used for the provisioning and reporting of modern enterprise apps. For details about how to use this CSP to for reporting apps inventory, installation and removal of apps for users, provisioning apps to devices, and managing app licenses, see [Enterprise app management](enterprise-app-management.md). @@ -181,21 +176,35 @@ The following image shows the EnterpriseModernAppManagement configuration servic

    Supported operations are Get and Delete. -**.../*PackageFamilyName*/****_PackageFullName_** +**.../****_PackageFamilyName_** +

    Optional. Package family name (PFN) of the app. There is one for each PFN on the device when reporting inventory. These items are rooted under their signing origin. + +

    Supported operations are Get and Delete. + +> [!Note] +> XAP files use a product ID in place of PackageFamilyName. Here's an example of XAP product ID (including the braces), {12345678-9012-3456-7890-123456789012}. + + +

    Here's an example for uninstalling an app: + +``` syntax + + + + + 2 + + + ./User/Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/%7b12345678-9012-3456-7890-123456789012%7D + + + + + + +``` + +**.../*PackageFamilyName*/****_PackageFullName_**

    Optional. Full name of the package installed.

    Supported operations are Get and Delete. @@ -204,40 +213,22 @@ author: nibr > XAP files use a product ID in place of PackageFullName. Here's an example of XAP product ID (including the braces), {12345678-9012-3456-7890-123456789012}.   -**.../*PackageFamilyName*/*PackageFullName*/Version** +**.../*PackageFamilyName*/*PackageFullName*/Name** +

    Required. Name of the app. Value type is string. + +

    Supported operation is Get. + +**.../*PackageFamilyName*/*PackageFullName*/Version**

    Required. Version of the app. Value type is string.

    Supported operation is Get. -**.../*PackageFamilyName*/*PackageFullName*/Architecture** +**.../*PackageFamilyName*/*PackageFullName*/Publisher** +

    Required. Publisher name of the app. Value type is string. + +

    Supported operation is Get. + +**.../*PackageFamilyName*/*PackageFullName*/Architecture**

    Required. Architecture of installed package. Value type is string. > [!Note] @@ -247,21 +238,17 @@ author: nibr

    Supported operation is Get. -**.../*PackageFamilyName*/*PackageFullName*/IsFramework** +**.../*PackageFamilyName*/*PackageFullName*/InstallLocation** +

    Required. Install location of the app on the device. Value type is string. + +> [!Note] +> Not applicable to XAP files. + +  + +

    Supported operation is Get. + +**.../*PackageFamilyName*/*PackageFullName*/IsFramework**

    Required. Whether or not the app is a framework package. Value type is int. The value is 1 if the app is a framework package and 0 (zero) for all other cases. > [!Note] @@ -270,40 +257,26 @@ author: nibr  

    Supported operation is Get. -**.../*PackageFamilyName*/*PackageFullName*/InstallDate** +**.../*PackageFamilyName*/*PackageFullName*/IsBundle** +

    Required. The value is 1 if the package is an app bundle and 0 (zero) for all other cases. Value type is int. + +

    Supported operation is Get. + +**.../*PackageFamilyName*/*PackageFullName*/InstallDate**

    Required. Date the app was installed. Value type is string.

    Supported operation is Get. -**.../*PackageFamilyName*/*PackageFullName*/PackageStatus** +**.../*PackageFamilyName*/*PackageFullName*/ResourceID** +

    Required. Resource ID of the app. This is null for the main app, ~ for a bundle, and contains resource information for resources packages. Value type is string. + +> [!Note] +> Not applicable to XAP files. + +  +

    Supported operation is Get. + +**.../*PackageFamilyName*/*PackageFullName*/PackageStatus**

    Required. Provides information about the status of the package. Value type is int. Valid values are: - OK (0) - The package is usable. @@ -319,87 +292,34 @@ author: nibr

    Supported operation is Get. -**.../*PackageFamilyName*/*PackageFullName*/Users** +**.../*PackageFamilyName*/*PackageFullName*/RequiresReinstall** +

    Required. Specifies whether the package state has changed and requires a reinstallation of the app. This can occur when new app resources are required, such as when a device has a change in language preference or a new DPI. It can also occur of the package was corrupted. If the value is 1, reinstallation of the app is performed. Value type is int. + +> [!Note] +> Not applicable to XAP files. + +  +

    Supported operation is Get. + +**.../*PackageFamilyName*/*PackageFullName*/Users**

    Required. Registered users of the app. If the query is at the device level, it returns all the registered users of the device. If you query the user context, it will only return the current user. Value type is string.

    Supported operation is Get. -**.../*PackageFamilyName*/DoNotUpdate** +**.../*PackageFamilyName*/*PackageFullName*/IsProvisioned** +

    Required. The value is 0 or 1 that indicates if the app is provisioned on the device. The value type is int. + +

    Supported operation is Get. + +**.../*PackageFamilyName*/DoNotUpdate**

    Required. Specifies whether you want to block a specific app from being updated via auto-updates.

    Supported operations are Add, Get, Delete, and Replace. -**.../*PackageFamilyName*/AppSettingPolicy/****_SettingValue_** (only for ./User/Vendor/MSFT) +**.../*PackageFamilyName*/AppSettingPolicy** (only for ./User/Vendor/MSFT) +

    Added in Windows 10, version 1511. Interior node for all managed app setting values. This node is only supported in the user context. + +**.../*PackageFamilyName*/AppSettingPolicy/****_SettingValue_** (only for ./User/Vendor/MSFT)

    Added in Windows 10, version 1511. The *SettingValue* and data represent a key value pair to be configured for the app. The node represents the name of the key and the data represents the value. You can find this value in LocalSettings in the Managed.App.Settings container.

    This setting only works for apps that support the feature and it is only supported in the user context. diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md b/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md index f9fc49875e..4da9c4b384 100644 --- a/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md +++ b/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md @@ -1,19 +1,14 @@ --- title: EnterpriseModernAppManagement DDF description: EnterpriseModernAppManagement DDF -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # EnterpriseModernAppManagement DDF This topic shows the OMA DM device description framework (DDF) for the **EnterpriseModernAppManagement** configuration service provider. DDF files are used only with OMA DM provisioning XML. diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md b/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md index 8ab16e33a8..74d0c2cb31 100644 --- a/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md +++ b/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md @@ -1,19 +1,14 @@ --- title: EnterpriseModernAppManagement XSD description: Here is the XSD for the application parameters. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: D393D094-25E5-4E66-A60F-B59CC312BF57 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # EnterpriseModernAppManagement XSD diff --git a/windows/client-management/mdm/federated-authentication-device-enrollment.md b/windows/client-management/mdm/federated-authentication-device-enrollment.md index 40c43cf019..4855aaefd7 100644 --- a/windows/client-management/mdm/federated-authentication-device-enrollment.md +++ b/windows/client-management/mdm/federated-authentication-device-enrollment.md @@ -1,19 +1,14 @@ --- title: Federated authentication device enrollment description: This section provides an example of the mobile device enrollment protocol using federated authentication policy. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 049ECA6E-1AF5-4CB2-8F1C-A5F22D722DAA -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Federated authentication device enrollment diff --git a/windows/client-management/mdm/filesystem-csp.md b/windows/client-management/mdm/filesystem-csp.md index d98c7d1234..7b22236bf3 100644 --- a/windows/client-management/mdm/filesystem-csp.md +++ b/windows/client-management/mdm/filesystem-csp.md @@ -1,19 +1,14 @@ --- title: FileSystem CSP description: FileSystem CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 9117ee16-ca7a-4efa-9270-c9ac8547e541 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # FileSystem CSP diff --git a/windows/client-management/mdm/firewall-csp.md b/windows/client-management/mdm/firewall-csp.md new file mode 100644 index 0000000000..e621f09ad8 --- /dev/null +++ b/windows/client-management/mdm/firewall-csp.md @@ -0,0 +1,282 @@ +--- +title: Firewall CSP +description: Firewall CSP +ms.author: maricia +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: nickbrower +--- + +# Firewall CSP + +> [!WARNING] +> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. + +The Firewall configuration service provider (CSP) allows the mobile device management (MDM) server to configure the Windows Defender Firewall global settings, per profile settings, as well as the desired set of custom rules to be enforced on the device. Using the Firewall CSP the IT admin can now manage non-domain devices, and reduce the risk of network security threats across all systems connecting to the corporate network. This CSP is new in the next major update to Windows 10. + +Firewall configuration commands must be wrapped in an Atomic block in SyncML. + +For detailed information on some of the fields below see [[MS-FASP]: Firewall and Advanced Security Protocol documentation](https://msdn.microsoft.com/en-us/library/mt620101.aspx). + +The following diagram shows the Firewall configuration service provider in tree format. + +![firewall csp](images/provisioning-csp-firewall.png) + +**./Vendor/MSFT/Firewall** +

    Root node for the Firewall configuration service provider.

    + +**MdmStore** +

    Interior node.

    +

    Supported operation is Get.

    + +**MdmStore/Global** +

    Interior node.

    +

    Supported operations are Get and Replace.

    + +**MdmStore/Global/PolicyVersionSupported** +

    DWORD value that contains the maximum policy version that the server host can accept. The version number is two octets in size. The lowest-order octet is the minor version; the second-to-lowest octet is the major version. This value is not merged and is always a fixed value for a particular firewall and advanced security components software build.

    +

    Value type in integer. Supported operation is Get.

    + +**MdmStore/Global/CurrentProfiles** +

    DWORD value that contains a bitmask of the current enforced profiles that are maintained by the server firewall host. See FW_PROFILE_TYPE for the bitmasks that are used to identify profile types. This value is available only in the dynamic store; therefore, it is not merged and has no merge law.

    +

    Value type in integer. Supported operation is Get.

    + +**MdmStore/Global/DisableStatefulFtp** +

    This value is an on/off switch. If off, the firewall performs stateful File Transfer Protocol (FTP) filtering to allow secondary connections. The value is a DWORD; 0x00000000 means off; 0x00000001 means on. The merge law for this option is to let "on" values win.

    +

    Boolean value. Supported operations are Get and Replace.

    + +**MdmStore/Global/SaIdleTime** +

    This value configures the security association idle time, in seconds. Security associations are deleted after network traffic is not seen for this specified period of time. The value is a DWORD and MUST be a value in the range of 300 to 3,600 inclusive. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, use the local store value.<

    +

    Value type is integer. Supported operations are Get and Replace.

    + +**MdmStore/Global/TPresharedKeyEncodingBD** +

    Specifies the preshared key encoding that is used. The value is a DWORD and MUST be a valid value from the PRESHARED_KEY_ENCODING_VALUES enumeration. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, use the local store value.

    +

    Value type is integer. Supported operations are Get and Replace.

    + +**MdmStore/Global/IPsecExempt** +

    This configuration value configures IPsec exceptions. The value is a DWORD and MUST be a combination of the valid flags that are defined in IPSEC_EXEMPT_VALUES; therefore, the maximum value MUST always be IPSEC_EXEMPT_MAX-1 for servers supporting a schema version of 0x0201 and IPSEC_EXEMPT_MAX_V2_0-1 for servers supporting a schema version of 0x0200. If the maximum value is exceeded when the method RRPC_FWSetGlobalConfig (Opnum 4) is called, the method returns ERROR_INVALID_PARAMETER. This error code is returned if no other preceding error is discovered. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, use the local store value.

    +

    Value type is integer. Supported operations are Get and Replace.

    + +**MdmStore/Global/CRLcheck** +

    This value specifies how certificate revocation list (CRL) verification is enforced. The value is a DWORD and MUST be 0, 1, or 2. A value of 0 disables CRL checking. A value of 1 specifies that CRL checking is attempted and that certificate validation fails only if the certificate is revoked. Other failures that are encountered during CRL checking (such as the revocation URL being unreachable) do not cause certificate validation to fail. A value of 2 means that checking is required and that certificate validation fails if any error is encountered during CRL processing. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, use the local store value.

    +

    Value type is integer. Supported operations are Get and Replace.

    + +**MdmStore/Global/PolicyVersion** +

    This value contains the policy version of the policy store being managed. This value is not merged and therefore, has no merge law.

    +

    Value type is string. Supported operation is Get.

    + +**MdmStore/Global/BinaryVersionSupported** +

    This value contains the binary version of the structures and data types that are supported by the server. This value is not merged. In addition, this value is always a fixed value for a specific firewall and advanced security component's software build. This value identifies a policy configuration option that is supported only on servers that have a schema version of 0x0201.

    +

    Value type is string. Supported operation is Get.

    + +**MdmStore/Global/OpportunisticallyMatchAuthSetPerKM** +

    This value is a DWORD used as an on/off switch. When this option is off, keying modules MUST ignore the entire authentication set if they do not support all of the authentication suites specified in the set. When this option is on, keying modules MUST ignore only the authentication suites that they don’t support. For schema versions 0x0200, 0x0201, and 0x020A, this value is invalid and MUST NOT be used.

    +

    Boolean value. Supported operations are Get and Replace.

    + +**MdmStore/Global/EnablePacketQueue** +

    This value specifies how scaling for the software on the receive side is enabled for both the encrypted receive and clear text forward path for the IPsec tunnel gateway scenario. Use of this option also ensures that the packet order is preserved. The data type for this option value is a DWORD and is a combination of flags. A value of 0x00 indicates that all queuing is to be disabled. A value of 0x01 specifies that inbound encrypted packets are to be queued. A value of 0x02 specifies that packets are to be queued after decryption is performed for forwarding.

    +

    Value type is integer. Supported operations are Get and Replace.

    + +**MdmStore/DomainProfile** +

    Interior node. Supported operation is Get.

    + +**MdmStore/PrivateProfile** +

    Interior node. Supported operation is Get.

    + +**MdmStore/PublicProfile** +

    Interior node. Supported operation is Get.

    + +**/EnableFirewall** +

    This value is an on/off switch for the firewall and advanced security enforcement. It is a DWORD type value; 0x00000000 is off; 0x00000001 is on. If this value is off, the server MUST NOT block any network traffic, regardless of other policy settings. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.

    +

    Value type is integer. Supported operations are Get and Replace.

    + +**/DisableStealthMode** +

    This value is a DWORD used as an on/off switch. When this option is off, the server operates in stealth mode. The firewall rules used to enforce stealth mode are implementation-specific. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.

    +

    Value type is integer. Supported operations are Get and Replace.

    + +**/Shielded** +

    This value is a DWORD used as an on/off switch. If this value is on and EnableFirewall is on, the server MUST block all incoming traffic regardless of other policy settings. The merge law for this option is to let "on" values win.

    +

    Value type is integer. Supported operations are Get and Replace.

    + +**/DisableUnicastResponsesToMulticastBroadcast** +

    This value is a DWORD used as an on/off switch. If it is on, unicast responses to multicast broadcast traffic is blocked. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.

    +

    Value type is integer. Supported operations are Get and Replace.

    + +**/DisableInboundNotifications** +

    This value is a DWORD used as an on/off switch. If this value is off, the firewall MAY display a notification to the user when an application is blocked from listening on a port. If this value is on, the firewall MUST NOT display such a notification. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.

    +

    Value type is integer. Supported operations are Get and Replace.

    + +**/AuthAppsAllowUserPrefMerge** +

    This value is a DWORD used as an on/off switch. If this value is off, authorized application firewall rules in the local store are ignored and not enforced. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.

    +

    Value type is integer. Supported operations are Get and Replace.

    + +**/GlobalPortsAllowUserPrefMerge** +

    This value is a DWORD used as an on/off switch. If this value is off, global port firewall rules in the local store are ignored and not enforced. The setting only has meaning if it is set or enumerated in the Group Policy store or if it is enumerated from the GroupPolicyRSoPStore. The merge law for this option is to let the value GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.

    +

    Value type is integer. Supported operations are Get and Replace.

    + +**/AllowLocalPolicyMerge** +

    This value is a DWORD used as an on/off switch. If this value is off, firewall rules from the local store are ignored and not enforced. The merge law for this option is to always use the value of the GroupPolicyRSoPStore. This value is valid for all schema versions.

    +

    Value type is integer. Supported operations are Get and Replace.

    + +**/AllowLocalIpsecPolicyMerge** +

    This value is a DWORD; it is an on/off switch. If this value is off, connection security rules from the local store are ignored and not enforced, regardless of the schema version and connection security rule version. The merge law for this option is to always use the value of the GroupPolicyRSoPStore.

    +

    Value type is integer. Supported operations are Get and Replace.

    + +**/DefaultOutboundAction** +

    This value is the action that the firewall does by default (and evaluates at the very end) on outbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.

    +

    Value type is integer. Supported operations are Get and Replace.

    + +**/DefaultInboundAction** +

    This value is the action that the firewall does by default (and evaluates at the very end) on inbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. The merge law for this option is to let the value of the GroupPolicyRSoPStore.win if it is configured; otherwise, the local store value is used.

    +

    Value type is integer. Supported operations are Get and Replace.

    + +**/DisableStealthModeIpsecSecuredPacketExemption** +

    This value is a DWORD used as an on/off switch. This option is ignored if DisableStealthMode is on. Otherwise, when this option is on, the firewall's stealth mode rules MUST NOT prevent the host computer from responding to unsolicited network traffic if that traffic is secured by IPsec. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. For schema versions 0x0200, 0x0201, and 0x020A, this value is invalid and MUST NOT be used.

    +

    Value type is integer. Supported operations are Get and Replace.

    + +**FirewallRules** +

    A list of rules controlling traffic through the Windows Firewall. Each Rule ID is OR'ed. Within each rule ID each Filter type is AND'ed.

    + +**FirewallRules/_FirewallRuleName_** +

    Unique alpha numeric identifier for the rule. The rule name must not include a forward slash (/).

    + +**FirewallRules/_FirewallRuleName_/App** +

    Rules that control connections for an app, program, or service. Specified based on the intersection of the following nodes:

    +
      +
    • PackageFamilyName
      • +
    • FilePath
      • +
    • FQBN
      • +
    • ServiceName
      • +
    +

    Supported operation is Get.

    + +**FirewallRules/_FirewallRuleName_/App/PackageFamilyName** +

    This App/Id value represents the PackageFamilyName of the app. The PackageFamilyName is the unique name of a Windows Store application.

    +

    Value type is string. Supported operations are Add, Get, Replace, and Delete.

    + +**FirewallRules/_FirewallRuleName_/App/FilePath** +

    This App/Id value represents the full file path of the app. For example, C:\Windows\System\Notepad.exe.

    +

    Value type is string. Supported operations are Add, Get, Replace, and Delete.

    + +**FirewallRules/_FirewallRuleName_/App/Fqbn** +

    Fully Qualified Binary Name

    +

    Value type is string. Supported operations are Add, Get, Replace, and Delete.

    + +**FirewallRules/_FirewallRuleName_/App/ServiceName** +

    This is a service name used in cases when a service, not an application, is sending or receiving traffic.

    +

    Value type is string. Supported operations are Add, Get, Replace, and Delete.

    + +**FirewallRules/_FirewallRuleName_/Protocol** +

    0-255 number representing the ip protocol (TCP = 6, UDP = 17)

    +

    Value type is integer. Supported operations are Add, Get, Replace, and Delete.

    + +**FirewallRules/_FirewallRuleName_/LocalPortRanges** +

    Comma separated list of ranges. For example, 100-120,200,300-320.

    +

    Value type is string. Supported operations are Add, Get, Replace, and Delete.

    + +**FirewallRules/_FirewallRuleName_/RemotePortRanges** +

    Comma separated list of ranges, For example, 100-120,200,300-320.

    +

    Value type is string. Supported operations are Add, Get, Replace, and Delete.

    + +**FirewallRules/_FirewallRuleName_/LocalAddressRanges** +

    Comma separated list of local addresses covered by the rule. The default value is "\*". Valid tokens include:

    +
      +
    • "\*" indicates any local address. If present, this must be the only token included.
      • +
    • A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask not a network prefix is specified, the subnet mask defaults to 255.255.255.255.
      • +
    • A valid IPv6 address.
      • +
    • An IPv4 address range in the format of "start address - end address" with no spaces included.
      • +
    • An IPv6 address range in the format of "start address - end address" with no spaces included.
      • +
    +

    Value type is string. Supported operations are Add, Get, Replace, and Delete.

    + +**FirewallRules/_FirewallRuleName_/RemoteAddressRanges** +

    List of comma separated tokens specifying the remote addresses covered by the rule. The default value is "\*". Valid tokens include:

    +
      +
    • "\*" indicates any remote address. If present, this must be the only token included.
      • +
    • "Defaultgateway"
      • +
    • "DHCP"
      • +
    • "DNS"
      • +
    • "WINS"
      • +
    • "Intranet"
      • +
    • "RemoteCorpNetwork"
      • +
    • "Internet"
      • +
    • "PlayToRenderers"
      • +
    • "LocalSubnet" indicates any local address on the local subnet. This token is not case-sensitive.
      • +
    • A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask not a network prefix is specified, the subnet mask defaults to 255.255.255.255.
      • +
    • A valid IPv6 address.
      • +
    • An IPv4 address range in the format of "start address - end address" with no spaces included.
      • +
    • An IPv6 address range in the format of "start address - end address" with no spaces included.
      • +
    +

    Value type is string. Supported operations are Add, Get, Replace, and Delete.

    + +**FirewallRules/_FirewallRuleName_/Description** +

    Specifies the description of the rule.

    +

    Value type is string. Supported operations are Add, Get, Replace, and Delete.

    + +**FirewallRules/_FirewallRuleName_/Enabled** +

    Indicates whether the rule is enabled or disabled. If the rule must be enabled, this value must be set to true. +If not specified - a new rule is disabled by default.

    +

    Boolean value. Supported operations are Add, Get, Replace, and Delete.

    + +**FirewallRules_FirewallRuleName_/Profiles** +

    Specifies the profiles to which the rule belongs: Domain, Private, Public. . See FW_PROFILE_TYPE for the bitmasks that are used to identify profile types.

    + +

    Value type is integer. Supported operations are Add, Get, Replace, and Delete.

    + +**FirewallRules/_FirewallRuleName_/Action** +

    Specifies the action for the rule.

    +

    Supported operation is Get.

    + +**FirewallRules/_FirewallRuleName_/Action/Type** +

    Specifies the action the rule enforces. Supported values:

    +
      +
    • 0 - Block
      • +
    • 1 - Allow
      • +
    +

    Value type is integer. Supported operations are Add, Get, Replace, and Delete.

    + +**FirewallRules/_FirewallRuleName_/Direction** +

    Comma separated list. The rule is enabled based on the traffic direction as following. Supported values:

    +
      +
    • IN - the rule applies to inbound traffic.
      • +
    • OUT - the rule applies to outbound traffic.
      • +
    • If not specified, the default is IN.
      • +
    +

    Value type is string. Supported operations are Add, Get, Replace, and Delete.

    + +**FirewallRules/FirewallRuleName/InterfaceTypes** +

    Comma separated list of interface types. Valid values:

    +
      +
    • RemoteAccess
      • +
    • Wireless
      • +
    • MobileBroadband
      • +
    • All
      • +
    +

    Value type is string. Supported operations are Add, Get, Replace, and Delete.

    + +**FirewallRules/_FirewallRuleName_/IcmpTypesAndCodes** +

    List of ICMP types and codes separated by semicolon. "\*" indicates all ICMP types and codes.<

    +

    Value type is string. Supported operations are Add, Get, Replace, and Delete.

    + +**FirewallRules/_FirewallRuleName_/EdgeTraversal** +

    Indicates whether edge traversal is enabled or disabled for this rule.

    +

    The EdgeTraversal setting indicates that specific inbound traffic is allowed to tunnel through NATs and other edge devices using the Teredo tunneling technology. In order for this setting to work correctly, the application or service with the inbound firewall rule needs to support IPv6. The primary application of this setting allows listeners on the host to be globally addressable through a Teredo IPv6 address.

    +

    New rules have the EdgeTraversal property disabled by default.

    +

    Boolean value. Supported operations are Add, Get, Replace, and Delete.

    + +**FirewallRules/_FirewallRuleName_/LocalUserAuthorizedList** +

    Specifies the list of authorized local users for the app container. This is a string in Security Descriptor Definition Language (SDDL) format.

    +

    Value type is string. Supported operations are Add, Get, Replace, and Delete.

    + +**FirewallRules/_FirewallRuleName_/Status** +

    Provides information about the specific verrsion of the rule in deployment for monitoring purposes.

    +

    Value type is string. Supported operation is Get.

    + +**FirewallRules/_FirewallRuleName_/FriendlyName** +

    Specifies the friendly name of the rule. The string must not contain the "|" character.

    +

    Value type is string. Supported operations are Add, Get, Replace, and Delete.

    + +**FirewallRules/_FirewallRuleName_/Name** +

    Name of the rule.

    +

    Value type is string. Supported operations are Add, Get, Replace, and Delete.

    diff --git a/windows/client-management/mdm/firewall-ddf-file.md b/windows/client-management/mdm/firewall-ddf-file.md new file mode 100644 index 0000000000..ced7194e3a --- /dev/null +++ b/windows/client-management/mdm/firewall-ddf-file.md @@ -0,0 +1,1815 @@ +--- +title: Firewall DDF file +description: Firewall DDF file +ms.author: maricia +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: nickbrower +--- + +# Firewall CSP + +> [!WARNING] +> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. + +This topic shows the OMA DM device description framework (DDF) for the **Firewall** configuration service provider. DDF files are used only with OMA DM provisioning XML. + +``` syntax + +]> + + 1.2 + + Firewall + ./Vendor/MSFT + + + + + + + + + + + + + + + + + + + MdmStore + + + + + + + + + + + + + + + + + + + Global + + + + + + + + + + + + + + + + + + + + PolicyVersionSupported + + + + + This value is a DWORD containing the maximum policy version that the server host can accept. The version number is two octets in size. The lowest-order octet is the minor version; the second-to-lowest octet is the major version. This value is not merged and is always a fixed value for a particular firewall and advanced security components software build. + + + + + + + + + + + text/plain + + + + + CurrentProfiles + + + + + This value is a DWORD and contains a bitmask of the current enforced profiles that are maintained by the server firewall host. See FW_PROFILE_TYPE for the bitmasks that are used to identify profile types. This value is available only in the dynamic store; therefore, it is not merged and has no merge law. + + + + + + + + + + + text/plain + + + + + DisableStatefulFtp + + + + + + This value is an on/off switch. If off, the firewall performs stateful File Transfer Protocol (FTP) filtering to allow secondary connections. The value is a DWORD; 0x00000000 means off; 0x00000001 means on. The merge law for this option is to let "on" values win. + + + + + + + + + + + text/plain + + + + + SaIdleTime + + + + + + This value configures the security association idle time, in seconds. Security associations are deleted after network traffic is not seen for this specified period of time. The value is a DWORD and MUST be a value in the range of 300 to 3,600 inclusive. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, use the local store value. + + + + + + + + + + + text/plain + + + + + PresharedKeyEncoding + + + + + + This configuration value specifies the preshared key encoding that is used. The value is a DWORD and MUST be a valid value from the PRESHARED_KEY_ENCODING_VALUES enumeration. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, use the local store value. + + + + + + + + + + + text/plain + + + + + IPsecExempt + + + + + + This configuration value configures IPsec exceptions. The value is a DWORD and MUST be a combination of the valid flags that are defined in IPSEC_EXEMPT_VALUES; therefore, the maximum value MUST always be IPSEC_EXEMPT_MAX-1 for servers supporting a schema version of 0x0201 and IPSEC_EXEMPT_MAX_V2_0-1 for servers supporting a schema version of 0x0200. If the maximum value is exceeded when the method RRPC_FWSetGlobalConfig (Opnum 4) is called, the method returns ERROR_INVALID_PARAMETER. This error code is returned if no other preceding error is discovered. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, use the local store value. + + + + + + + + + + + text/plain + + + + + CRLcheck + + + + + + This value specifies how certificate revocation list (CRL) verification is enforced. The value is a DWORD and MUST be 0, 1, or 2. A value of 0 disables CRL checking. A value of 1 specifies that CRL checking is attempted and that certificate validation fails only if the certificate is revoked. Other failures that are encountered during CRL checking (such as the revocation URL being unreachable) do not cause certificate validation to fail. A value of 2 means that checking is required and that certificate validation fails if any error is encountered during CRL processing. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, use the local store value. + + + + + + + + + + + text/plain + + + + + PolicyVersion + + + + + This value contains the policy version of the policy store being managed. This value is not merged and therefore, has no merge law. + + + + + + + + + + + text/plain + + + + + BinaryVersionSupported + + + + + This value contains the binary version of the structures and data types that are supported by the server. This value is not merged. In addition, this value is always a fixed value for a specific firewall and advanced security component's software build. This value identifies a policy configuration option that is supported only on servers that have a schema version of 0x0201. + + + + + + + + + + + text/plain + + + + + OpportunisticallyMatchAuthSetPerKM + + + + + + This value is a DWORD used as an on/off switch. When this option is off, keying modules MUST ignore the entire authentication set if they do not support all of the authentication suites specified in the set. When this option is on, keying modules MUST ignore only the authentication suites that they do not support. For schema versions 0x0200, 0x0201, and 0x020A, this value is invalid and MUST NOT be used. + + + + + + + + + + + text/plain + + + + + EnablePacketQueue + + + + + + This value specifies how scaling for the software on the receive side is enabled for both the encrypted receive and clear text forward path for the IPsec tunnel gateway scenario. Use of this option also ensures that the packet order is preserved. The data type for this option value is a DWORD and is a combination of flags. A value of 0x00 indicates that all queuing is to be disabled. A value of 0x01 specifies that inbound encrypted packets are to be queued. A value of 0x02 specifies that packets are to be queued after decryption is performed for forwarding. + + + + + + + + + + + text/plain + + + + + + DomainProfile + + + + + + + + + + + + + + + + + + + EnableFirewall + + + + + + This value is an on/off switch for the firewall and advanced security enforcement. It is a DWORD type value; 0x00000000 is off; 0x00000001 is on. If this value is off, the server MUST NOT block any network traffic, regardless of other policy settings. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. + + + + + + + + + + + text/plain + + + + + DisableStealthMode + + + + + + This value is a DWORD used as an on/off switch. When this option is off, the server operates in stealth mode. The firewall rules used to enforce stealth mode are implementation-specific. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. + + + + + + + + + + + text/plain + + + + + Shielded + + + + + + This value is a DWORD used as an on/off switch. If this value is on and EnableFirewall is on, the server MUST block all incoming traffic regardless of other policy settings. The merge law for this option is to let "on" values win. + + + + + + + + + + + text/plain + + + + + DisableUnicastResponsesToMulticastBroadcast + + + + + + This value is a DWORD used as an on/off switch. If it is on, unicast responses to multicast broadcast traffic is blocked. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. + + + + + + + + + + + text/plain + + + + + DisableInboundNotifications + + + + + + This value is a DWORD used as an on/off switch. If this value is off, the firewall MAY display a notification to the user when an application is blocked from listening on a port. If this value is on, the firewall MUST NOT display such a notification. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. + + + + + + + + + + + text/plain + + + + + AuthAppsAllowUserPrefMerge + + + + + + This value is a DWORD used as an on/off switch. If this value is off, authorized application firewall rules in the local store are ignored and not enforced. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. + + + + + + + + + + + text/plain + + + + + GlobalPortsAllowUserPrefMerge + + + + + + This value is a DWORD used as an on/off switch. If this value is off, global port firewall rules in the local store are ignored and not enforced. The setting only has meaning if it is set or enumerated in the Group Policy store or if it is enumerated from the GroupPolicyRSoPStore. The merge law for this option is to let the value GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. + + + + + + + + + + + text/plain + + + + + AllowLocalPolicyMerge + + + + + + This value is a DWORD used as an on/off switch. If this value is off, firewall rules from the local store are ignored and not enforced. The merge law for this option is to always use the value of the GroupPolicyRSoPStore. This value is valid for all schema versions. + + + + + + + + + + + text/plain + + + + + AllowLocalIpsecPolicyMerge + + + + + + This value is a DWORD; it is an on/off switch. If this value is off, connection security rules from the local store are ignored and not enforced, regardless of the schema version and connection security rule version. The merge law for this option is to always use the value of the GroupPolicyRSoPStore. + + + + + + + + + + + text/plain + + + + + DefaultOutboundAction + + + + + + This value is the action that the firewall does by default (and evaluates at the very end) on outbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. + + + + + + + + + + + text/plain + + + + + DefaultInboundAction + + + + + + This value is the action that the firewall does by default (and evaluates at the very end) on inbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. The merge law for this option is to let the value of the GroupPolicyRSoPStore.win if it is configured; otherwise, the local store value is used. + + + + + + + + + + + text/plain + + + + + DisableStealthModeIpsecSecuredPacketExemption + + + + + + This value is a DWORD used as an on/off switch. This option is ignored if DisableStealthMode is on. Otherwise, when this option is on, the firewall's stealth mode rules MUST NOT prevent the host computer from responding to unsolicited network traffic if that traffic is secured by IPsec. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. For schema versions 0x0200, 0x0201, and 0x020A, this value is invalid and MUST NOT be used. + + + + + + + + + + + text/plain + + + + + + PrivateProfile + + + + + + + + + + + + + + + + + + + EnableFirewall + + + + + + This value is an on/off switch for the firewall and advanced security enforcement. It is a DWORD type value; 0x00000000 is off; 0x00000001 is on. If this value is off, the server MUST NOT block any network traffic, regardless of other policy settings. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. + + + + + + + + + + + text/plain + + + + + DisableStealthMode + + + + + + This value is a DWORD used as an on/off switch. When this option is off, the server operates in stealth mode. The firewall rules used to enforce stealth mode are implementation-specific. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. + + + + + + + + + + + text/plain + + + + + Shielded + + + + + + This value is a DWORD used as an on/off switch. If this value is on and EnableFirewall is on, the server MUST block all incoming traffic regardless of other policy settings. The merge law for this option is to let "on" values win. + + + + + + + + + + + text/plain + + + + + DisableUnicastResponsesToMulticastBroadcast + + + + + + This value is a DWORD used as an on/off switch. If it is on, unicast responses to multicast broadcast traffic is blocked. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. + + + + + + + + + + + text/plain + + + + + DisableInboundNotifications + + + + + + This value is a DWORD used as an on/off switch. If this value is off, the firewall MAY display a notification to the user when an application is blocked from listening on a port. If this value is on, the firewall MUST NOT display such a notification. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. + + + + + + + + + + + text/plain + + + + + AuthAppsAllowUserPrefMerge + + + + + + This value is a DWORD used as an on/off switch. If this value is off, authorized application firewall rules in the local store are ignored and not enforced. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. + + + + + + + + + + + text/plain + + + + + GlobalPortsAllowUserPrefMerge + + + + + + This value is a DWORD used as an on/off switch. If this value is off, global port firewall rules in the local store are ignored and not enforced. The setting only has meaning if it is set or enumerated in the Group Policy store or if it is enumerated from the GroupPolicyRSoPStore. The merge law for this option is to let the value GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. + + + + + + + + + + + text/plain + + + + + AllowLocalPolicyMerge + + + + + + This value is a DWORD used as an on/off switch. If this value is off, firewall rules from the local store are ignored and not enforced. The merge law for this option is to always use the value of the GroupPolicyRSoPStore. This value is valid for all schema versions. + + + + + + + + + + + text/plain + + + + + AllowLocalIpsecPolicyMerge + + + + + + This value is a DWORD; it is an on/off switch. If this value is off, connection security rules from the local store are ignored and not enforced, regardless of the schema version and connection security rule version. The merge law for this option is to always use the value of the GroupPolicyRSoPStore. + + + + + + + + + + + text/plain + + + + + DefaultOutboundAction + + + + + + This value is the action that the firewall does by default (and evaluates at the very end) on outbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. + + + + + + + + + + + text/plain + + + + + DefaultInboundAction + + + + + + This value is the action that the firewall does by default (and evaluates at the very end) on inbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. The merge law for this option is to let the value of the GroupPolicyRSoPStore.win if it is configured; otherwise, the local store value is used. + + + + + + + + + + + text/plain + + + + + DisableStealthModeIpsecSecuredPacketExemption + + + + + + This value is a DWORD used as an on/off switch. This option is ignored if DisableStealthMode is on. Otherwise, when this option is on, the firewall's stealth mode rules MUST NOT prevent the host computer from responding to unsolicited network traffic if that traffic is secured by IPsec. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. For schema versions 0x0200, 0x0201, and 0x020A, this value is invalid and MUST NOT be used. + + + + + + + + + + + text/plain + + + + + + PublicProfile + + + + + + + + + + + + + + + + + + + EnableFirewall + + + + + + This value is an on/off switch for the firewall and advanced security enforcement. It is a DWORD type value; 0x00000000 is off; 0x00000001 is on. If this value is off, the server MUST NOT block any network traffic, regardless of other policy settings. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. + + + + + + + + + + + text/plain + + + + + DisableStealthMode + + + + + + This value is a DWORD used as an on/off switch. When this option is off, the server operates in stealth mode. The firewall rules used to enforce stealth mode are implementation-specific. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. + + + + + + + + + + + text/plain + + + + + Shielded + + + + + + This value is a DWORD used as an on/off switch. If this value is on and EnableFirewall is on, the server MUST block all incoming traffic regardless of other policy settings. The merge law for this option is to let "on" values win. + + + + + + + + + + + text/plain + + + + + DisableUnicastResponsesToMulticastBroadcast + + + + + + This value is a DWORD used as an on/off switch. If it is on, unicast responses to multicast broadcast traffic is blocked. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. + + + + + + + + + + + text/plain + + + + + DisableInboundNotifications + + + + + + This value is a DWORD used as an on/off switch. If this value is off, the firewall MAY display a notification to the user when an application is blocked from listening on a port. If this value is on, the firewall MUST NOT display such a notification. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. + + + + + + + + + + + text/plain + + + + + AuthAppsAllowUserPrefMerge + + + + + + This value is a DWORD used as an on/off switch. If this value is off, authorized application firewall rules in the local store are ignored and not enforced. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. + + + + + + + + + + + text/plain + + + + + GlobalPortsAllowUserPrefMerge + + + + + + This value is a DWORD used as an on/off switch. If this value is off, global port firewall rules in the local store are ignored and not enforced. The setting only has meaning if it is set or enumerated in the Group Policy store or if it is enumerated from the GroupPolicyRSoPStore. The merge law for this option is to let the value GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. + + + + + + + + + + + text/plain + + + + + AllowLocalPolicyMerge + + + + + + This value is a DWORD used as an on/off switch. If this value is off, firewall rules from the local store are ignored and not enforced. The merge law for this option is to always use the value of the GroupPolicyRSoPStore. This value is valid for all schema versions. + + + + + + + + + + + text/plain + + + + + AllowLocalIpsecPolicyMerge + + + + + + This value is a DWORD; it is an on/off switch. If this value is off, connection security rules from the local store are ignored and not enforced, regardless of the schema version and connection security rule version. The merge law for this option is to always use the value of the GroupPolicyRSoPStore. + + + + + + + + + + + text/plain + + + + + DefaultOutboundAction + + + + + + This value is the action that the firewall does by default (and evaluates at the very end) on outbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. + + + + + + + + + + + text/plain + + + + + DefaultInboundAction + + + + + + This value is the action that the firewall does by default (and evaluates at the very end) on inbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. The merge law for this option is to let the value of the GroupPolicyRSoPStore.win if it is configured; otherwise, the local store value is used. + + + + + + + + + + + text/plain + + + + + DisableStealthModeIpsecSecuredPacketExemption + + + + + + This value is a DWORD used as an on/off switch. This option is ignored if DisableStealthMode is on. Otherwise, when this option is on, the firewall's stealth mode rules MUST NOT prevent the host computer from responding to unsolicited network traffic if that traffic is secured by IPsec. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. For schema versions 0x0200, 0x0201, and 0x020A, this value is invalid and MUST NOT be used. + + + + + + + + + + + text/plain + + + + + + FirewallRules + + + + + A list of rules controlling traffic through the Windows Firewall. Each Rule ID is ORed. Within each rule ID each Filter type is AND'ed. + + + + + + + + + + + + + + + + + + + + + + Unique alpha numeric identifier for the rule. The rule name must not include a forward slash (/). + + + + + + + + + + FirewallRuleName + + + + + + App + + + + + Rules that control connections for an app, program or service. + +Specified based on the intersection of the following nodes. + +PackageFamilyName +FilePath +FQBN +ServiceName + + + + + + + + + + + + + + + PackageFamilyName + + + + + + + + PackageFamilyName - This App/Id value represents the PackageFamilyName of the app. The PackageFamilyName is the unique name of a Windows Store application. + + + + + + + + + + + text/plain + + + + + FilePath + + + + + + + + FilePath - This App/Id value represents the full file path of the app. For example, C:\Windows\System\Notepad.exe. + + + + + + + + + + + text/plain + + + + + Fqbn + + + + + + + + Fully Qualified Binary Name + + + + + + + + + + + text/plain + + + + + ServiceName + + + + + + + + This is a service name, and is used in cases when a service, not an application, must be sending or receiving traffic. + + + + + + + + + + + text/plain + + + + + + Protocol + + + + + + + + 0-255 number representing the ip protocol (TCP = 6, UDP = 17) + + + + + + + + + + + text/plain + + + + + LocalPortRanges + + + + + + + + Comma Separated list of ranges for eg. 100-120,200,300-320 + + + + + + + + + + + text/plain + + + + + RemotePortRanges + + + + + + + + Comma Separated list of ranges for eg. 100-120,200,300-320 + + + + + + + + + + + text/plain + + + + + LocalAddressRanges + + + + + + + + Consists of one or more comma-delimited tokens specifying the local addresses covered by the rule. "*" is the default value. +Valid tokens include: +"*" indicates any local address. If present, this must be the only token included. + +A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask not a network prefix is specified, the subnet mask defaults to 255.255.255.255. +A valid IPv6 address. +An IPv4 address range in the format of "start address - end address" with no spaces included. +An IPv6 address range in the format of "start address - end address" with no spaces included. + + + + + + + + + + + text/plain + + + + + RemoteAddressRanges + + + + + + + + Consists of one or more comma-delimited tokens specifying the remote addresses covered by the rule. The default value is "*". Valid tokens include: +"*" indicates any remote address. If present, this must be the only token included. +"Defaultgateway" +"DHCP" +"DNS" +"WINS" +"Intranet" +"RemoteCorpNetwork" +"Internet" +"PlayToRenderers" +"LocalSubnet" indicates any local address on the local subnet. This token is not case-sensitive. +A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask not a network prefix is specified, the subnet mask defaults to 255.255.255.255. +A valid IPv6 address. +An IPv4 address range in the format of "start address - end address" with no spaces included. +An IPv6 address range in the format of "start address - end address" with no spaces included. + + + + + + + + + + + text/plain + + + + + Description + + + + + + + + Specifies the description of the rule. + + + + + + + + + + + text/plain + + + + + Enabled + + + + + + + + Indicates whether the rule is enabled or disabled. If the rule must be enabled, this value must be set to true. +If not specified - a new rule is disabled by default. + + + + + + + + + + + text/plain + + + + + Profiles + + + + + + + + Specifies the profiles to which the rule belongs: Domain, Private, Public. See FW_PROFILE_TYPE for the bitmasks that are used to identify profile types. + + + + + + + + + + + text/plain + + + + + Action + + + + + Specifies the action for the rule. + +BLOCK - block the connection. +ALLOW - allow the connection. + + +If not specified the default action is BLOCK. + + + + + + + + + + + + + + + Type + + + + + + + + Specifies the action the rule enforces: +0 - Block +1 - Allow + + + + + + + + + + + text/plain + + + + + + Direction + + + + + + + + Comma separated list. The rule is enabled based on the traffic direction as following. + +IN - the rule applies to inbound traffic. +OUT - the rule applies to outbound traffic. + +If not specified the detault is IN. + + + + + + + + + + + text/plain + + + + + InterfaceTypes + + + + + + + + String value. Multiple interface types can be included in the string by separating each value with a ",". Acceptable values are "RemoteAccess", "Wireless", "Lan", "MobileBroadband", and "All". + If more than one interface type is specified, the strings must be separated by a comma. + + + + + + + + + + + text/plain + + + + + IcmpTypesAndCodes + + + + + + + + The icmpTypesAndCodes parameter is a list of ICMP types and codes separated by semicolon. "*" indicates all ICMP types and codes. + + + + + + + + + + + text/plain + + + + + EdgeTraversal + + + + + + + + Indicates whether edge traversal is enabled or disabled for this rule. + +The EdgeTraversal property indicates that specific inbound traffic is allowed to tunnel through NATs and other edge devices using the Teredo tunneling technology. In order for this setting to work correctly, the application or service with the inbound firewall rule needs to support IPv6. The primary application of this setting allows listeners on the host to be globally addressable through a Teredo IPv6 address. + +New rules have the EdgeTraversal property disabled by default. + + + + + + + + + + + + text/plain + + + + + LocalUserAuthorizedList + + + + + + + + Specifies the list of authorized local users for the app container. +This is a string in Security Descriptor Definition Language (SDDL) format.. + + + + + + + + + + + text/plain + + + + + Status + + + + + Provides information about the specific verrsion of the rule in deployment for monitoring purposes. + + + + + + + + + + + text/plain + + + + + FriendlyName + + + + + + + + Specifies the friendly name of the rule. +The string must not contain the "|" character. + + + + + + + + + + + text/plain + + + + + Name + + + + + + + + + + + + + + + + + + text/plain + + + + + + + + +``` \ No newline at end of file diff --git a/windows/client-management/mdm/get-inventory.md b/windows/client-management/mdm/get-inventory.md index b97394b02c..405f3c7a29 100644 --- a/windows/client-management/mdm/get-inventory.md +++ b/windows/client-management/mdm/get-inventory.md @@ -4,19 +4,14 @@ description: The Get Inventory operation retrieves information from the Windows MS-HAID: - 'p\_phdevicemgmt.get\_seatblock' - 'p\_phDeviceMgmt.get\_inventory' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: C5485722-FC49-4358-A097-74169B204E74 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Get Inventory The **Get Inventory** operation retrieves information from the Windows Store for Business to determine if new or updated applications are available. diff --git a/windows/client-management/mdm/get-localized-product-details.md b/windows/client-management/mdm/get-localized-product-details.md index 8e6d40257a..16f29cb848 100644 --- a/windows/client-management/mdm/get-localized-product-details.md +++ b/windows/client-management/mdm/get-localized-product-details.md @@ -1,19 +1,14 @@ --- title: Get localized product details description: The Get localized product details operation retrieves the localization information of a product from the Windows Store for Business. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: EF6AFCA9-8699-46C9-A3BB-CD2750C07901 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Get localized product details The **Get localized product details** operation retrieves the localization information of a product from the Windows Store for Business. diff --git a/windows/client-management/mdm/get-offline-license.md b/windows/client-management/mdm/get-offline-license.md index 469d1603ef..cf3a27b38c 100644 --- a/windows/client-management/mdm/get-offline-license.md +++ b/windows/client-management/mdm/get-offline-license.md @@ -1,19 +1,14 @@ --- title: Get offline license description: The Get offline license operation retrieves the offline license information of a product from the Windows Store for Business. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 08DAD813-CF4D-42D6-A783-994A03AEE051 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Get offline license The **Get offline license** operation retrieves the offline license information of a product from the Windows Store for Business. diff --git a/windows/client-management/mdm/get-product-details.md b/windows/client-management/mdm/get-product-details.md index d9cd6919c7..c602332f9b 100644 --- a/windows/client-management/mdm/get-product-details.md +++ b/windows/client-management/mdm/get-product-details.md @@ -1,19 +1,14 @@ --- title: Get product details description: The Get product details operation retrieves the product information from the Windows Store for Business for a specific application. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: BC432EBA-CE5E-43BD-BD54-942774767286 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Get product details The **Get product details** operation retrieves the product information from the Windows Store for Business for a specific application. diff --git a/windows/client-management/mdm/get-product-package.md b/windows/client-management/mdm/get-product-package.md index d201559fea..ef80b65d3b 100644 --- a/windows/client-management/mdm/get-product-package.md +++ b/windows/client-management/mdm/get-product-package.md @@ -1,19 +1,14 @@ --- title: Get product package description: The Get product package operation retrieves the information about a specific application in the Windows Store for Business. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 4314C65E-6DDC-405C-A591-D66F799A341F -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Get product package The **Get product package** operation retrieves the information about a specific application in the Windows Store for Business. diff --git a/windows/client-management/mdm/get-product-packages.md b/windows/client-management/mdm/get-product-packages.md index 32fe8aec93..24d354e7c2 100644 --- a/windows/client-management/mdm/get-product-packages.md +++ b/windows/client-management/mdm/get-product-packages.md @@ -1,19 +1,14 @@ --- title: Get product packages description: The Get product packages operation retrieves the information about applications in the Windows Store for Business. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 039468BF-B9EE-4E1C-810C-9ACDD55C0835 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Get product packages The **Get product packages** operation retrieves the information about applications in the Windows Store for Business. diff --git a/windows/client-management/mdm/get-seat.md b/windows/client-management/mdm/get-seat.md index 4e17dfceb6..301be7db93 100644 --- a/windows/client-management/mdm/get-seat.md +++ b/windows/client-management/mdm/get-seat.md @@ -1,19 +1,14 @@ --- title: Get seat description: The Get seat operation retrieves the information about an active seat for a specified user in the Windows Store for Business. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 715BAEB2-79FD-4945-A57F-482F9E7D07C6 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Get seat The **Get seat** operation retrieves the information about an active seat for a specified user in the Windows Store for Business. diff --git a/windows/client-management/mdm/get-seats-assigned-to-a-user.md b/windows/client-management/mdm/get-seats-assigned-to-a-user.md index 0eebaa7714..77e13c0706 100644 --- a/windows/client-management/mdm/get-seats-assigned-to-a-user.md +++ b/windows/client-management/mdm/get-seats-assigned-to-a-user.md @@ -1,19 +1,14 @@ --- title: Get seats assigned to a user description: The Get seats assigned to a user operation retrieves information about assigned seats in the Windows Store for Business. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: CB963E44-8C7C-46F9-A979-89BBB376172B -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Get seats assigned to a user The **Get seats assigned to a user** operation retrieves information about assigned seats in the Windows Store for Business. diff --git a/windows/client-management/mdm/get-seats.md b/windows/client-management/mdm/get-seats.md index 5668a2f43a..1e5fbe93dd 100644 --- a/windows/client-management/mdm/get-seats.md +++ b/windows/client-management/mdm/get-seats.md @@ -1,19 +1,14 @@ --- title: Get seats description: The Get seats operation retrieves the information about active seats in the Windows Store for Business. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 32945788-47AC-4259-B616-F359D48F4F2F -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Get seats The **Get seats** operation retrieves the information about active seats in the Windows Store for Business. diff --git a/windows/client-management/mdm/healthattestation-csp.md b/windows/client-management/mdm/healthattestation-csp.md index 85374c2225..fb44d96773 100644 --- a/windows/client-management/mdm/healthattestation-csp.md +++ b/windows/client-management/mdm/healthattestation-csp.md @@ -1,19 +1,14 @@ --- title: Device HealthAttestation CSP description: Device HealthAttestation CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 6F2D783C-F6B4-4A81-B9A2-522C4661D1AC -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Device HealthAttestation CSP The Device HealthAttestation configuration service provider (DHA-CSP) enables enterprise IT managers to assess if a device is booted to a trusted and compliant state, and take enterprise policy actions. @@ -262,71 +257,25 @@ You can use OpenSSL to validate access to DHA-Service. Here is a sample OpenSSL PS C:\openssl> ./openssl.exe s_client -connect has.spserv.microsoft.com:443 CONNECTED(000001A8) --- -title: Device HealthAttestation CSP -description: Device HealthAttestation CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 6F2D783C-F6B4-4A81-B9A2-522C4661D1AC -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr +Certificate chain + 0 s:/CN=*.spserv.microsoft.com + i:/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/OU=Microsoft IT/CN=Microsoft IT SSL SHA2 + 1 s:/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/OU=Microsoft IT/CN=Microsoft IT SSL SHA2 + i:/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root --- - Server certificate ---- -title: Device HealthAttestation CSP -description: Device HealthAttestation CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 6F2D783C-F6B4-4A81-B9A2-522C4661D1AC -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- --- +-----BEGIN CERTIFICATE----- MIIGOTCCBCGgAwIBAgITWgAA1KJb40tpukQoewABAADUojANBgkqhkiG9w0BAQsFA4ICAQCJaKewFQuqQwR5fkAr9kZOmtq5fk03p82eHWLaftXlc4RDvVFp4a2ciSjZL8f3f+XWPVdUj9DAi3bCSddlrcNOPRXNepFC1OEmKtE9jM0r7M8qnqFkIfbNrVNUtPxHoraQeMIgbk0SHEOlShY2GXETVBqZdDZ5Rmk4rA+3ggoeV8hNzm2dfNp0iGSrZzawbLzWU1D2Tped1k5IV63yb+cU/TmM …………………………………………………………………………………………………………………………………… ……………………………………………………………………………………………………………………………………………………………………………………………………………………………… ……………2RXXwogn1UM8TZduCEjz+b05mAkvytugzzaI4wXkCP4OgNyy8gul2z5Gj/51pCTN ---- -title: Device HealthAttestation CSP -description: Device HealthAttestation CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 6F2D783C-F6B4-4A81-B9A2-522C4661D1AC -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- --- +-----END CERTIFICATE----- subject=/CN=*.spserv.microsoft.com issuer=/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/OU=Microsoft IT/CN=Microsoft IT SSL SHA2 --- -title: Device HealthAttestation CSP -description: Device HealthAttestation CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 6F2D783C-F6B4-4A81-B9A2-522C4661D1AC -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr +No client certificate CA names sent +Peer signing digest: SHA1 +Server Temp Key: ECDH, P-384, 384 bits --- - SSL handshake has read 3681 bytes and written 561 bytes New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA384 Server public key is 2048 bit diff --git a/windows/client-management/mdm/healthattestation-ddf.md b/windows/client-management/mdm/healthattestation-ddf.md index ba4539dd9d..f3e857ee6f 100644 --- a/windows/client-management/mdm/healthattestation-ddf.md +++ b/windows/client-management/mdm/healthattestation-ddf.md @@ -1,19 +1,14 @@ --- title: HealthAttestation DDF description: HealthAttestation DDF -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: D20AC78D-D2D4-434B-B9FD-294BCD9D1DDE -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # HealthAttestation DDF diff --git a/windows/client-management/mdm/hotspot-csp.md b/windows/client-management/mdm/hotspot-csp.md index fb6b88a6ec..181c625ca6 100644 --- a/windows/client-management/mdm/hotspot-csp.md +++ b/windows/client-management/mdm/hotspot-csp.md @@ -1,19 +1,14 @@ --- title: HotSpot CSP description: HotSpot CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: ec49dec1-fa79-420a-a9a7-e86668b3eebf -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # HotSpot CSP diff --git a/windows/client-management/mdm/iconfigserviceprovider2.md b/windows/client-management/mdm/iconfigserviceprovider2.md index db79e94887..be59397ff3 100644 --- a/windows/client-management/mdm/iconfigserviceprovider2.md +++ b/windows/client-management/mdm/iconfigserviceprovider2.md @@ -1,19 +1,14 @@ --- title: IConfigServiceProvider2 description: IConfigServiceProvider2 -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 8deec0fb-59a6-4d08-8ddb-6d0d3d868a10 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # IConfigServiceProvider2 diff --git a/windows/client-management/mdm/iconfigserviceprovider2configmanagernotification.md b/windows/client-management/mdm/iconfigserviceprovider2configmanagernotification.md index a228ad1236..2d72418a32 100644 --- a/windows/client-management/mdm/iconfigserviceprovider2configmanagernotification.md +++ b/windows/client-management/mdm/iconfigserviceprovider2configmanagernotification.md @@ -1,19 +1,14 @@ --- title: IConfigServiceProvider2 ConfigManagerNotification description: IConfigServiceProvider2 ConfigManagerNotification -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: b1f0fe0f-afbe-4b36-a75d-34239a86a75c -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # IConfigServiceProvider2::ConfigManagerNotification diff --git a/windows/client-management/mdm/iconfigserviceprovider2getnode.md b/windows/client-management/mdm/iconfigserviceprovider2getnode.md index ea09e6aee1..d9efa4d469 100644 --- a/windows/client-management/mdm/iconfigserviceprovider2getnode.md +++ b/windows/client-management/mdm/iconfigserviceprovider2getnode.md @@ -1,19 +1,14 @@ --- title: IConfigServiceProvider2 GetNode description: IConfigServiceProvider2 GetNode -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 4dc10a59-f6a2-45c0-927c-d594afc9bb91 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # IConfigServiceProvider2::GetNode diff --git a/windows/client-management/mdm/icspnode.md b/windows/client-management/mdm/icspnode.md index 94da28911f..5da7ad4b29 100644 --- a/windows/client-management/mdm/icspnode.md +++ b/windows/client-management/mdm/icspnode.md @@ -1,19 +1,14 @@ --- title: ICSPNode description: ICSPNode -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 023466e6-a8ab-48ad-8548-291409686ac2 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # ICSPNode This interface does most of the work in a configuration service provider. Each individual node in a configuration service provider tree is represented by a separate implementation of this interface. The actions of a ConfigManager2 client are typically translated into calls to an instance of an ICSPNode. diff --git a/windows/client-management/mdm/icspnodeadd.md b/windows/client-management/mdm/icspnodeadd.md index 39a4e209e1..20be80123e 100644 --- a/windows/client-management/mdm/icspnodeadd.md +++ b/windows/client-management/mdm/icspnodeadd.md @@ -1,19 +1,14 @@ --- title: ICSPNode Add description: ICSPNode Add -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 5f03d350-c82b-4747-975f-385fd8b5b3a8 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # ICSPNode::Add This method adds an immediate child node to a configuration service provider node and returns a pointer to the new node. diff --git a/windows/client-management/mdm/icspnodeclear.md b/windows/client-management/mdm/icspnodeclear.md index 217d2ff33c..5c0f660fa3 100644 --- a/windows/client-management/mdm/icspnodeclear.md +++ b/windows/client-management/mdm/icspnodeclear.md @@ -1,20 +1,15 @@ --- title: ICSPNode Clear description: ICSPNode Clear -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: b414498b-110a-472d-95c0-2d5b38cd78a6 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # ICSPNode::Clear This method deletes the contents and child nodes of the current configuration service provider node. This method is always called on the child node before [ICSPNode::DeleteChild](icspnodedeletechild.md) is called on the parent node. diff --git a/windows/client-management/mdm/icspnodecopy.md b/windows/client-management/mdm/icspnodecopy.md index b8e50e00b0..cf113766b6 100644 --- a/windows/client-management/mdm/icspnodecopy.md +++ b/windows/client-management/mdm/icspnodecopy.md @@ -1,19 +1,14 @@ --- title: ICSPNode Copy description: ICSPNode Copy -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: cd5ce0bc-a08b-4f82-802d-c7ff8701b41f -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # ICSPNode::Copy This method makes a copy of the current node at the specified path within the configuration service provider. If the target node exists, it should be overwritten. diff --git a/windows/client-management/mdm/icspnodedeletechild.md b/windows/client-management/mdm/icspnodedeletechild.md index 5b303056ec..686df037ea 100644 --- a/windows/client-management/mdm/icspnodedeletechild.md +++ b/windows/client-management/mdm/icspnodedeletechild.md @@ -1,19 +1,14 @@ --- title: ICSPNode DeleteChild description: ICSPNode DeleteChild -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 8cf3663d-a4cf-4d11-b03a-f1d096ad7f9c -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # ICSPNode::DeleteChild Deletes the specified child node from the configuration service provider node. [ICSPNode::Clear](icspnodeclear.md) must always be called first on the child node that is to be deleted. @@ -32,189 +27,7 @@ HRESULT DeleteChild([in] IConfigManager2URI* puriChildToDelete); ## Return Values | Return Value | Description | -|--- -title: ICSPNode DeleteChild -description: ICSPNode DeleteChild -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 8cf3663d-a4cf-4d11-b03a-f1d096ad7f9c -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ICSPNode DeleteChild -description: ICSPNode DeleteChild -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 8cf3663d-a4cf-4d11-b03a-f1d096ad7f9c -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ICSPNode DeleteChild -description: ICSPNode DeleteChild -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 8cf3663d-a4cf-4d11-b03a-f1d096ad7f9c -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ICSPNode DeleteChild -description: ICSPNode DeleteChild -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 8cf3663d-a4cf-4d11-b03a-f1d096ad7f9c -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ICSPNode DeleteChild -description: ICSPNode DeleteChild -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 8cf3663d-a4cf-4d11-b03a-f1d096ad7f9c -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- -|--- -title: ICSPNode DeleteChild -description: ICSPNode DeleteChild -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 8cf3663d-a4cf-4d11-b03a-f1d096ad7f9c -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ICSPNode DeleteChild -description: ICSPNode DeleteChild -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 8cf3663d-a4cf-4d11-b03a-f1d096ad7f9c -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ICSPNode DeleteChild -description: ICSPNode DeleteChild -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 8cf3663d-a4cf-4d11-b03a-f1d096ad7f9c -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ICSPNode DeleteChild -description: ICSPNode DeleteChild -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 8cf3663d-a4cf-4d11-b03a-f1d096ad7f9c -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ICSPNode DeleteChild -description: ICSPNode DeleteChild -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 8cf3663d-a4cf-4d11-b03a-f1d096ad7f9c -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ICSPNode DeleteChild -description: ICSPNode DeleteChild -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 8cf3663d-a4cf-4d11-b03a-f1d096ad7f9c -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ICSPNode DeleteChild -description: ICSPNode DeleteChild -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 8cf3663d-a4cf-4d11-b03a-f1d096ad7f9c -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: ICSPNode DeleteChild -description: ICSPNode DeleteChild -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 8cf3663d-a4cf-4d11-b03a-f1d096ad7f9c -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---| +|------------------------------|--------------------------------------------------| | CFGMGR\_E\_NODENOTFOUND | The child node does not exist | | CFGMGR\_E\_COMMANDNOTALLOWED | The child node to be deleted is a read-only node | | S\_OK | Success. | diff --git a/windows/client-management/mdm/icspnodedeleteproperty.md b/windows/client-management/mdm/icspnodedeleteproperty.md index f2175e60ef..74126c9679 100644 --- a/windows/client-management/mdm/icspnodedeleteproperty.md +++ b/windows/client-management/mdm/icspnodedeleteproperty.md @@ -1,19 +1,14 @@ --- title: ICSPNode DeleteProperty description: ICSPNode DeleteProperty -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 7e21851f-d663-4558-b3e8-590d24b4f6c4 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # ICSPNode::DeleteProperty This method deletes a property from a configuration service provider node. diff --git a/windows/client-management/mdm/icspnodeexecute.md b/windows/client-management/mdm/icspnodeexecute.md index ccab9f3c78..ef2c4dfa1a 100644 --- a/windows/client-management/mdm/icspnodeexecute.md +++ b/windows/client-management/mdm/icspnodeexecute.md @@ -1,19 +1,14 @@ --- title: ICSPNode Execute description: ICSPNode Execute -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 5916e7b7-256d-49fd-82b6-db0547a215ec -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # ICSPNode::Execute This method runs a task on an internally-transactioned configuration service provider node by passing in the specified user data and returning a result. The exact meaning of **Execute** and whether it is even supported depends on the purpose of the node. For example, **Execute** called on a node that represents a file should probably **ShellExecute** the file, whereas calling **Execute** on a registry node generally does not make sense. diff --git a/windows/client-management/mdm/icspnodegetchildnodenames.md b/windows/client-management/mdm/icspnodegetchildnodenames.md index cb984ee96b..aa63ca5b8e 100644 --- a/windows/client-management/mdm/icspnodegetchildnodenames.md +++ b/windows/client-management/mdm/icspnodegetchildnodenames.md @@ -1,19 +1,14 @@ --- title: ICSPNode GetChildNodeNames description: ICSPNode GetChildNodeNames -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: dc057f2b-282b-49ac-91c4-bb83bd3ca4dc -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # ICSPNode::GetChildNodeNames This method returns the list of child nodes for a configuration service provider node. diff --git a/windows/client-management/mdm/icspnodegetproperty.md b/windows/client-management/mdm/icspnodegetproperty.md index 6bf75e7b35..673d9e8e15 100644 --- a/windows/client-management/mdm/icspnodegetproperty.md +++ b/windows/client-management/mdm/icspnodegetproperty.md @@ -1,19 +1,14 @@ --- title: ICSPNode GetProperty description: ICSPNode GetProperty -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: a2bdc158-72e0-4cdb-97ce-f5cf1a44b7db -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # ICSPNode::GetProperty This method returns a property value from a configuration service provider node. diff --git a/windows/client-management/mdm/icspnodegetpropertyidentifiers.md b/windows/client-management/mdm/icspnodegetpropertyidentifiers.md index 69d2de87b8..55fabbe552 100644 --- a/windows/client-management/mdm/icspnodegetpropertyidentifiers.md +++ b/windows/client-management/mdm/icspnodegetpropertyidentifiers.md @@ -1,19 +1,14 @@ --- title: ICSPNode GetPropertyIdentifiers description: ICSPNode GetPropertyIdentifiers -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 8a052cd3-d74c-40c4-845f-f804b920deb4 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # ICSPNode::GetPropertyIdentifiers This method returns a list of non-standard properties supported by the node. The returned array must be allocated with `CoTaskMemAlloc`. diff --git a/windows/client-management/mdm/icspnodegetvalue.md b/windows/client-management/mdm/icspnodegetvalue.md index 85777cf2f4..fe58b75211 100644 --- a/windows/client-management/mdm/icspnodegetvalue.md +++ b/windows/client-management/mdm/icspnodegetvalue.md @@ -1,19 +1,14 @@ --- title: ICSPNode GetValue description: ICSPNode GetValue -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: c684036d-98be-4659-8ce8-f72436a39b90 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # ICSPNode::GetValue This method gets the value and data type for the node. Interior (non-leaf) nodes may not have a value. diff --git a/windows/client-management/mdm/icspnodemove.md b/windows/client-management/mdm/icspnodemove.md index ea6080be34..53c5047934 100644 --- a/windows/client-management/mdm/icspnodemove.md +++ b/windows/client-management/mdm/icspnodemove.md @@ -1,19 +1,14 @@ --- title: ICSPNode Move description: ICSPNode Move -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: efb359c3-5c86-4975-bf6f-a1c33922442a -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # ICSPNode::Move This method moves the node to a new location within the configuration service provider. If the target node already exists, it should be overwritten. diff --git a/windows/client-management/mdm/icspnodesetproperty.md b/windows/client-management/mdm/icspnodesetproperty.md index 14f0896554..daae584a37 100644 --- a/windows/client-management/mdm/icspnodesetproperty.md +++ b/windows/client-management/mdm/icspnodesetproperty.md @@ -1,19 +1,14 @@ --- title: ICSPNode SetProperty description: ICSPNode SetProperty -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: e235c38f-ea04-4cd8-adec-3c6c0ce7172d -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # ICSPNode::SetProperty This method sets a property value for a configuration service provider node. diff --git a/windows/client-management/mdm/icspnodesetvalue.md b/windows/client-management/mdm/icspnodesetvalue.md index f5e3c76c9b..ccb5ff6c76 100644 --- a/windows/client-management/mdm/icspnodesetvalue.md +++ b/windows/client-management/mdm/icspnodesetvalue.md @@ -1,19 +1,14 @@ --- title: ICSPNode SetValue description: ICSPNode SetValue -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: b218636d-fe8b-4a0f-b4e8-a621f65619d3 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # ICSPNode::SetValue This method sets the value for the configuration service provider node. It is an error to attempt to set the value of an interior node. diff --git a/windows/client-management/mdm/icspnodetransactioning.md b/windows/client-management/mdm/icspnodetransactioning.md index 56f37b3161..536708cb7d 100644 --- a/windows/client-management/mdm/icspnodetransactioning.md +++ b/windows/client-management/mdm/icspnodetransactioning.md @@ -1,19 +1,14 @@ --- title: ICSPNodeTransactioning description: ICSPNodeTransactioning -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 24dc518a-4a8d-41fe-9bc6-217bbbdf6a3f -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # ICSPNodeTransactioning This is an optional interface that enables a configuration service provider to define its own transactioning scheme (internal transactioning) for an individual node. Transactioning supports the ability to roll back previous actions on a node. The majority of nodes use external transactioning, which is handled automatically, and do not need to implement this interface. For more information about internal and external transactioning, including how to handle the `RollbackAction` functions, see "Determine node operations" in [Designing a custom configuration service provider](design-a-custom-windows-csp.md). diff --git a/windows/client-management/mdm/icspvalidate.md b/windows/client-management/mdm/icspvalidate.md index ddb4d98279..42828da848 100644 --- a/windows/client-management/mdm/icspvalidate.md +++ b/windows/client-management/mdm/icspvalidate.md @@ -1,19 +1,14 @@ --- title: ICSPValidate description: ICSPValidate -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: b0993f2d-6269-412f-a329-af25fff34ca2 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # ICSPValidate This interface is optional. It is called by ConfigManager2 as it batches commands before transactioning begins. This allows the configuration service provider to validate the node before performing specific actions. It is generally only used for configuration service providers that need to expose UI. diff --git a/windows/client-management/mdm/images/provisioning-csp-firewall.png b/windows/client-management/mdm/images/provisioning-csp-firewall.png new file mode 100644 index 0000000000..f31e4c749d Binary files /dev/null and b/windows/client-management/mdm/images/provisioning-csp-firewall.png differ diff --git a/windows/client-management/mdm/images/provisioning-csp-tpmpolicy.png b/windows/client-management/mdm/images/provisioning-csp-tpmpolicy.png new file mode 100644 index 0000000000..8950a1614d Binary files /dev/null and b/windows/client-management/mdm/images/provisioning-csp-tpmpolicy.png differ diff --git a/windows/client-management/mdm/implement-server-side-mobile-application-management.md b/windows/client-management/mdm/implement-server-side-mobile-application-management.md index 7285dc6e24..904aabcc23 100644 --- a/windows/client-management/mdm/implement-server-side-mobile-application-management.md +++ b/windows/client-management/mdm/implement-server-side-mobile-application-management.md @@ -1,19 +1,14 @@ --- title: Implement server-side support for mobile application management on Windows description: The Windows version of mobile application management (MAM) is a lightweight solution for managing company data access and security on personal devices. MAM support is built into Windows on top of Windows Information Protection (WIP). -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Implement server-side support for mobile application management on Windows The Windows version of mobile application management (MAM) is a lightweight solution for managing company data access and security on personal devices. MAM support is built into Windows on top of Windows Information Protection (WIP), starting in Windows 10, version 1703. diff --git a/windows/client-management/mdm/index.md b/windows/client-management/mdm/index.md index 8fc654bccf..70a844c704 100644 --- a/windows/client-management/mdm/index.md +++ b/windows/client-management/mdm/index.md @@ -4,19 +4,14 @@ description: Windows 10 provides an enterprise management solution to help IT p MS-HAID: - 'p\_phDeviceMgmt.provisioning\_and\_device\_management' - 'p\_phDeviceMgmt.mobile\_device\_management\_windows\_mdm' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 50ac90a7-713e-4487-9cb9-b6d6fdaa4e5b -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Mobile device management diff --git a/windows/client-management/mdm/management-tool-for-windows-store-for-business.md b/windows/client-management/mdm/management-tool-for-windows-store-for-business.md index a90cab7223..98510df8a0 100644 --- a/windows/client-management/mdm/management-tool-for-windows-store-for-business.md +++ b/windows/client-management/mdm/management-tool-for-windows-store-for-business.md @@ -4,19 +4,14 @@ description: The Windows Store for Business has a new web service designed for t MS-HAID: - 'p\_phdevicemgmt.business\_store\_portal\_management\_tool' - 'p\_phDeviceMgmt.management\_tool\_for\_windows\_store\_for\_business' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 0E39AE85-1703-4B24-9A7F-831C6455068F -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Management tool for the Windows Store for Business The Windows Store for Business has a new web service designed for the enterprise to acquire, manage, and distribute applications in bulk. The Store for Business enables several capabilities that are required for the enterprise to manage the lifecycle of applications from acquisition to updates. diff --git a/windows/client-management/mdm/maps-csp.md b/windows/client-management/mdm/maps-csp.md index 7b96256031..7a5f26f5ef 100644 --- a/windows/client-management/mdm/maps-csp.md +++ b/windows/client-management/mdm/maps-csp.md @@ -1,19 +1,14 @@ --- title: Maps CSP description: The Maps configuration service provider (CSP) is used to configure the maps to download to the device. This CSP was added in Windows 10, version 1511. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: E5157296-7C31-4B08-8877-15304C9F6F26 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Maps CSP @@ -52,161 +47,7 @@ Supported operation is Get. If the map is neither queued, downloading, or instal Here is a list of GUIDs of the most downloaded reqions. | Region | GUID | -|--- -title: Maps CSP -description: The Maps configuration service provider (CSP) is used to configure the maps to download to the device. This CSP was added in Windows 10, version 1511. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: E5157296-7C31-4B08-8877-15304C9F6F26 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: Maps CSP -description: The Maps configuration service provider (CSP) is used to configure the maps to download to the device. This CSP was added in Windows 10, version 1511. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: E5157296-7C31-4B08-8877-15304C9F6F26 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: Maps CSP -description: The Maps configuration service provider (CSP) is used to configure the maps to download to the device. This CSP was added in Windows 10, version 1511. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: E5157296-7C31-4B08-8877-15304C9F6F26 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: Maps CSP -description: The Maps configuration service provider (CSP) is used to configure the maps to download to the device. This CSP was added in Windows 10, version 1511. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: E5157296-7C31-4B08-8877-15304C9F6F26 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: Maps CSP -description: The Maps configuration service provider (CSP) is used to configure the maps to download to the device. This CSP was added in Windows 10, version 1511. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: E5157296-7C31-4B08-8877-15304C9F6F26 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- --|--- -title: Maps CSP -description: The Maps configuration service provider (CSP) is used to configure the maps to download to the device. This CSP was added in Windows 10, version 1511. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: E5157296-7C31-4B08-8877-15304C9F6F26 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: Maps CSP -description: The Maps configuration service provider (CSP) is used to configure the maps to download to the device. This CSP was added in Windows 10, version 1511. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: E5157296-7C31-4B08-8877-15304C9F6F26 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: Maps CSP -description: The Maps configuration service provider (CSP) is used to configure the maps to download to the device. This CSP was added in Windows 10, version 1511. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: E5157296-7C31-4B08-8877-15304C9F6F26 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: Maps CSP -description: The Maps configuration service provider (CSP) is used to configure the maps to download to the device. This CSP was added in Windows 10, version 1511. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: E5157296-7C31-4B08-8877-15304C9F6F26 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: Maps CSP -description: The Maps configuration service provider (CSP) is used to configure the maps to download to the device. This CSP was added in Windows 10, version 1511. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: E5157296-7C31-4B08-8877-15304C9F6F26 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: Maps CSP -description: The Maps configuration service provider (CSP) is used to configure the maps to download to the device. This CSP was added in Windows 10, version 1511. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: E5157296-7C31-4B08-8877-15304C9F6F26 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---| +|-------------------------------|--------------------------------------| | **Germany** | | | Baden-Wuerttemberg | bab02b93-31c4-413a-b0fe-95a43e186d8c | | Bavaria | dceea482-12e9-458e-9f0f-21def9a70ed7 | diff --git a/windows/client-management/mdm/maps-ddf-file.md b/windows/client-management/mdm/maps-ddf-file.md index fc1f0771ba..e91dbca47e 100644 --- a/windows/client-management/mdm/maps-ddf-file.md +++ b/windows/client-management/mdm/maps-ddf-file.md @@ -1,19 +1,14 @@ --- title: Maps DDF file description: This topic shows the OMA DM device description framework (DDF) for the Maps configuration service provider. This CSP was added in Windows 10, version 1511. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: EF22DBB6-0578-4FD0-B8A6-19DC03288FAF -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Maps DDF file diff --git a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md b/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md index 60de505d6c..c2896dd7cd 100644 --- a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md +++ b/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md @@ -4,19 +4,14 @@ description: MDM enrollment of Windows-based devices MS-HAID: - 'p\_phdevicemgmt.enrollment\_ui' - 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # MDM enrollment of Windows-based devices @@ -90,806 +85,7 @@ Because joining your device to an Active Directory domain during the OOBE is not There are a few instances where your device cannot be connected to an Active Directory domain: | Connection issue | Explanation | -|--- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- -| +|-----------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | Your device is already connected to an Active Directory domain. | Your device can be connected to only a single Active Directory domain at a time. | | Your device is connected to an Azure AD domain. | Your device can either be connected to an Azure AD domain or an Active Directory domain. You cannot connect to both simultaneously. | | You are logged in as a standard user. | Your device can only be connected to an Azure AD domain if you are logged in as an administrative user. You’ll need to switch to an administrator account to continue. | @@ -960,806 +156,7 @@ All Windows devices can be connected to an Azure AD domain. These devices can be There are a few instances where your device cannot be connected to an Azure AD domain: | Connection issue | Explanation | -|--- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- --| +|-----------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | Your device is connected to an Azure AD domain. | Your device can only be connected to a single Azure AD domain at a time. | | Your device is already connected to an Active Directory domain. | Your device can either be connected to an Azure AD domain or an Active Directory domain. You cannot connect to both simultaneously. | | Your device already has a user connected to a work account. | You can either connect to an Azure AD domain or connect to a work or school account. You cannot connect to both simultaneously. | @@ -1877,1129 +274,28 @@ All Windows 10-based devices can be connected to an MDM. You can connect to an There are a few instances where your device may not be able to connect to work, as described in the following table. | Error Message | Description | -|--- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---|--- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---|--- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---|--- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: MDM enrollment of Windows-based devices -description: MDM enrollment of Windows-based devices -MS-HAID: -- 'p\_phdevicemgmt.enrollment\_ui' -- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- -----| +|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------| +| Your device is already connected to your organization’s cloud. | Your device is already connected to either Azure AD, a work or school account, or an AD domain. | +| We could not find your identity in your organization’s cloud. | The username you entered was not found on your Azure AD tenant. | +| Your device is already being managed by an organization. | Your device is either already managed by MDM or System Center Configuration Manager. | +| You don’t have the right privileges to perform this operation. Please talk to your admin. | You cannot enroll your device into MDM as a standard user. You must be on an administrator account. | +| We couldn’t auto-discover a management endpoint matching the username entered. Please check your username and try again. If you know the URL to your management endpoint, please enter it. | You need to provide the server URL for your MDM or check the spelling of the username you entered. | + +  + +## Connecting your Windows 10-based device to work using a deep link + + +Windows 10-based devices may be connected to work using a deep link. Users will be able to click or open a link in a particular format from anywhere in Windows 10 and be directed to the new enrollment experience. + +In Windows 10, version 1607, deep linking will only be supported for connecting devices to MDM. It will not support adding a work or school account, joining a device to Azure AD, and joining a device to Active Directory. + +The deep link used for connecting your device to work will always use the following format: + +**ms-device-enrollment:?mode={mode\_name}** + +| Parameter | Description | Supported Value for Windows 10| +|-----------|--------------------------------------------------------------|----------------------------------------------| | mode | Describes which mode will be executed in the enrollment app. Added in Windows 10, version 1607| “mdm” | |Username | Specifies the email address or UPN of the user who should be enrolled into MDM. Added in Windows 10, version 1703. | string | | Servername | Specifies the MDM server URL that will be used to enroll the device. Added in Windows 10, version 1703. | string| diff --git a/windows/client-management/mdm/messaging-csp.md b/windows/client-management/mdm/messaging-csp.md index 9892227673..25454c6580 100644 --- a/windows/client-management/mdm/messaging-csp.md +++ b/windows/client-management/mdm/messaging-csp.md @@ -1,18 +1,13 @@ --- title: Messaging CSP description: Messaging CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Messaging CSP The Messaging configuration service provider is used to configure the ability to get text messages audited on a mobile device. This CSP was added in Windows 10, version 1703. diff --git a/windows/client-management/mdm/messaging-ddf.md b/windows/client-management/mdm/messaging-ddf.md index 0c1fdc9708..8a3d8d7e7d 100644 --- a/windows/client-management/mdm/messaging-ddf.md +++ b/windows/client-management/mdm/messaging-ddf.md @@ -1,18 +1,13 @@ --- title: Messaging DDF file description: Messaging DDF file -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Messaging DDF file This topic shows the OMA DM device description framework (DDF) for the Messaging configuration service provider. This CSP was added in Windows 10, version 1703. diff --git a/windows/client-management/mdm/mobile-device-enrollment.md b/windows/client-management/mdm/mobile-device-enrollment.md index 9a55916d83..e0a4d74fa3 100644 --- a/windows/client-management/mdm/mobile-device-enrollment.md +++ b/windows/client-management/mdm/mobile-device-enrollment.md @@ -1,19 +1,14 @@ --- title: Mobile device enrollment description: Mobile device enrollment is the first phase of enterprise management. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 08C8B3DB-3263-414B-A368-F47B94F47A11 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Mobile device enrollment diff --git a/windows/client-management/mdm/nap-csp.md b/windows/client-management/mdm/nap-csp.md index e2083b61bd..d62bf09a6c 100644 --- a/windows/client-management/mdm/nap-csp.md +++ b/windows/client-management/mdm/nap-csp.md @@ -1,19 +1,14 @@ --- title: NAP CSP description: NAP CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 82f04492-88a6-4afd-af10-a62b8d444d21 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # NAP CSP diff --git a/windows/client-management/mdm/napdef-csp.md b/windows/client-management/mdm/napdef-csp.md index 45e15e4d6b..0019bd057b 100644 --- a/windows/client-management/mdm/napdef-csp.md +++ b/windows/client-management/mdm/napdef-csp.md @@ -1,19 +1,14 @@ --- title: NAPDEF CSP description: NAPDEF CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 9bcc65dd-a72b-4f90-aba7-4066daa06988 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # NAPDEF CSP diff --git a/windows/client-management/mdm/networkproxy-csp.md b/windows/client-management/mdm/networkproxy-csp.md index 81ab7c20a6..2e9efd2de6 100644 --- a/windows/client-management/mdm/networkproxy-csp.md +++ b/windows/client-management/mdm/networkproxy-csp.md @@ -1,18 +1,13 @@ --- title: NetworkProxy CSP description: NetworkProxy CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # NetworkProxy CSP The NetworkProxy configuration service provider (CSP) is used to configure a proxy server for ethernet and Wi-Fi connections. These settings do not apply to VPN connections. This CSP was added in Windows 10, version 1703. diff --git a/windows/client-management/mdm/networkproxy-ddf.md b/windows/client-management/mdm/networkproxy-ddf.md index 4aa1244a7f..6657bc67ee 100644 --- a/windows/client-management/mdm/networkproxy-ddf.md +++ b/windows/client-management/mdm/networkproxy-ddf.md @@ -1,18 +1,13 @@ --- title: NetworkProxy DDF file description: AppNetworkProxyLocker DDF file -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # NetworkProxy DDF file This topic shows the OMA DM device description framework (DDF) for the **NetworkProxy** configuration service provider. diff --git a/windows/client-management/mdm/networkqospolicy-csp.md b/windows/client-management/mdm/networkqospolicy-csp.md index d4c7bf4722..eb09ca2909 100644 --- a/windows/client-management/mdm/networkqospolicy-csp.md +++ b/windows/client-management/mdm/networkqospolicy-csp.md @@ -1,18 +1,13 @@ --- title: NetworkQoSPolicy CSP description: he NetworkQoSPolicy CSP applies the Quality of Service (QoS) policy for Microsoft Surface Hub. This CSP was added in Windows 10, version 1703. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # NetworkQoSPolicy CSP The NetworkQoSPolicy configuration service provider creates network Quality of Service (QoS) policies. A QoS policy performs a set of actions on network traffic based on a set of matching conditions. This CSP was added in Windows 10, version 1703. diff --git a/windows/client-management/mdm/networkqospolicy-ddf.md b/windows/client-management/mdm/networkqospolicy-ddf.md index 52b649323f..e22f1a5ac3 100644 --- a/windows/client-management/mdm/networkqospolicy-ddf.md +++ b/windows/client-management/mdm/networkqospolicy-ddf.md @@ -1,19 +1,14 @@ --- title: NetworkQoSPolicy DDF description: This topic shows the OMA DM device description framework (DDF) for the NetworkQoSPolicy configuration service provider. DDF files are used only with OMA DM provisioning XML. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # NetworkQoSPolicy DDF This topic shows the OMA DM device description framework (DDF) for the **NetworkQoSPolicy** configuration service provider. DDF files are used only with OMA DM provisioning XML. diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index d5edd50cac..6c95a92a67 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -4,21 +4,18 @@ description: This topic provides information about what's new and breaking chang MS-HAID: - 'p\_phdevicemgmt.mdm\_enrollment\_and\_management\_overview' - 'p\_phDeviceMgmt.new\_in\_windows\_mdm\_enrollment\_management' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 9C42064F-091C-4901-BC73-9ABE79EE4224 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # What's new in MDM enrollment and management +> [!WARNING] +> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. This topic provides information about what's new and breaking changes in Windows 10 mobile device management (MDM) enrollment and management experience across all Windows 10 devices. @@ -645,6 +642,16 @@ For details about Microsoft mobile device management protocols for Windows 10 s
  • SmartScreen/EnableAppInstallControl
  • SmartScreen/EnableSmartScreenInShell
  • SmartScreen/PreventOverrideForFilesInShell
    • +
  • Start/AllowPinnedFolderDocuments
    • +
  • Start/AllowPinnedFolderDownloads
    • +
  • Start/AllowPinnedFolderFileExplorer
    • +
  • Start/AllowPinnedFolderHomeGroup
    • +
  • Start/AllowPinnedFolderMusic
    • +
  • Start/AllowPinnedFolderNetwork
    • +
  • Start/AllowPinnedFolderPersonalFolder
    • +
  • Start/AllowPinnedFolderPictures
    • +
  • Start/AllowPinnedFolderSettings
    • +
  • Start/AllowPinnedFolderVideos
  • Start/HideAppList
  • Start/HideChangeAccountSettings
  • Start/HideFrequentlyUsedApps
    • @@ -666,6 +673,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
  • TextInput/AllowKeyboardTextSuggestions
  • TimeLanguageSettings/AllowSet24HourClock
  • Update/ActiveHoursMaxRange
    • +
  • Update/AutoRestartDeadlinePeriodInDays
  • Update/AutoRestartNotificationSchedule
  • Update/AutoRestartNotificationStyle
  • Update/AutoRestartRequiredNotificationDismissal
    • @@ -855,6 +863,10 @@ For details about Microsoft mobile device management protocols for Windows 10 s

    Added a section describing SyncML examples of various ADMX elements.

    +[Win32 and Desktop Bridge app policy configuration](win32-and-centennial-app-policy-configuration.md) +New topic. + + [Deploy and configure App-V apps using MDM](appv-deploy-and-config.md)

    Added a new topic describing how to deploy and configure App-V apps using MDM.

    @@ -885,6 +897,18 @@ For details about Microsoft mobile device management protocols for Windows 10 s
  • Ownership
    • + +MDM support for Windows 10 S +

    Updated the following topics to indicate MDM support in Windows 10 S.

    +
      +
    • [Configuration service provider reference](configuration-service-provider-reference.md)
      • +
    • [Policy CSP](policy-configuration-service-provider.md)
      • +
    + + +[TPMPolicy CSP](tpmpolicy-csp.md) +New CSP added in Windows 10, version 1703. +   @@ -1155,6 +1179,60 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware ## Change history in MDM documentation +### June 2017 + + ++++ + + + + + + + + + + + + + + + + + + + + + + +
    New or updated topicDescription
    [Win32 and Desktop Bridge app policy configuration](win32-and-centennial-app-policy-configuration.md)Added a list of registry locations that ingested policies are allowed to write to.
    [Firewall CSP](firewall-csp.md)Added the following nodes: +
      +
    • Profiles
      • +
    • Direction
      • +
    • InterfaceTypes
      • +
    • EdgeTraversal
      • +
    • Status
      • +
    +Also Added [Firewall DDF file](firewall-ddf-file.md).
    [TPMPolicy CSP](tpmpolicy-csp.md)New CSP added in Windows 10, version 1703.
    [Policy CSP](policy-configuration-service-provider.md) +

    Added the following new policies for Windows 10, version 1703:

    +
      +
    • Start/AllowPinnedFolderDocuments
      • +
    • Start/AllowPinnedFolderDownloads
      • +
    • Start/AllowPinnedFolderFileExplorer
      • +
    • Start/AllowPinnedFolderHomeGroup
      • +
    • Start/AllowPinnedFolderMusic
      • +
    • Start/AllowPinnedFolderNetwork
      • +
    • Start/AllowPinnedFolderPersonalFolder
      • +
    • Start/AllowPinnedFolderPictures
      • +
    • Start/AllowPinnedFolderSettings
      • +
    • Start/AllowPinnedFolderVideos
      • +
    • Update/AutoRestartDeadlinePeriodInDays
      • +
    +
    + ### May 2017 @@ -1213,7 +1291,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
  • EnterpriseDataProtection/RetrieveByCount/Type
    • - + + + + + + +
    [Connecting your Windows 10-based device to work using a deep link](mdm-enrollment-of-windows-devices.md#connecting-your-windows-10-based-device-to-work-using-a-deep-link)

    Added following deep link parameters to the table:

      @@ -1225,6 +1303,18 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
    • Ownership
    [Firewall CSP](firewall-csp.md)

    Added new CSP in the next major update to Windows 10.

    +
    MDM support for Windows 10 S

    Updated the following topics to indicate MDM support in Windows 10 S.

    +
      +
    • [Configuration service provider reference](configuration-service-provider-reference.md)
      • +
    • [Policy CSP](policy-configuration-service-provider.md)
      • +
    +
    diff --git a/windows/client-management/mdm/nodecache-csp.md b/windows/client-management/mdm/nodecache-csp.md index ce70c4dc9f..66ec4f198b 100644 --- a/windows/client-management/mdm/nodecache-csp.md +++ b/windows/client-management/mdm/nodecache-csp.md @@ -1,19 +1,14 @@ --- title: NodeCache CSP description: NodeCache CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: b4dd2b0d-79ef-42ac-ab5b-ee07b3097876 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # NodeCache CSP diff --git a/windows/client-management/mdm/nodecache-ddf-file.md b/windows/client-management/mdm/nodecache-ddf-file.md index a57b00c585..1d3eb141bc 100644 --- a/windows/client-management/mdm/nodecache-ddf-file.md +++ b/windows/client-management/mdm/nodecache-ddf-file.md @@ -1,19 +1,14 @@ --- title: NodeCache DDF file description: NodeCache DDF file -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: d7605098-12aa-4423-89ae-59624fa31236 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # NodeCache DDF file diff --git a/windows/client-management/mdm/office-csp.md b/windows/client-management/mdm/office-csp.md index 3358e34686..ca215622b9 100644 --- a/windows/client-management/mdm/office-csp.md +++ b/windows/client-management/mdm/office-csp.md @@ -1,18 +1,13 @@ --- title: Office CSP description: The Office configuration service provider (CSP) enables a Microsoft Office client to be installed on a device. This CSP was added in Windows 10, version 1703. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Office CSP The Office configuration service provider (CSP) enables a Microsoft Office client to be installed on a device via the Office Deployment Tool. For more information, see [Configuration options for the Office Deployment Tool](https://technet.microsoft.com/en-us/library/jj219426.aspx). diff --git a/windows/client-management/mdm/office-ddf.md b/windows/client-management/mdm/office-ddf.md index e75c946922..85f2f48531 100644 --- a/windows/client-management/mdm/office-ddf.md +++ b/windows/client-management/mdm/office-ddf.md @@ -1,19 +1,14 @@ --- title: Office DDF description: This topic shows the OMA DM device description framework (DDF) for the Office configuration service provider. DDF files are used only with OMA DM provisioning XML. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Office DDF This topic shows the OMA DM device description framework (DDF) for the **Office** configuration service provider. DDF files are used only with OMA DM provisioning XML. diff --git a/windows/client-management/mdm/oma-dm-protocol-support.md b/windows/client-management/mdm/oma-dm-protocol-support.md index 0008907879..8ebb0eebf3 100644 --- a/windows/client-management/mdm/oma-dm-protocol-support.md +++ b/windows/client-management/mdm/oma-dm-protocol-support.md @@ -1,20 +1,15 @@ --- title: OMA DM protocol support description: OMA DM protocol support -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: e882aaae-447e-4bd4-9275-463824da4fa0 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # OMA DM protocol support The OMA DM client communicates with the server over HTTPS and uses DM Sync (OMA DM v1.2) as the message payload. This topic describes the OMA DM functionality that the DM client supports in general. The full description of the OMA DM protocol v1.2 can be found at the [OMA website](http://go.microsoft.com/fwlink/p/?LinkId=267526). @@ -355,553 +350,7 @@ The following LocURL shows a per device CSP node configuration: **./device/vendo When using SyncML in OMA DM, there are standard response status codes that are returned. The following table lists the common SyncML response status codes you are likely to see. For more information about SyncML response status codes, see section 10 of the [SyncML Representation Protocol](http://go.microsoft.com/fwlink/p/?LinkId=526905) specification. | Status code | Description | -|--- -title: OMA DM protocol support -description: OMA DM protocol support -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: e882aaae-447e-4bd4-9275-463824da4fa0 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: OMA DM protocol support -description: OMA DM protocol support -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: e882aaae-447e-4bd4-9275-463824da4fa0 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- --|--- -title: OMA DM protocol support -description: OMA DM protocol support -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: e882aaae-447e-4bd4-9275-463824da4fa0 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: OMA DM protocol support -description: OMA DM protocol support -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: e882aaae-447e-4bd4-9275-463824da4fa0 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: OMA DM protocol support -description: OMA DM protocol support -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: e882aaae-447e-4bd4-9275-463824da4fa0 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: OMA DM protocol support -description: OMA DM protocol support -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: e882aaae-447e-4bd4-9275-463824da4fa0 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: OMA DM protocol support -description: OMA DM protocol support -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: e882aaae-447e-4bd4-9275-463824da4fa0 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: OMA DM protocol support -description: OMA DM protocol support -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: e882aaae-447e-4bd4-9275-463824da4fa0 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: OMA DM protocol support -description: OMA DM protocol support -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: e882aaae-447e-4bd4-9275-463824da4fa0 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: OMA DM protocol support -description: OMA DM protocol support -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: e882aaae-447e-4bd4-9275-463824da4fa0 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: OMA DM protocol support -description: OMA DM protocol support -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: e882aaae-447e-4bd4-9275-463824da4fa0 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: OMA DM protocol support -description: OMA DM protocol support -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: e882aaae-447e-4bd4-9275-463824da4fa0 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: OMA DM protocol support -description: OMA DM protocol support -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: e882aaae-447e-4bd4-9275-463824da4fa0 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: OMA DM protocol support -description: OMA DM protocol support -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: e882aaae-447e-4bd4-9275-463824da4fa0 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: OMA DM protocol support -description: OMA DM protocol support -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: e882aaae-447e-4bd4-9275-463824da4fa0 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: OMA DM protocol support -description: OMA DM protocol support -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: e882aaae-447e-4bd4-9275-463824da4fa0 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: OMA DM protocol support -description: OMA DM protocol support -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: e882aaae-447e-4bd4-9275-463824da4fa0 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: OMA DM protocol support -description: OMA DM protocol support -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: e882aaae-447e-4bd4-9275-463824da4fa0 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: OMA DM protocol support -description: OMA DM protocol support -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: e882aaae-447e-4bd4-9275-463824da4fa0 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: OMA DM protocol support -description: OMA DM protocol support -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: e882aaae-447e-4bd4-9275-463824da4fa0 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: OMA DM protocol support -description: OMA DM protocol support -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: e882aaae-447e-4bd4-9275-463824da4fa0 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: OMA DM protocol support -description: OMA DM protocol support -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: e882aaae-447e-4bd4-9275-463824da4fa0 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: OMA DM protocol support -description: OMA DM protocol support -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: e882aaae-447e-4bd4-9275-463824da4fa0 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: OMA DM protocol support -description: OMA DM protocol support -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: e882aaae-447e-4bd4-9275-463824da4fa0 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: OMA DM protocol support -description: OMA DM protocol support -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: e882aaae-447e-4bd4-9275-463824da4fa0 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: OMA DM protocol support -description: OMA DM protocol support -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: e882aaae-447e-4bd4-9275-463824da4fa0 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: OMA DM protocol support -description: OMA DM protocol support -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: e882aaae-447e-4bd4-9275-463824da4fa0 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: OMA DM protocol support -description: OMA DM protocol support -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: e882aaae-447e-4bd4-9275-463824da4fa0 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: OMA DM protocol support -description: OMA DM protocol support -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: e882aaae-447e-4bd4-9275-463824da4fa0 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: OMA DM protocol support -description: OMA DM protocol support -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: e882aaae-447e-4bd4-9275-463824da4fa0 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: OMA DM protocol support -description: OMA DM protocol support -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: e882aaae-447e-4bd4-9275-463824da4fa0 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: OMA DM protocol support -description: OMA DM protocol support -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: e882aaae-447e-4bd4-9275-463824da4fa0 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: OMA DM protocol support -description: OMA DM protocol support -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: e882aaae-447e-4bd4-9275-463824da4fa0 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: OMA DM protocol support -description: OMA DM protocol support -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: e882aaae-447e-4bd4-9275-463824da4fa0 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: OMA DM protocol support -description: OMA DM protocol support -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: e882aaae-447e-4bd4-9275-463824da4fa0 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: OMA DM protocol support -description: OMA DM protocol support -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: e882aaae-447e-4bd4-9275-463824da4fa0 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: OMA DM protocol support -description: OMA DM protocol support -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: e882aaae-447e-4bd4-9275-463824da4fa0 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: OMA DM protocol support -description: OMA DM protocol support -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: e882aaae-447e-4bd4-9275-463824da4fa0 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: OMA DM protocol support -description: OMA DM protocol support -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: e882aaae-447e-4bd4-9275-463824da4fa0 -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ------| +|-------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | 200 | The SyncML command completed successfully. | | 202 | Accepted for processing. This is usually an asynchronous operation, such as a request to run a remote execution of an application. | | 212 | Authentication accepted. Normally you'll only see this in response to the SyncHdr element (used for authentication in the OMA-DM standard). You may see this if you look at OMA DM logs, but CSPs do not typically generate this. | diff --git a/windows/client-management/mdm/on-premise-authentication-device-enrollment.md b/windows/client-management/mdm/on-premise-authentication-device-enrollment.md index e115654043..2ecd4d724f 100644 --- a/windows/client-management/mdm/on-premise-authentication-device-enrollment.md +++ b/windows/client-management/mdm/on-premise-authentication-device-enrollment.md @@ -1,19 +1,14 @@ --- title: On-premise authentication device enrollment description: This section provides an example of the mobile device enrollment protocol using on-premise authentication policy. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 626AC8B4-7575-4C41-8D59-185D607E3A47 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # On-premise authentication device enrollment diff --git a/windows/client-management/mdm/passportforwork-csp.md b/windows/client-management/mdm/passportforwork-csp.md index 2a27ad0675..ed858a4dcc 100644 --- a/windows/client-management/mdm/passportforwork-csp.md +++ b/windows/client-management/mdm/passportforwork-csp.md @@ -1,19 +1,14 @@ --- title: PassportForWork CSP description: The PassportForWork configuration service provider is used to provision Windows Hello for Business (formerly Microsoft Passport for Work). -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 3BAE4827-5497-41EE-B47F-5C071ADB2C51 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # PassportForWork CSP The PassportForWork configuration service provider is used to provision Windows Hello for Business (formerly Microsoft Passport for Work). It allows you to login to Windows using your Active Directory or Azure Active Directory account and replace passwords, smartcards, and virtual smart cards. @@ -56,21 +51,10 @@ The following diagram shows the PassportForWork configuration service provider i

    Supported operations are Add, Get, Delete, and Replace. -***TenantId*/Policies/ExcludeSecurityDevices/TPM12** (only for ./Device/Vendor/MSFT) +***TenantId*/Policies/ExcludeSecurityDevices** (only for ./Device/Vendor/MSFT) +

    Added in Windows 10, version 1703. Root node for excluded security devices. + +***TenantId*/Policies/ExcludeSecurityDevices/TPM12** (only for ./Device/Vendor/MSFT)

    Added in Windows 10, version 1703. Some Trusted Platform Modules (TPMs) are compliant only with the older 1.2 revision of the TPM specification defined by the Trusted Computing Group (TCG).

    Default value is false. If you enable this policy setting, TPM revision 1.2 modules will be disallowed from being used with Windows Hello for Business. @@ -89,60 +73,137 @@ This cloud service encrypts a recovery secret, which is stored locally on the cl

    Supported operations are Add, Get, Delete, and Replace. -***TenantId*/Policies/Remote** (only for ./Device/Vendor/MSFT) +***TenantId*/Policies/UseCertificateForOnPremAuth** (only for ./Device/Vendor/MSFT) +

    Boolean value that enables Windows Hello for Business to use certificates to authenticate on-premise resources. + +

    If you enable this policy setting, Windows Hello for Business will wait until the device has received a certificate payload from the mobile device management server before provisioning a PIN. + +

    If you disable or do not configure this policy setting, the PIN will be provisioned when the user logs in, without waiting for a certificate payload. + +

    Supported operations are Add, Get, Delete, and Replace. + +***TenantId*/Policies/PINComplexity** +

    Node for defining PIN settings. + +***TenantId*/Policies/PINComplexity/MinimumPINLength** +

    Integer value that sets the minimum number of characters required for the PIN. Default value is 4. The lowest number you can configure for this policy setting is 4. The largest number you can configure must be less than the number configured in the Maximum PIN length policy setting or the number 127, whichever is the lowest. + +

    If you configure this policy setting, the PIN length must be greater than or equal to this number. If you disable or do not configure this policy setting, the PIN length must be greater than or equal to 4. + +> [!NOTE] +> If the conditions specified above for the minimum PIN length are not met, default values will be used for both the maximum and minimum PIN lengths. + +  +

    Value type is int. Supported operations are Add, Get, Delete, and Replace. + +***TenantId*/Policies/PINComplexity/MaximumPINLength** +

    Integer value that sets the maximum number of characters allowed for the PIN. Default value is 127. The largest number you can configure for this policy setting is 127. The lowest number you can configure must be larger than the number configured in the Minimum PIN length policy setting or the number 4, whichever is greater. + +

    If you configure this policy setting, the PIN length must be less than or equal to this number. If you disable or do not configure this policy setting, the PIN length must be less than or equal to 127. + +> [!NOTE] +> If the conditions specified above for the maximum PIN length are not met, default values will be used for both the maximum and minimum PIN lengths. + +  +

    Supported operations are Add, Get, Delete, and Replace. + +***TenantId*/Policies/PINComplexity/UppercaseLetters** +

    Integer value that configures the use of uppercase letters in the Windows Hello for Business PIN. + +

    Valid values: + +- 0 - Allows the use of uppercase letters in PIN. +- 1 - Requires the use of at least one uppercase letters in PIN. +- 2 - Does not allow the use of uppercase letters in PIN. + +

    Default value is 2. Default PIN complexity behavior is that digits are required and all other character sets are not allowed. If all character sets are allowed but none are explicitly required, then the default PIN complexity behavior will apply. + +

    Supported operations are Add, Get, Delete, and Replace. + +***TenantId*/Policies/PINComplexity/LowercaseLetters** +

    Integer value that configures the use of lowercase letters in the Windows Hello for Business PIN. + +

    Valid values: + +- 0 - Allows the use of lowercase letters in PIN. +- 1 - Requires the use of at least one lowercase letters in PIN. +- 2 - Does not allow the use of lowercase letters in PIN. + +

    Default value is 2. Default PIN complexity behavior is that digits are required and all other character sets are not allowed. If all character sets are allowed but none are explicitly required, then the default PIN complexity behavior will apply. + +

    Supported operations are Add, Get, Delete, and Replace. + +***TenantId*/Policies/PINComplexity/SpecialCharacters** +

    Integer value that configures the use of special characters in the Windows Hello for Business PIN. Valid special characters for Windows Hello for Business PIN gestures include: ! " \# $ % & ' ( ) \* + , - . / : ; < = > ? @ \[ \\ \] ^ \_ \` { | } ~ . + +

    Valid values: + +- 0 - Allows the use of special characters in PIN. +- 1 - Requires the use of at least one special character in PIN. +- 2 - Does not allow the use of special characters in PIN. + +

    Default value is 2. Default PIN complexity behavior is that digits are required and all other character sets are not allowed. If all character sets are allowed but none are explicitly required, then the default PIN complexity behavior will apply. + +

    Supported operations are Add, Get, Delete, and Replace. + +***TenantId*/Policies/PINComplexity/Digits** +

    Integer value that configures the use of digits in the Windows Hello for Business PIN. + +

    Valid values: + +- 0 - Allows the use of digits in PIN. +- 1 - Requires the use of at least one digit in PIN. +- 2 - Does not allow the use of digits in PIN. + +

    Default value is 1. Default PIN complexity behavior is that digits are required and all other character sets are not allowed. If all character sets are allowed but none are explicitly required, then the default PIN complexity behavior will apply. + +

    Supported operations are Add, Get, Delete, and Replace. + +***TenantId*/Policies/PINComplexity/History** +

    Integer value that specifies the number of past PINs that can be associated to a user account that can’t be reused. The largest number you can configure for this policy setting is 50. The lowest number you can configure for this policy setting is 0. If this policy is set to 0, then storage of previous PINs is not required. This node was added in Windows 10, version 1511. + +

    The current PIN of the user is included in the set of PINs associated with the user account. PIN history is not preserved through a PIN reset. + +

    Default value is 0. + +

    Supported operations are Add, Get, Delete, and Replace. + +***TenantId*/Policies/PINComplexity/Expiration** +

    Integer value specifies the period of time (in days) that a PIN can be used before the system requires the user to change it. The largest number you can configure for this policy setting is 730. The lowest number you can configure for this policy setting is 0. If this policy is set to 0, then the user’s PIN will never expire. This node was added in Windows 10, version 1511. + +

    Default is 0. + +

    Supported operations are Add, Get, Delete, and Replace. + +***TenantId*/Policies/Remote** (only for ./Device/Vendor/MSFT)

    Interior node for defining remote Windows Hello for Business policies. This node was added in Windows 10, version 1511. -**Biometrics** (only for ./Device/Vendor/MSFT) +***TenantId*/Policies/Remote/UseRemotePassport** (only for ./Device/Vendor/MSFT) +

    Boolean value used to enable or disable the use of remote Windows Hello for Business. Remote Windows Hello for Business provides the ability for a portable, registered device to be usable as a companion device for desktop authentication. Remote Windows Hello for Business requires that the desktop be Azure AD joined and that the companion device has a Windows Hello for Business PIN. This node was added in Windows 10, version 1511. + +

    Default value is false. If you set this policy to true, Remote Windows Hello for Business will be enabled and a portable, registered device can be used as a companion device for desktop authentication. If you set this policy to false, Remote Windows Hello for Business will be disabled. + +

    Supported operations are Add, Get, Delete, and Replace. + +**UseBiometrics** +

    This node is deprecated. Use **Biometrics/UseBiometrics** node instead. + +**Biometrics** (only for ./Device/Vendor/MSFT)

    Node for defining biometric settings. This node was added in Windows 10, version 1511. -**Biometrics/FacialFeaturesUseEnhancedAntiSpoofing** (only for ./Device/Vendor/MSFT) +**Biometrics/UseBiometrics** (only for ./Device/Vendor/MSFT) +

    Boolean value used to enable or disable the use of biometric gestures, such as face and fingerprint, as an alternative to the PIN gesture for Windows Hello for Business. Users must still configure a PIN if they configure biometric gestures to use in case of failures. This node was added in Windows 10, version 1511. + +

    Default value is false. If you set this policy to true, biometric gestures are enabled for use with Windows Hello for Business. If you set this policy to false, biometric gestures are disabled for use with Windows Hello for Business. + +

    Supported operations are Add, Get, Delete, and Replace. + +**Biometrics/FacialFeaturesUseEnhancedAntiSpoofing** (only for ./Device/Vendor/MSFT)

    Boolean value used to enable or disable enhanced anti-spoofing for facial feature recognition on Windows Hello face authentication. This node was added in Windows 10, version 1511. -

    Default value is false. If you set this policy to true or don't configure this setting, Windows requires all users on managed devices to use enhanced anti-spoofing for Windows Hello face authentication. Windows Hello face authentication is disabled on devices that do not support enhanced anti-spoofing. +

    Default value is false. If you set this policy to false or don't configure this setting, Windows doesn't require enhanced anti-spoofing for Windows Hello face authentication. -

    If you set this policy to false, Windows doesn't require enhanced anti-spoofing for Windows Hello face authentication. +

    If you set this policy to true, Windows requires all users on managed devices to use enhanced anti-spoofing for Windows Hello face authentication. Windows Hello face authentication is disabled on devices that do not support enhanced anti-spoofing.

    Note that enhanced anti-spoofing for Windows Hello face authentication is not required on unmanaged devices. diff --git a/windows/client-management/mdm/passportforwork-ddf.md b/windows/client-management/mdm/passportforwork-ddf.md index 45998c9fe0..e425bb220d 100644 --- a/windows/client-management/mdm/passportforwork-ddf.md +++ b/windows/client-management/mdm/passportforwork-ddf.md @@ -1,19 +1,14 @@ --- title: PassportForWork DDF description: This topic shows the OMA DM device description framework (DDF) for the PassportForWork configuration service provider. DDF files are used only with OMA DM provisioning XML. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: A2182898-1577-4675-BAE5-2A3A9C2AAC9B -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # PassportForWork DDF This topic shows the OMA DM device description framework (DDF) for the **PassportForWork** configuration service provider. DDF files are used only with OMA DM provisioning XML. diff --git a/windows/client-management/mdm/personalization-csp.md b/windows/client-management/mdm/personalization-csp.md index fda977f193..85c52cab60 100644 --- a/windows/client-management/mdm/personalization-csp.md +++ b/windows/client-management/mdm/personalization-csp.md @@ -1,18 +1,13 @@ --- title: Personalization CSP description: Personalization CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Personalization CSP The Personalization CSP can set the lock screen and desktop background images. Setting these policies also prevents the user from changing the image. You can also use the Personalization settings in a provisioning package. diff --git a/windows/client-management/mdm/personalization-ddf.md b/windows/client-management/mdm/personalization-ddf.md index e28e6a5c70..85d8ef7bb0 100644 --- a/windows/client-management/mdm/personalization-ddf.md +++ b/windows/client-management/mdm/personalization-ddf.md @@ -1,18 +1,13 @@ --- title: Personalization DDF file description: Personalization DDF file -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Personalization DDF file This topic shows the OMA DM device description framework (DDF) for the **Personalization** configuration service provider. diff --git a/windows/client-management/mdm/policy-admx-backed.md b/windows/client-management/mdm/policy-admx-backed.md deleted file mode 100644 index 0f9adeba2a..0000000000 --- a/windows/client-management/mdm/policy-admx-backed.md +++ /dev/null @@ -1,4037 +0,0 @@ ---- -title: Policy CSP - ADMX-backed policies -description: Policy CSP - ADMX-backed policies -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 4F3A1134-D401-44FC-A583-6EDD3070BA4F -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- - - -# Policy CSP - ADMX-backed policies - -The Policy configuration service provider enables the enterprise to configure policies on Windows 10. Use this configuration service provider to configure any company policies. This reference topic targets only policies which are backed by ADMX. To understand the difference between traditional MDM and ADMX-backed policies please see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md). - -## Table of ADMX-backed policies for Windows 10, version 1703. - -> [!IMPORTANT] -> To navigate the table horizontally, click on the table and then use the left and right scroll keys on your keyboard or use the scroll bar at the bottom of the table. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    MDM CSP setting path/nameGP english nameGP english category pathGP nameGP ADMX file name
    ActiveXControls/ApprovedInstallationSitesApproved Installation Sites for ActiveX ControlsWindows Components/ActiveX Installer ServiceApprovedActiveXInstallSitesActiveXInstallService.admx
    AppVirtualization/AllowAppVClientEnable App-V ClientSystem/App-VEnableAppVappv.admx
    AppVirtualization/AllowDynamicVirtualizationEnable Dynamic VirtualizationSystem/App-V/VirtualizationVirtualization_JITVEnableappv.admx
    AppVirtualization/AllowPackageCleanupEnable automatic cleanup of unused appv packagesSystem/App-V/Package ManagementPackageManagement_AutoCleanupEnableappv.admx
    AppVirtualization/AllowPackageScriptsEnable Package ScriptsSystem/App-V/ScriptingScripting_Enable_Package_Scriptsappv.admx
    AppVirtualization/AllowPublishingRefreshUXEnable Publishing Refresh UXSystem/App-V/PublishingEnable_Publishing_Refresh_UXappv.admx
    AppVirtualization/AllowReportingServerReporting ServerSystem/App-V/ReportingReporting_Server_Policyappv.admx
    AppVirtualization/AllowRoamingFileExclusionsRoaming File ExclusionsSystem/App-V/IntegrationIntegration_Roaming_File_Exclusionsappv.admx
    AppVirtualization/AllowRoamingRegistryExclusionsRoaming Registry ExclusionsSystem/App-V/IntegrationIntegration_Roaming_Registry_Exclusionsappv.admx
    AppVirtualization/AllowStreamingAutoloadSpecify what to load in background (aka AutoLoad)System/App-V/StreamingSteaming_Autoloadappv.admx
    AppVirtualization/ClientCoexistenceAllowMigrationmodeEnable Migration ModeSystem/App-V/Client CoexistenceClient_Coexistence_Enable_Migration_modeappv.admx
    AppVirtualization/IntegrationAllowRootGlobalIntegration Root UserSystem/App-V/IntegrationIntegration_Root_Userappv.admx
    AppVirtualization/IntegrationAllowRootUserIntegration Root GlobalSystem/App-V/IntegrationIntegration_Root_Globalappv.admx
    AppVirtualization/PublishingAllowServer1Publishing Server 1 SettingsSystem/App-V/PublishingPublishing_Server1_Policyappv.admx
    AppVirtualization/PublishingAllowServer2Publishing Server 2 SettingsSystem/App-V/PublishingPublishing_Server2_Policyappv.admx
    AppVirtualization/PublishingAllowServer3Publishing Server 3 SettingsSystem/App-V/PublishingPublishing_Server3_Policyappv.admx
    AppVirtualization/PublishingAllowServer4Publishing Server 4 SettingsSystem/App-V/PublishingPublishing_Server4_Policyappv.admx
    AppVirtualization/PublishingAllowServer5Publishing Server 5 SettingsSystem/App-V/PublishingPublishing_Server5_Policyappv.admx
    AppVirtualization/StreamingAllowCertificateFilterForClient_SSLCertificate Filter For Client SSLSystem/App-V/StreamingStreaming_Certificate_Filter_For_Client_SSLappv.admx
    AppVirtualization/StreamingAllowHighCostLaunchAllow First Time Application Launches if on a High Cost Windows 8 Metered ConnectionSystem/App-V/StreamingStreaming_Allow_High_Cost_Launchappv.admx
    AppVirtualization/StreamingAllowLocationProviderLocation ProviderSystem/App-V/StreamingStreaming_Location_Providerappv.admx
    AppVirtualization/StreamingAllowPackageInstallationRootPackage Installation RootSystem/App-V/StreamingStreaming_Package_Installation_Rootappv.admx
    AppVirtualization/StreamingAllowPackageSourceRootPackage Source RootSystem/App-V/StreamingStreaming_Package_Source_Rootappv.admx
    AppVirtualization/StreamingAllowReestablishmentIntervalReestablishment IntervalSystem/App-V/StreamingStreaming_Reestablishment_Intervalappv.admx
    AppVirtualization/StreamingAllowReestablishmentRetriesReestablishment RetriesSystem/App-V/StreamingStreaming_Reestablishment_Retriesappv.admx
    AppVirtualization/StreamingSharedContentStoreModeShared Content Store (SCS) modeSystem/App-V/StreamingStreaming_Shared_Content_Store_Modeappv.admx
    AppVirtualization/StreamingSupportBranchCacheEnable Support for BranchCacheSystem/App-V/StreamingStreaming_Support_Branch_Cacheappv.admx
    AppVirtualization/StreamingVerifyCertificateRevocationListVerify certificate revocation listSystem/App-V/StreamingStreaming_Verify_Certificate_Revocation_Listappv.admx
    AppVirtualization/VirtualComponentsAllowListVirtual Component Process Allow ListSystem/App-V/VirtualizationVirtualization_JITVAllowListappv.admx
    AttachmentManager/DoNotPreserveZoneInformationDo not preserve zone information in file attachmentsWindows Components/Attachment ManagerAM_MarkZoneOnSavedAtttachmentsAttachmentManager.admx
    AttachmentManager/HideZoneInfoMechanismHide mechanisms to remove zone informationWindows Components/Attachment ManagerAM_RemoveZoneInfoAttachmentManager.admx
    AttachmentManager/NotifyAntivirusProgramsNotify antivirus programs when opening attachmentsWindows Components/Attachment ManagerAM_CallIOfficeAntiVirusAttachmentManager.admx
    Autoplay/DisallowAutoplayForNonVolumeDevicesDisallow Autoplay for non-volume devicesWindows Components/AutoPlay PoliciesNoAutoplayfornonVolumeAutoPlay.admx
    Autoplay/SetDefaultAutoRunBehaviorSet the default behavior for AutoRunWindows Components/AutoPlay PoliciesNoAutorunAutoPlay.admx
    Autoplay/TurnOffAutoPlayTurn off AutoplayWindows Components/AutoPlay PoliciesAutorunAutoPlay.admx
    Connectivity/HardenedUNCPathsHardened UNC PathsNetwork/Network ProviderPol_HardenedPathsnetworkprovider.admx
    CredentialProviders/AllowPINLogonTurn on convenience PIN sign-inSystem/LogonAllowDomainPINLogoncredentialproviders.admx
    CredentialProviders/BlockPicturePasswordTurn off picture password sign-inSystem/LogonBlockDomainPicturePasswordcredentialproviders.admx
    CredentialsUI/DisablePasswordRevealDo not display the password reveal buttonWindows Components/Credential User InterfaceDisablePasswordRevealcredui.admx
    CredentialsUI/EnumerateAdministratorsEnumerate administrator accounts on elevationWindows Components/Credential User InterfaceEnumerateAdministratorscredui.admx
    DataUsage/SetCost3GSet 3G CostNetwork/WWAN Service/WWAN Media CostSetCost3Gwwansvc.admx
    DataUsage/SetCost4GSet 4G CostNetwork/WWAN Service/WWAN Media CostSetCost4Gwwansvc.admx
    Desktop/PreventUserRedirectionOfProfileFolders   desktop.admx
    DeviceInstallation/PreventInstallationOfMatchingDeviceIDsPrevent installation of devices that match any of these device IDsSystem/Device Installation/Device Installation RestrictionsDeviceInstall_IDs_Denydeviceinstallation.admx
    DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClassesPrevent installation of devices using drivers that match these device setup classesSystem/Device Installation/Device Installation RestrictionsDeviceInstall_Classes_Denydeviceinstallation.admx
    DeviceLock/PreventLockScreenSlideShow   ControlPanelDisplay.admx
    ErrorReporting/CustomizeConsentSettingsCustomize consent settingsWindows Components/Windows Error Reporting/ConsentWerConsentCustomize_2ErrorReporting.admx
    ErrorReporting/DisableWindowsErrorReportingDisable Windows Error ReportingWindows Components/Windows Error ReportingWerDisable_2ErrorReporting.admx
    ErrorReporting/DisplayErrorNotificationDisplay Error NotificationWindows Components/Windows Error ReportingPCH_ShowUIErrorReporting.admx
    ErrorReporting/DoNotSendAdditionalDataDo not send additional dataWindows Components/Windows Error ReportingWerNoSecondLevelData_2ErrorReporting.admx
    ErrorReporting/PreventCriticalErrorDisplayPrevent display of the user interface for critical errorsWindows Components/Windows Error ReportingWerDoNotShowUIErrorReporting.admx
    EventLogService/ControlEventLogBehaviorControl Event Log behavior when the log file reaches its maximum sizeWindows Components/Event Log Service/ApplicationChannel_Log_Retention_1eventlog.admx
    EventLogService/SpecifyMaximumFileSizeApplicationLogSpecify the maximum log file size (KB)Windows Components/Event Log Service/ApplicationChannel_LogMaxSize_1eventlog.admx
    EventLogService/SpecifyMaximumFileSizeSecurityLogSpecify the maximum log file size (KB)Windows Components/Event Log Service/SecurityChannel_LogMaxSize_2eventlog.admx
    EventLogService/SpecifyMaximumFileSizeSystemLogSpecify the maximum log file size (KB)Windows Components/Event Log Service/SystemChannel_LogMaxSize_4eventlog.admx
    InternetExplorer/AddSearchProviderAdd a specific list of search providers to the user's list of search providersWindows Components/Internet ExplorerAddSearchProviderinetres.admx
    InternetExplorer/AllowActiveXFilteringTurn on ActiveX FilteringWindows Components/Internet ExplorerTurnOnActiveXFilteringinetres.admx
    InternetExplorer/AllowAddOnListAdd-on ListWindows Components/Internet Explorer/Security Features/Add-on ManagementAddonManagement_AddOnListinetres.admx
    InternetExplorer/AllowEnhancedProtectedModeTurn on Enhanced Protected ModeWindows Components/Internet Explorer/Internet Control Panel/Advanced PageAdvanced_EnableEnhancedProtectedModeinetres.admx
    InternetExplorer/AllowEnterpriseModeFromToolsMenuLet users turn on and use Enterprise Mode from the Tools menuWindows Components/Internet ExplorerEnterpriseModeEnableinetres.admx
    InternetExplorer/AllowEnterpriseModeSiteListUse the Enterprise Mode IE website listWindows Components/Internet ExplorerEnterpriseModeSiteListinetres.admx
    InternetExplorer/AllowInternetExplorer7PolicyList Use Policy List of Internet Explorer 7 sitesCompatView_UsePolicyListinetres.admx
    InternetExplorer/AllowInternetExplorerStandardsModeTurn on Internet Explorer Standards Mode for local intranetWindows Components/Internet Explorer/Compatibility ViewCompatView_IntranetSitesinetres.admx
    InternetExplorer/AllowInternetZoneTemplateInternet Zone TemplateWindows Components/Internet Explorer/Internet Control Panel/Security PageIZ_PolicyInternetZoneTemplateinetres.admx
    InternetExplorer/AllowIntranetZoneTemplateIntranet Zone TemplateWindows Components/Internet Explorer/Internet Control Panel/Security PageIZ_PolicyIntranetZoneTemplateinetres.admx
    InternetExplorer/AllowLocalMachineZoneTemplateLocal Machine Zone TemplateWindows Components/Internet Explorer/Internet Control Panel/Security PageIZ_PolicyLocalMachineZoneTemplateinetres.admx
    InternetExplorer/AllowLockedDownInternetZoneTemplateLocked-Down Internet Zone TemplateWindows Components/Internet Explorer/Internet Control Panel/Security PageIZ_PolicyInternetZoneLockdownTemplateinetres.admx
    InternetExplorer/AllowLockedDownIntranetZoneTemplateLocked-Down Intranet Zone TemplateWindows Components/Internet Explorer/Internet Control Panel/Security PageIZ_PolicyIntranetZoneLockdownTemplateinetres.admx
    InternetExplorer/AllowLockedDownLocalMachineZoneTemplateLocked-Down Local Machine Zone TemplateWindows Components/Internet Explorer/Internet Control Panel/Security PageIZ_PolicyLocalMachineZoneLockdownTemplateinetres.admx
    InternetExplorer/AllowLockedDownRestrictedSitesZoneTemplateLocked-Down Restricted Sites Zone TemplateWindows Components/Internet Explorer/Internet Control Panel/Security PageIZ_PolicyRestrictedSitesZoneLockdownTemplateinetres.admx
    InternetExplorer/AllowOneWordEntryGo to an intranet site for a one-word entry in the Address barWindows Components/Internet Explorer/Internet Settings/Advanced settings/BrowsingUseIntranetSiteForOneWordEntryinetres.admx
    InternetExplorer/AllowSiteToZoneAssignmentListSite to Zone Assignment ListWindows Components/Internet Explorer/Internet Control Panel/Security PageIZ_Zonemapsinetres.admx
    InternetExplorer/AllowSuggestedSitesTurn on Suggested SitesWindows Components/Internet ExplorerEnableSuggestedSitesinetres.admx
    InternetExplorer/AllowTrustedSitesZoneTemplateTrusted Sites Zone TemplateWindows Components/Internet Explorer/Internet Control Panel/Security PageIZ_PolicyTrustedSitesZoneTemplateinetres.admx
    InternetExplorer/AllowsLockedDownTrustedSitesZoneTemplateLocked-Down Trusted Sites Zone TemplateIZ_PolicyTrustedSitesZoneLockdownTemplateinetres.admx
    InternetExplorer/AllowsRestrictedSitesZoneTemplateRestricted Sites Zone TemplateWindows Components/Internet Explorer/Internet Control Panel/Security PageIZ_PolicyRestrictedSitesZoneTemplateinetres.admx
    InternetExplorer/DisableAdobeFlashTurn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objectsWindows Components/Internet Explorer/Security Features/Add-on ManagementDisableFlashInIEinetres.admx
    InternetExplorer/DisableBypassOfSmartScreenWarnings   inetres.admx
    InternetExplorer/DisableBypassOfSmartScreenWarningsAboutUncommonFiles   inetres.admx
    InternetExplorer/DisableCustomerExperienceImprovementProgramParticipationPrevent participation in the Customer Experience Improvement ProgramWindows Components/Internet ExplorerSQM_DisableCEIPinetres.admx
    InternetExplorer/DisableEnclosureDownloadingPrevent downloading of enclosuresWindows Components/RSS FeedsDisable_Downloading_of_Enclosuresinetres.admx
    InternetExplorer/DisableEncryptionSupportTurn off encryption supportWindows Components/Internet Explorer/Internet Control Panel/Advanced PageAdvanced_SetWinInetProtocolsinetres.admx
    InternetExplorer/DisableFirstRunWizardPrevent running First Run wizardWindows Components/Internet ExplorerNoFirstRunCustomiseinetres.admx
    InternetExplorer/DisableFlipAheadFeatureTurn off the flip ahead with page prediction featureWindows Components/Internet Explorer/Internet Control Panel/Advanced PageAdvanced_DisableFlipAheadinetres.admx
    InternetExplorer/DisableHomePageChangeDisable changing home page settingsWindows Components/Internet ExplorerRestrictHomePageinetres.admx
    InternetExplorer/DisableProxyChange   inetres.admx
    InternetExplorer/DisableSearchProviderChangePrevent changing the default search providerWindows Components/Internet ExplorerNoSearchProviderinetres.admx
    InternetExplorer/DisableSecondaryHomePageChangeDisable changing secondary home page settingsWindows Components/Internet ExplorerSecondaryHomePagesinetres.admx
    InternetExplorer/DisableUpdateCheck   inetres.admx
    InternetExplorer/DoNotAllowUsersToAddSites   inetres.admx
    InternetExplorer/DoNotAllowUsersToChangePolicies   inetres.admx
    InternetExplorer/DoNotBlockOutdatedActiveXControlsTurn off blocking of outdated ActiveX controls for Internet ExplorerWindows Components/Internet Explorer/Security Features/Add-on ManagementVerMgmtDisableinetres.admx
    InternetExplorer/DoNotBlockOutdatedActiveXControlsOnSpecificDomainsTurn off blocking of outdated ActiveX controls for Internet Explorer on specific domainsWindows Components/Internet Explorer/Security Features/Add-on ManagementVerMgmtDomainAllowlistinetres.admx
    InternetExplorer/IncludeAllLocalSitesIntranet Sites: Include all local (intranet) sites not listed in other zonesWindows Components/Internet Explorer/Internet Control Panel/Security PageIZ_IncludeUnspecifiedLocalSitesinetres.admx
    InternetExplorer/IncludeAllNetworkPathsIntranet Sites: Include all network paths (UNCs)Windows Components/Internet Explorer/Internet Control Panel/Security PageIZ_UNCAsIntranetinetres.admx
    InternetExplorer/InternetZoneAllowAccessToDataSourcesAccess data sources across domainsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Internet ZoneIZ_PolicyAccessDataSourcesAcrossDomains_1inetres.admx
    InternetExplorer/InternetZoneAllowAutomaticPromptingForActiveXControlsAutomatic prompting for ActiveX controlsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Internet ZoneIZ_PolicyNotificationBarActiveXURLaction_1inetres.admx
    InternetExplorer/InternetZoneAllowAutomaticPromptingForFileDownloadsAutomatic prompting for file downloadsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Internet ZoneIZ_PolicyNotificationBarDownloadURLaction_1inetres.admx
    InternetExplorer/InternetZoneAllowFontDownloadsAllow font downloadsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Internet ZoneIZ_PolicyFontDownload_1inetres.admx
    InternetExplorer/InternetZoneAllowLessPrivilegedSitesWeb sites in less privileged Web content zones can navigate into this zoneWindows Components/Internet Explorer/Internet Control Panel/Security Page/Internet ZoneIZ_PolicyZoneElevationURLaction_1inetres.admx
    InternetExplorer/InternetZoneAllowNETFrameworkReliantComponentsRun .NET Framework-reliant components not signed with AuthenticodeWindows Components/Internet Explorer/Internet Control Panel/Security Page/Internet ZoneIZ_PolicyUnsignedFrameworkComponentsURLaction_1inetres.admx
    InternetExplorer/InternetZoneAllowScriptletsAllow scriptletsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Internet ZoneIZ_Policy_AllowScriptlets_1inetres.admx
    InternetExplorer/InternetZoneAllowSmartScreenIETurn on SmartScreen Filter scanWindows Components/Internet Explorer/Internet Control Panel/Security Page/Internet ZoneIZ_Policy_Phishing_1inetres.admx
    InternetExplorer/InternetZoneAllowUserDataPersistenceUserdata persistenceWindows Components/Internet Explorer/Internet Control Panel/Security Page/Internet ZoneIZ_PolicyUserdataPersistence_1inetres.admx
    InternetExplorer/InternetZoneInitializeAndScriptActiveXControlsInitialize and script ActiveX controls not marked as safeWindows Components/Internet Explorer/Internet Control Panel/Security Page/Internet ZoneIZ_PolicyScriptActiveXNotMarkedSafe_1inetres.admx
    InternetExplorer/InternetZoneNavigateWindowsAndFramesNavigate windows and frames across different domainsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Internet ZoneIZ_PolicyNavigateSubframesAcrossDomains_1inetres.admx
    InternetExplorer/IntranetZoneAllowAccessToDataSourcesAccess data sources across domainsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet ZoneIZ_PolicyAccessDataSourcesAcrossDomains_3inetres.admx
    InternetExplorer/IntranetZoneAllowAutomaticPromptingForActiveXControlsAutomatic prompting for ActiveX controlsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet ZoneIZ_PolicyNotificationBarActiveXURLaction_3inetres.admx
    InternetExplorer/IntranetZoneAllowAutomaticPromptingForFileDownloadsAutomatic prompting for file downloadsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet ZoneIZ_PolicyNotificationBarDownloadURLaction_3inetres.admx
    InternetExplorer/IntranetZoneAllowFontDownloadsAllow font downloadsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet ZoneIZ_PolicyFontDownload_3inetres.admx
    InternetExplorer/IntranetZoneAllowLessPrivilegedSitesWeb sites in less privileged Web content zones can navigate into this zoneWindows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet ZoneIZ_PolicyZoneElevationURLaction_3inetres.admx
    InternetExplorer/IntranetZoneAllowNETFrameworkReliantComponentsRun .NET Framework-reliant components not signed with AuthenticodeWindows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet ZoneIZ_PolicyUnsignedFrameworkComponentsURLaction_3inetres.admx
    InternetExplorer/IntranetZoneAllowScriptletsAllow scriptletsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet ZoneIZ_Policy_AllowScriptlets_3inetres.admx
    InternetExplorer/IntranetZoneAllowSmartScreenIETurn on SmartScreen Filter scanWindows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet ZoneIZ_Policy_Phishing_3inetres.admx
    InternetExplorer/IntranetZoneAllowUserDataPersistenceUserdata persistenceWindows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet ZoneIZ_PolicyUserdataPersistence_3inetres.admx
    InternetExplorer/IntranetZoneInitializeAndScriptActiveXControlsInitialize and script ActiveX controls not marked as safeWindows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet ZoneIZ_PolicyScriptActiveXNotMarkedSafe_3inetres.admx
    InternetExplorer/IntranetZoneNavigateWindowsAndFramesNavigate windows and frames across different domainsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet ZoneIZ_PolicyNavigateSubframesAcrossDomains_3inetres.admx
    InternetExplorer/LocalMachineZoneAllowAccessToDataSourcesAccess data sources across domainsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine ZoneIZ_PolicyAccessDataSourcesAcrossDomains_9inetres.admx
    InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForActiveXControlsAutomatic prompting for ActiveX controlsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine ZoneIZ_PolicyNotificationBarActiveXURLaction_9inetres.admx
    InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForFileDownloadsAutomatic prompting for file downloadsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine ZoneIZ_PolicyNotificationBarDownloadURLaction_9inetres.admx
    InternetExplorer/LocalMachineZoneAllowFontDownloadsAllow font downloadsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine ZoneIZ_PolicyFontDownload_9inetres.admx
    InternetExplorer/LocalMachineZoneAllowLessPrivilegedSitesWeb sites in less privileged Web content zones can navigate into this zoneWindows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine ZoneIZ_PolicyZoneElevationURLaction_9inetres.admx
    InternetExplorer/LocalMachineZoneAllowNETFrameworkReliantComponentsRun .NET Framework-reliant components not signed with AuthenticodeWindows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine ZoneIZ_PolicyUnsignedFrameworkComponentsURLaction_9inetres.admx
    InternetExplorer/LocalMachineZoneAllowScriptletsAllow scriptletsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine ZoneIZ_Policy_AllowScriptlets_9inetres.admx
    InternetExplorer/LocalMachineZoneAllowSmartScreenIETurn on SmartScreen Filter scanWindows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine ZoneIZ_Policy_Phishing_9inetres.admx
    InternetExplorer/LocalMachineZoneAllowUserDataPersistenceUserdata persistenceWindows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine ZoneIZ_PolicyUserdataPersistence_9inetres.admx
    InternetExplorer/LocalMachineZoneInitializeAndScriptActiveXControlsInitialize and script ActiveX controls not marked as safeWindows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine ZoneIZ_PolicyScriptActiveXNotMarkedSafe_9inetres.admx
    InternetExplorer/LocalMachineZoneNavigateWindowsAndFramesNavigate windows and frames across different domainsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine ZoneIZ_PolicyNavigateSubframesAcrossDomains_9inetres.admx
    InternetExplorer/LockedDownInternetZoneAllowAccessToDataSourcesAccess data sources across domainsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet ZoneIZ_PolicyAccessDataSourcesAcrossDomains_2inetres.admx
    InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForActiveXControlsAutomatic prompting for ActiveX controlsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet ZoneIZ_PolicyNotificationBarActiveXURLaction_2inetres.admx
    InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForFileDownloadsAutomatic prompting for file downloadsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet ZoneIZ_PolicyNotificationBarDownloadURLaction_2inetres.admx
    InternetExplorer/LockedDownInternetZoneAllowFontDownloadsAllow font downloadsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet ZoneIZ_PolicyFontDownload_2inetres.admx
    InternetExplorer/LockedDownInternetZoneAllowLessPrivilegedSitesWeb sites in less privileged Web content zones can navigate into this zoneWindows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet ZoneIZ_PolicyZoneElevationURLaction_2inetres.admx
    InternetExplorer/LockedDownInternetZoneAllowNETFrameworkReliantComponentsRun .NET Framework-reliant components not signed with AuthenticodeWindows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet ZoneIZ_PolicyUnsignedFrameworkComponentsURLaction_2inetres.admx
    InternetExplorer/LockedDownInternetZoneAllowScriptletsAllow scriptletsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet ZoneIZ_Policy_AllowScriptlets_2inetres.admx
    InternetExplorer/LockedDownInternetZoneAllowSmartScreenIETurn on SmartScreen Filter scanWindows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet ZoneIZ_Policy_Phishing_2inetres.admx
    InternetExplorer/LockedDownInternetZoneAllowUserDataPersistenceUserdata persistenceWindows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet ZoneIZ_PolicyUserdataPersistence_2inetres.admx
    InternetExplorer/LockedDownInternetZoneInitializeAndScriptActiveXControlsInitialize and script ActiveX controls not marked as safeWindows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet ZoneIZ_PolicyScriptActiveXNotMarkedSafe_2inetres.admx
    InternetExplorer/LockedDownInternetZoneNavigateWindowsAndFramesNavigate windows and frames across different domainsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet ZoneIZ_PolicyNavigateSubframesAcrossDomains_2inetres.admx
    InternetExplorer/LockedDownIntranetZoneAllowAccessToDataSourcesAccess data sources across domainsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet ZoneIZ_PolicyAccessDataSourcesAcrossDomains_4inetres.admx
    InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForActiveXControlsAutomatic prompting for ActiveX controlsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet ZoneIZ_PolicyNotificationBarActiveXURLaction_4inetres.admx
    InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForFileDownloadsAutomatic prompting for file downloadsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet ZoneIZ_PolicyNotificationBarDownloadURLaction_4inetres.admx
    InternetExplorer/LockedDownIntranetZoneAllowFontDownloadsAllow font downloadsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet ZoneIZ_PolicyFontDownload_4inetres.admx
    InternetExplorer/LockedDownIntranetZoneAllowLessPrivilegedSitesWeb sites in less privileged Web content zones can navigate into this zoneWindows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet ZoneIZ_PolicyZoneElevationURLaction_4inetres.admx
    InternetExplorer/LockedDownIntranetZoneAllowNETFrameworkReliantComponentsRun .NET Framework-reliant components not signed with AuthenticodeWindows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet ZoneIZ_PolicyUnsignedFrameworkComponentsURLaction_4inetres.admx
    InternetExplorer/LockedDownIntranetZoneAllowScriptletsAllow scriptletsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet ZoneIZ_Policy_AllowScriptlets_4inetres.admx
    InternetExplorer/LockedDownIntranetZoneAllowSmartScreenIETurn on SmartScreen Filter scanWindows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet ZoneIZ_Policy_Phishing_4inetres.admx
    InternetExplorer/LockedDownIntranetZoneAllowUserDataPersistenceUserdata persistenceWindows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet ZoneIZ_PolicyUserdataPersistence_4inetres.admx
    InternetExplorer/LockedDownIntranetZoneInitializeAndScriptActiveXControlsInitialize and script ActiveX controls not marked as safeWindows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet ZoneIZ_PolicyScriptActiveXNotMarkedSafe_4inetres.admx
    InternetExplorer/LockedDownIntranetZoneNavigateWindowsAndFramesNavigate windows and frames across different domainsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet ZoneIZ_PolicyNavigateSubframesAcrossDomains_4inetres.admx
    InternetExplorer/LockedDownLocalMachineZoneAllowAccessToDataSourcesAccess data sources across domainsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine ZoneIZ_PolicyAccessDataSourcesAcrossDomains_10inetres.admx
    InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForActiveXControlsAutomatic prompting for ActiveX controlsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine ZoneIZ_PolicyNotificationBarActiveXURLaction_10inetres.admx
    InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForFileDownloadsAutomatic prompting for file downloadsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine ZoneIZ_PolicyNotificationBarDownloadURLaction_10inetres.admx
    InternetExplorer/LockedDownLocalMachineZoneAllowFontDownloadsAllow font downloadsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine ZoneIZ_PolicyFontDownload_10inetres.admx
    InternetExplorer/LockedDownLocalMachineZoneAllowLessPrivilegedSitesWeb sites in less privileged Web content zones can navigate into this zoneWindows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine ZoneIZ_PolicyZoneElevationURLaction_10inetres.admx
    InternetExplorer/LockedDownLocalMachineZoneAllowNETFrameworkReliantComponentsRun .NET Framework-reliant components not signed with AuthenticodeWindows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine ZoneIZ_PolicyUnsignedFrameworkComponentsURLaction_10inetres.admx
    InternetExplorer/LockedDownLocalMachineZoneAllowScriptletsAllow scriptletsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine ZoneIZ_Policy_AllowScriptlets_10inetres.admx
    InternetExplorer/LockedDownLocalMachineZoneAllowSmartScreenIETurn on SmartScreen Filter scanWindows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine ZoneIZ_Policy_Phishing_10inetres.admx
    InternetExplorer/LockedDownLocalMachineZoneAllowUserDataPersistenceUserdata persistenceWindows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine ZoneIZ_PolicyUserdataPersistence_10inetres.admx
    InternetExplorer/LockedDownLocalMachineZoneInitializeAndScriptActiveXControlsInitialize and script ActiveX controls not marked as safeWindows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine ZoneIZ_PolicyScriptActiveXNotMarkedSafe_10inetres.admx
    InternetExplorer/LockedDownLocalMachineZoneNavigateWindowsAndFramesNavigate windows and frames across different domainsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine ZoneIZ_PolicyNavigateSubframesAcrossDomains_10inetres.admx
    InternetExplorer/LockedDownRestrictedSitesZoneAllowAccessToDataSourcesAccess data sources across domainsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites ZoneIZ_PolicyAccessDataSourcesAcrossDomains_8inetres.admx
    InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForActiveXControlsAutomatic prompting for ActiveX controlsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites ZoneIZ_PolicyNotificationBarActiveXURLaction_8inetres.admx
    InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForFileDownloadsAutomatic prompting for file downloadsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites ZoneIZ_PolicyNotificationBarDownloadURLaction_8inetres.admx
    InternetExplorer/LockedDownRestrictedSitesZoneAllowFontDownloadsAllow font downloadsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites ZoneIZ_PolicyFontDownload_8inetres.admx
    InternetExplorer/LockedDownRestrictedSitesZoneAllowLessPrivilegedSitesWeb sites in less privileged Web content zones can navigate into this zoneWindows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites ZoneIZ_PolicyZoneElevationURLaction_8inetres.admx
    InternetExplorer/LockedDownRestrictedSitesZoneAllowNETFrameworkReliantComponentsRun .NET Framework-reliant components not signed with AuthenticodeWindows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites ZoneIZ_PolicyUnsignedFrameworkComponentsURLaction_8inetres.admx
    InternetExplorer/LockedDownRestrictedSitesZoneAllowScriptletsAllow scriptletsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites ZoneIZ_Policy_AllowScriptlets_8inetres.admx
    InternetExplorer/LockedDownRestrictedSitesZoneAllowSmartScreenIETurn on SmartScreen Filter scanWindows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites ZoneIZ_Policy_Phishing_8inetres.admx
    InternetExplorer/LockedDownRestrictedSitesZoneAllowUserDataPersistenceUserdata persistenceWindows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites ZoneIZ_PolicyUserdataPersistence_8inetres.admx
    InternetExplorer/LockedDownRestrictedSitesZoneInitializeAndScriptActiveXControlsInitialize and script ActiveX controls not marked as safeWindows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites ZoneIZ_PolicyScriptActiveXNotMarkedSafe_8inetres.admx
    InternetExplorer/LockedDownRestrictedSitesZoneNavigateWindowsAndFramesNavigate windows and frames across different domainsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites ZoneIZ_PolicyNavigateSubframesAcrossDomains_8inetres.admx
    InternetExplorer/LockedDownTrustedSitesZoneAllowAccessToDataSourcesAccess data sources across domainsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites ZoneIZ_PolicyAccessDataSourcesAcrossDomains_6inetres.admx
    InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForActiveXControlsAutomatic prompting for ActiveX controlsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites ZoneIZ_PolicyNotificationBarActiveXURLaction_6inetres.admx
    InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForFileDownloadsAutomatic prompting for file downloadsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites ZoneIZ_PolicyNotificationBarDownloadURLaction_6inetres.admx
    InternetExplorer/LockedDownTrustedSitesZoneAllowFontDownloadsAllow font downloadsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites ZoneIZ_PolicyFontDownload_6inetres.admx
    InternetExplorer/LockedDownTrustedSitesZoneAllowLessPrivilegedSitesWeb sites in less privileged Web content zones can navigate into this zoneWindows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites ZoneIZ_PolicyZoneElevationURLaction_6inetres.admx
    InternetExplorer/LockedDownTrustedSitesZoneAllowNETFrameworkReliantComponentsRun .NET Framework-reliant components not signed with AuthenticodeWindows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites ZoneIZ_PolicyUnsignedFrameworkComponentsURLaction_6inetres.admx
    InternetExplorer/LockedDownTrustedSitesZoneAllowScriptletsAllow scriptletsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites ZoneIZ_Policy_AllowScriptlets_6inetres.admx
    InternetExplorer/LockedDownTrustedSitesZoneAllowSmartScreenIETurn on SmartScreen Filter scanWindows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites ZoneIZ_Policy_Phishing_6inetres.admx
    InternetExplorer/LockedDownTrustedSitesZoneAllowUserDataPersistenceUserdata persistenceWindows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites ZoneIZ_PolicyUserdataPersistence_6inetres.admx
    InternetExplorer/LockedDownTrustedSitesZoneInitializeAndScriptActiveXControlsInitialize and script ActiveX controls not marked as safeWindows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites ZoneIZ_PolicyScriptActiveXNotMarkedSafe_6inetres.admx
    InternetExplorer/LockedDownTrustedSitesZoneNavigateWindowsAndFramesNavigate windows and frames across different domainsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites ZoneIZ_PolicyNavigateSubframesAcrossDomains_6inetres.admx
    InternetExplorer/RestrictedSitesZoneAllowAccessToDataSourcesAccess data sources across domainsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites ZoneIZ_PolicyAccessDataSourcesAcrossDomains_7inetres.admx
    InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForActiveXControlsAutomatic prompting for ActiveX controlsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites ZoneIZ_PolicyNotificationBarActiveXURLaction_7inetres.admx
    InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForFileDownloadsAutomatic prompting for file downloadsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites ZoneIZ_PolicyNotificationBarDownloadURLaction_7inetres.admx
    InternetExplorer/RestrictedSitesZoneAllowFontDownloadsAllow font downloadsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites ZoneIZ_PolicyFontDownload_7inetres.admx
    InternetExplorer/RestrictedSitesZoneAllowLessPrivilegedSitesWeb sites in less privileged Web content zones can navigate into this zoneWindows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites ZoneIZ_PolicyZoneElevationURLaction_7inetres.admx
    InternetExplorer/RestrictedSitesZoneAllowNETFrameworkReliantComponentsRun .NET Framework-reliant components not signed with AuthenticodeWindows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites ZoneIZ_PolicyUnsignedFrameworkComponentsURLaction_7inetres.admx
    InternetExplorer/RestrictedSitesZoneAllowScriptletsAllow scriptletsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites ZoneIZ_Policy_AllowScriptlets_7inetres.admx
    InternetExplorer/RestrictedSitesZoneAllowSmartScreenIETurn on SmartScreen Filter scanWindows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites ZoneIZ_Policy_Phishing_7inetres.admx
    InternetExplorer/RestrictedSitesZoneAllowUserDataPersistenceUserdata persistenceWindows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites ZoneIZ_PolicyUserdataPersistence_7inetres.admx
    InternetExplorer/RestrictedSitesZoneInitializeAndScriptActiveXControlsInitialize and script ActiveX controls not marked as safeWindows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites ZoneIZ_PolicyScriptActiveXNotMarkedSafe_7inetres.admx
    InternetExplorer/RestrictedSitesZoneNavigateWindowsAndFramesNavigate windows and frames across different domainsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites ZoneIZ_PolicyNavigateSubframesAcrossDomains_7inetres.admx
    InternetExplorer/SearchProviderListRestrict search providers to a specific listWindows Components/Internet ExplorerSpecificSearchProviderinetres.admx
    InternetExplorer/TrustedSitesZoneAllowAccessToDataSourcesAccess data sources across domainsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites ZoneIZ_PolicyAccessDataSourcesAcrossDomains_5inetres.admx
    InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForActiveXControlsAutomatic prompting for ActiveX controlsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites ZoneIZ_PolicyNotificationBarActiveXURLaction_5inetres.admx
    InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForFileDownloadsAutomatic prompting for file downloadsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites ZoneIZ_PolicyNotificationBarDownloadURLaction_5inetres.admx
    InternetExplorer/TrustedSitesZoneAllowFontDownloadsAllow font downloadsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites ZoneIZ_PolicyFontDownload_5inetres.admx
    InternetExplorer/TrustedSitesZoneAllowLessPrivilegedSitesWeb sites in less privileged Web content zones can navigate into this zoneWindows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites ZoneIZ_PolicyZoneElevationURLaction_5inetres.admx
    InternetExplorer/TrustedSitesZoneAllowNETFrameworkReliantComponentsRun .NET Framework-reliant components not signed with AuthenticodeWindows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites ZoneIZ_PolicyUnsignedFrameworkComponentsURLaction_5inetres.admx
    InternetExplorer/TrustedSitesZoneAllowScriptletsAllow scriptletsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites ZoneIZ_Policy_AllowScriptlets_5inetres.admx
    InternetExplorer/TrustedSitesZoneAllowSmartScreenIETurn on SmartScreen Filter scanWindows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites ZoneIZ_Policy_Phishing_5inetres.admx
    InternetExplorer/TrustedSitesZoneAllowUserDataPersistenceUserdata persistenceWindows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites ZoneIZ_PolicyUserdataPersistence_5inetres.admx
    InternetExplorer/TrustedSitesZoneInitializeAndScriptActiveXControlsInitialize and script ActiveX controls not marked as safeWindows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites ZoneIZ_PolicyScriptActiveXNotMarkedSafe_5inetres.admx
    InternetExplorer/TrustedSitesZoneNavigateWindowsAndFramesNavigate windows and frames across different domainsWindows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites ZoneIZ_PolicyNavigateSubframesAcrossDomains_5inetres.admx
    Kerberos/AllowForestSearchOrder ForestSearchKerberos.admx
    Kerberos/KerberosClientSupportsClaimsCompoundArmorKerberos client support for claims, compound authentication and Kerberos armoringSystem/KerberosEnableCbacAndArmorKerberos.admx
    Kerberos/RequireKerberosArmoringFail authentication requests when Kerberos armoring is not availableSystem/KerberosClientRequireFastKerberos.admx
    Kerberos/RequireStrictKDCValidationRequire strict KDC validationSystem/KerberosValidateKDCKerberos.admx
    Kerberos/SetMaximumContextTokenSizeSet maximum Kerberos SSPI context token buffer sizeSystem/KerberosMaxTokenSizeKerberos.admx
    Power/AllowStandbyWhenSleepingPluggedInAllow standby states (S1-S3) when sleeping (plugged in)System/Power Management/Sleep SettingsAllowStandbyStatesAC_2power.admx
    Power/RequirePasswordWhenComputerWakesOnBatteryRequire a password when a computer wakes (on battery)System/Power Management/Sleep SettingsDCPromptForPasswordOnResume_2power.admx
    Power/RequirePasswordWhenComputerWakesPluggedInRequire a password when a computer wakes (plugged in)System/Power Management/Sleep SettingsACPromptForPasswordOnResume_2power.admx
    Printers/PointAndPrintRestrictionsPoint and Print RestrictionsPrintersPointAndPrint_Restrictions_Win7Printing.admx
    Printers/PointAndPrintRestrictions_UserPoint and Print RestrictionsPointAndPrint_RestrictionsPrinting.admx
    Printers/PublishPrintersAllow printers to be publishedPrintersPublishPrintersPrinting2.admx
    RemoteAssistance/CustomizeWarningMessagesCustomize warning messagesSystem/Remote AssistanceRA_Optionsremoteassistance.admx
    RemoteAssistance/SessionLoggingTurn on session loggingSystem/Remote AssistanceRA_Loggingremoteassistance.admx
    RemoteAssistance/SolicitedRemoteAssistanceConfigure Solicited Remote AssistanceSystem/Remote AssistanceRA_Solicitremoteassistance.admx
    RemoteAssistance/UnsolicitedRemoteAssistanceConfigure Offer Remote AssistanceRA_Unsolicitremoteassistance.admx
    RemoteDesktopServices/AllowUsersToConnectRemotelyAllow users to connect remotely by using Remote Desktop ServicesWindows Components/Remote Desktop Services/Remote Desktop Session Host/ConnectionsTS_DISABLE_CONNECTIONSterminalserver.admx
    RemoteDesktopServices/ClientConnectionEncryptionLevelSet client connection encryption levelWindows Components/Remote Desktop Services/Remote Desktop Session Host/SecurityTS_ENCRYPTION_POLICYterminalserver.admx
    RemoteDesktopServices/DoNotAllowDriveRedirectionDo not allow drive redirectionWindows Components/Remote Desktop Services/Remote Desktop Session Host/Device and Resource RedirectionTS_CLIENT_DRIVE_Mterminalserver.admx
    RemoteDesktopServices/DoNotAllowPasswordSavingDo not allow passwords to be savedWindows Components/Remote Desktop Services/Remote Desktop Connection ClientTS_CLIENT_DISABLE_PASSWORD_SAVING_2terminalserver.admx
    RemoteDesktopServices/PromptForPasswordUponConnectionAlways prompt for password upon connectionWindows Components/Remote Desktop Services/Remote Desktop Session Host/SecurityTS_PASSWORDterminalserver.admx
    RemoteDesktopServices/RequireSecureRPCCommunicationRequire secure RPC communicationWindows Components/Remote Desktop Services/Remote Desktop Session Host/SecurityTS_RPC_ENCRYPTIONterminalserver.admx
    RemoteProcedureCall/RPCEndpointMapperClientAuthenticationEnable RPC Endpoint Mapper Client AuthenticationSystem/Remote Procedure CallRpcEnableAuthEpResolutionrpc.admx
    RemoteProcedureCall/RestrictUnauthenticatedRPCClientsRestrict Unauthenticated RPC clientsSystem/Remote Procedure CallRpcRestrictRemoteClientsrpc.admx
    Storage/EnhancedStorageDevicesDo not allow Windows to activate Enhanced Storage devicesSystem/Enhanced Storage AccessTCGSecurityActivationDisabledenhancedstorage.admx
    System/BootStartDriverInitializationBoot-Start Driver Initialization PolicySystem/Early Launch AntimalwarePOL_DriverLoadPolicy_Nameearlylauncham.admx
    System/DisableSystemRestoreTurn off System RestoreSystem/System RestoreSR_DisableSRsystemrestore.admx
    WindowsLogon/DisableLockScreenAppNotificationsTurn off app notifications on the lock screenSystem/LogonDisableLockScreenAppNotificationslogon.admx
    WindowsLogon/DontDisplayNetworkSelectionUIDo not display network selection UISystem/LogonDontDisplayNetworkSelectionUIlogon.admx
    - - -## List of <AreaName>/<PolicyName> - - -**ActiveXControls/ApprovedInstallationSites** - -

    This policy setting determines which ActiveX installation sites standard users in your organization can use to install ActiveX controls on their computers. When this setting is enabled, the administrator can create a list of approved Activex Install sites specified by host URL.

    - -

    If you enable this setting, the administrator can create a list of approved ActiveX Install sites specified by host URL. - -If you disable or do not configure this policy setting, ActiveX controls prompt the user for administrative credentials before installation.

    - -

    Note: Wild card characters cannot be used when specifying the host URLs. -

    - -**AppVirtualization/AllowAppVClient** - -

    This policy setting allows you to enable or disable Microsoft Application Virtualization (App-V) feature. Reboot is needed for disable to take effect.

    - -**AppVirtualization/AllowDynamicVirtualization** - -

    Enables Dynamic Virtualization of supported shell extensions, browser helper objects, and ActiveX controls.

    - -**AppVirtualization/AllowPackageCleanup** - -

    N/A

    - -**AppVirtualization/AllowPackageScripts** - -

    Enables scripts defined in the package manifest of configuration files that should run.

    - -**AppVirtualization/AllowPublishingRefreshUX** - -

    Enables a UX to display to the user when a publishing refresh is performed on the client.

    - -**AppVirtualization/AllowReportingServer** - -

    Reporting Server URL: Displays the URL of reporting server.

    - -

    Reporting Time: When the client data should be reported to the server. Acceptable range is 0~23, corresponding to the 24 hours in a day. A good practice is, don't set this time to a busy hour, e.g. 9AM. - - Delay reporting for the random minutes: The maximum minutes of random delay on top of the reporting time. For a busy system, the random delay will help reduce the server load. - - Repeat reporting for every (days): The periodical interval in days for sending the reporting data. - - Data Cache Limit: This value specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The default value is 20 MB. The size applies to the cache in memory. When the limit is reached, the log file will roll over. When a new record is to be added (bottom of the list), one or more of the oldest records (top of the list) will be deleted to make room. A warning will be logged to the Client log and the event log the first time this occurs, and will not be logged again until after the cache has been successfully cleared on transmission and the log has filled up again.

    - -

    Data Block Size: This value specifies the maximum size in bytes to transmit to the server at once on a reporting upload, to avoid permanent transmission failures when the log has reached a significant size. The default value is 65536. When transmitting report data to the server, one block at a time of application records that is less than or equal to the block size in bytes of XML data will be removed from the cache and sent to the server. Each block will have the general Client data and global package list data prepended, and these will not factor into the block size calculations; the potential exists for an extremely large package list to result in transmission failures over low bandwidth or unreliable connections. -

    - -**AppVirtualization/AllowRoamingFileExclusions** - -

    Specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage: /FILEEXCLUSIONLIST='desktop;my pictures'.

    - -**AppVirtualization/AllowRoamingRegistryExclusions** - -

    Specifies the registry paths that do not roam with a user profile. Example usage: /REGISTRYEXCLUSIONLIST=software\classes;software\clients.

    - -**AppVirtualization/AllowStreamingAutoload** - -

    Specifies how new packages should be loaded automatically by App-V on a specific computer.

    - -**AppVirtualization/ClientCoexistenceAllowMigrationmode** - -

    Migration mode allows the App-V client to modify shortcuts and FTA's for packages created using a previous version of App-V.

    - -**AppVirtualization/IntegrationAllowRootGlobal** - -

    Specifies the location where symbolic links are created to the current version of a per-user published package. Shortcuts, file type associations, etc. are created pointing to this path. If empty, symbolic links are not used during publishing. Example: %localappdata%\Microsoft\AppV\Client\Integration.

    - -**AppVirtualization/IntegrationAllowRootUser** - -

    Specifies the location where symbolic links are created to the current version of a globally published package. Shortcuts, file type associations, etc. are created pointing to this path. If empty, symbolic links are not used during publishing. Example: %allusersprofile%\Microsoft\AppV\Client\Integration.

    - -**AppVirtualization/PublishingAllowServer1** - -

    Publishing Server Display Name: Displays the name of publishing server. - - Publishing Server URL: Displays the URL of publishing server. - - Global Publishing Refresh: Enables global publishing refresh (Boolean). - - Global Publishing Refresh On Logon: Triggers a global publishing refresh on logon (Boolean). - - Global Publishing Refresh Interval: Specifies the publishing refresh interval using the GlobalRefreshIntervalUnit. To disable package refresh, select 0. - - Global Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31). - - User Publishing Refresh: Enables user publishing refresh (Boolean). - - User Publishing Refresh On Logon: Triggers a user publishing refresh on logon (Boolean). - - User Publishing Refresh Interval: Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0. - - User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31). -

    - -**AppVirtualization/PublishingAllowServer2** - -

    Publishing Server Display Name: Displays the name of publishing server. - - Publishing Server URL: Displays the URL of publishing server. - - Global Publishing Refresh: Enables global publishing refresh (Boolean). - - Global Publishing Refresh On Logon: Triggers a global publishing refresh on logon (Boolean). - - Global Publishing Refresh Interval: Specifies the publishing refresh interval using the GlobalRefreshIntervalUnit. To disable package refresh, select 0. - - Global Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31). - - User Publishing Refresh: Enables user publishing refresh (Boolean). - - User Publishing Refresh On Logon: Triggers a user publishing refresh on logon (Boolean). - - User Publishing Refresh Interval: Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0. - - User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31). -

    - -**AppVirtualization/PublishingAllowServer3** - -

    Publishing Server Display Name: Displays the name of publishing server. - - Publishing Server URL: Displays the URL of publishing server. - - Global Publishing Refresh: Enables global publishing refresh (Boolean). - - Global Publishing Refresh On Logon: Triggers a global publishing refresh on logon (Boolean). - - Global Publishing Refresh Interval: Specifies the publishing refresh interval using the GlobalRefreshIntervalUnit. To disable package refresh, select 0. - - Global Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31). - - User Publishing Refresh: Enables user publishing refresh (Boolean). - - User Publishing Refresh On Logon: Triggers a user publishing refresh on logon (Boolean). - - User Publishing Refresh Interval: Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0. - - User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31). -

    - -**AppVirtualization/PublishingAllowServer4** - -

    Publishing Server Display Name: Displays the name of publishing server. - - Publishing Server URL: Displays the URL of publishing server. - - Global Publishing Refresh: Enables global publishing refresh (Boolean). - - Global Publishing Refresh On Logon: Triggers a global publishing refresh on logon (Boolean). - - Global Publishing Refresh Interval: Specifies the publishing refresh interval using the GlobalRefreshIntervalUnit. To disable package refresh, select 0. - - Global Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31). - - User Publishing Refresh: Enables user publishing refresh (Boolean). - - User Publishing Refresh On Logon: Triggers a user publishing refresh on logon (Boolean). - - User Publishing Refresh Interval: Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0. - - User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31). -

    - -**AppVirtualization/PublishingAllowServer5** - -

    Publishing Server Display Name: Displays the name of publishing server. - - Publishing Server URL: Displays the URL of publishing server. - - Global Publishing Refresh: Enables global publishing refresh (Boolean). - - Global Publishing Refresh On Logon: Triggers a global publishing refresh on logon (Boolean). - - Global Publishing Refresh Interval: Specifies the publishing refresh interval using the GlobalRefreshIntervalUnit. To disable package refresh, select 0. - - Global Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31). - - User Publishing Refresh: Enables user publishing refresh (Boolean). - - User Publishing Refresh On Logon: Triggers a user publishing refresh on logon (Boolean). - - User Publishing Refresh Interval: Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0. - - User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31). -

    - -**AppVirtualization/StreamingAllowCertificateFilterForClient_SSL** - -

    Specifies the path to a valid certificate in the certificate store.

    - -**AppVirtualization/StreamingAllowHighCostLaunch** - -

    This setting controls whether virtualized applications are launched on Windows 8 machines connected via a metered network connection (e.g. 4G).

    - -**AppVirtualization/StreamingAllowLocationProvider** - -

    Specifies the CLSID for a compatible implementation of the IAppvPackageLocationProvider interface.

    - -**AppVirtualization/StreamingAllowPackageInstallationRoot** - -

    Specifies directory where all new applications and updates will be installed.

    - -**AppVirtualization/StreamingAllowPackageSourceRoot** - -

    Overrides source location for downloading package content.

    - -**AppVirtualization/StreamingAllowReestablishmentInterval** - -

    Specifies the number of seconds between attempts to reestablish a dropped session.

    - -**AppVirtualization/StreamingAllowReestablishmentRetries** - -

    Specifies the number of times to retry a dropped session.

    - -**AppVirtualization/StreamingSharedContentStoreMode** - -

    Specifies that streamed package contents will be not be saved to the local hard disk.

    - -**AppVirtualization/StreamingSupportBranchCache** - -

    If enabled, the App-V client will support BrancheCache compatible HTTP streaming. If BranchCache support is not desired, this should be disabled. The client can then apply HTTP optimizations which are incompatible with BranchCache

    - -**AppVirtualization/StreamingVerifyCertificateRevocationList** - -

    Verifies Server certificate revocation status before streaming using HTTPS.

    - -**AppVirtualization/VirtualComponentsAllowList** - -

    Specifies a list of process paths (may contain wildcards) which are candidates for using virtual components (shell extensions, browser helper objects, etc). Only processes whose full path matches one of these items can use virtual components.

    - -**AttachmentManager/DoNotPreserveZoneInformation** - -

    This policy setting allows you to manage whether Windows marks file attachments with information about their zone of origin (such as restricted, Internet, intranet, local). This requires NTFS in order to function correctly, and will fail without notice on FAT32. By not preserving the zone information, Windows cannot make proper risk assessments.

    - -

    If you enable this policy setting, Windows does not mark file attachments with their zone information.

    - -

    If you disable this policy setting, Windows marks file attachments with their zone information.

    - -

    If you do not configure this policy setting, Windows marks file attachments with their zone information.

    - -**AttachmentManager/HideZoneInfoMechanism** - -

    This policy setting allows you to manage whether users can manually remove the zone information from saved file attachments by clicking the Unblock button in the file's property sheet or by using a check box in the security warning dialog. Removing the zone information allows users to open potentially dangerous file attachments that Windows has blocked users from opening.

    - -

    If you enable this policy setting, Windows hides the check box and Unblock button.

    - -

    If you disable this policy setting, Windows shows the check box and Unblock button.

    - -

    If you do not configure this policy setting, Windows hides the check box and Unblock button.

    - -**AttachmentManager/NotifyAntivirusPrograms** - -

    This policy setting allows you to manage the behavior for notifying registered antivirus programs. If multiple programs are registered, they will all be notified. If the registered antivirus program already performs on-access checks or scans files as they arrive on the computer's email server, additional calls would be redundant.

    - -

    If you enable this policy setting, Windows tells the registered antivirus program to scan the file when a user opens a file attachment. If the antivirus program fails, the attachment is blocked from being opened.

    - -

    If you disable this policy setting, Windows does not call the registered antivirus programs when file attachments are opened.

    - -

    If you do not configure this policy setting, Windows does not call the registered antivirus programs when file attachments are opened.

    - -**Autoplay/DisallowAutoplayForNonVolumeDevices** - -

    This policy setting disallows AutoPlay for MTP devices like cameras or phones.

    - -

    If you enable this policy setting, AutoPlay is not allowed for MTP devices like cameras or phones.

    - -

    If you disable or do not configure this policy setting, AutoPlay is enabled for non-volume devices.

    - -**Autoplay/SetDefaultAutoRunBehavior** - -

    This policy setting sets the default behavior for Autorun commands.

    - -

    Autorun commands are generally stored in autorun.inf files. They often launch the installation program or other routines.

    - -

    Prior to Windows Vista, when media containing an autorun command is inserted, the system will automatically execute the program without user intervention.

    - -

    This creates a major security concern as code may be executed without user's knowledge. The default behavior starting with Windows Vista is to prompt the user whether autorun command is to be run. The autorun command is represented as a handler in the Autoplay dialog.

    - -

    If you enable this policy setting, an Administrator can change the default Windows Vista or later behavior for autorun to:

    - -

    a) Completely disable autorun commands, or - b) Revert back to pre-Windows Vista behavior of automatically executing the autorun command.

    - -

    If you disable or not configure this policy setting, Windows Vista or later will prompt the user whether autorun command is to be run.

    - -**Autoplay/TurnOffAutoPlay** - -

    This policy setting allows you to turn off the Autoplay feature.

    - -

    Autoplay begins reading from a drive as soon as you insert media in the drive. As a result, the setup file of programs and the music on audio media start immediately.

    - -

    Prior to Windows XP SP2, Autoplay is disabled by default on removable drives, such as the floppy disk drive (but not the CD-ROM drive), and on network drives.

    - -

    Starting with Windows XP SP2, Autoplay is enabled for removable drives as well, including Zip drives and some USB mass storage devices.

    - -

    If you enable this policy setting, Autoplay is disabled on CD-ROM and removable media drives, or disabled on all drives.

    - -

    This policy setting disables Autoplay on additional types of drives. You cannot use this setting to enable Autoplay on drives on which it is disabled by default.

    - -

    If you disable or do not configure this policy setting, AutoPlay is enabled.

    - -

    Note: This policy setting appears in both the Computer Configuration and User Configuration folders. If the policy settings conflict, the policy setting in Computer Configuration takes precedence over the policy setting in User Configuration.

    - -**Connectivity/HardenedUNCPaths** - -

    This policy setting configures secure access to UNC paths.

    - -

    If you enable this policy, Windows only allows access to the specified UNC paths after fulfilling additional security requirements. -

    - -**CredentialProviders/AllowPINLogon** - -

    This policy setting allows you to control whether a domain user can sign in using a convenience PIN. In Windows 10, convenience PIN was replaced with Windows Hello PIN, which has stronger security properties. To configure Windows Hello for Business, use the policies under Computer configuration\Administrative Templates\Windows Components\Windows Hello for Business.

    - -

    If you enable this policy setting, a domain user can set up and sign in with a convenience PIN.

    - -

    If you disable or don't configure this policy setting, a domain user can't set up and use a convenience PIN.

    - -

    Note that the user's domain password will be cached in the system vault when using this feature.

    - -**CredentialProviders/BlockPicturePassword** - -

    This policy setting allows you to control whether a domain user can sign in using a picture password.

    - -

    If you enable this policy setting, a domain user can't set up or sign in with a picture password.

    - -

    If you disable or don't configure this policy setting, a domain user can set up and use a picture password.

    - -

    Note that the user's domain password will be cached in the system vault when using this feature.

    - -**CredentialsUI/DisablePasswordReveal** - -

    This policy setting allows you to configure the display of the password reveal button in password entry user experiences.

    - -

    If you enable this policy setting, the password reveal button will not be displayed after a user types a password in the password entry text box.

    - -

    If you disable or do not configure this policy setting, the password reveal button will be displayed after a user types a password in the password entry text box.

    - -

    By default, the password reveal button is displayed after a user types a password in the password entry text box. To display the password, click the password reveal button.

    - -

    The policy applies to all Windows components and applications that use the Windows system controls, including Internet Explorer.

    - -**CredentialsUI/EnumerateAdministrators** - -

    This policy setting controls whether administrator accounts are displayed when a user attempts to elevate a running application. By default, administrator accounts are not displayed when the user attempts to elevate a running application.

    - -

    If you enable this policy setting, all local administrator accounts on the PC will be displayed so the user can choose one and enter the correct password.

    - -

    If you disable this policy setting, users will always be required to type a user name and password to elevate.

    - -**DataUsage/SetCost3G** - -

    This policy setting configures the cost of 3G connections on the local machine.

    - -

    If this policy setting is enabled, a drop-down list box presenting possible cost values will be active. Selecting one of the following values from the list will set the cost of all 3G connections on the local machine:

    - -

    - Unrestricted: Use of this connection is unlimited and not restricted by usage charges and capacity constraints.

    - -

    - Fixed: Use of this connection is not restricted by usage charges and capacity constraints up to a certain data limit.

    - -

    - Variable: This connection is costed on a per byte basis.

    - -

    If this policy setting is disabled or is not configured, the cost of 3G connections is Fixed by default. -

    - -**DataUsage/SetCost4G** - -

    This policy setting configures the cost of 4G connections on the local machine.

    - -

    If this policy setting is enabled, a drop-down list box presenting possible cost values will be active. Selecting one of the following values from the list will set the cost of all 4G connections on the local machine:

    - -

    - Unrestricted: Use of this connection is unlimited and not restricted by usage charges and capacity constraints.

    - -

    - Fixed: Use of this connection is not restricted by usage charges and capacity constraints up to a certain data limit.

    - -

    - Variable: This connection is costed on a per byte basis.

    - -

    If this policy setting is disabled or is not configured, the cost of 4G connections is Fixed by default. -

    - -**DeviceInstallation/PreventInstallationOfMatchingDeviceIDs** - -

    This policy setting allows you to specify a list of Plug and Play hardware IDs and compatible IDs for devices that Windows is prevented from installing. This policy setting takes precedence over any other policy setting that allows Windows to install a device.

    - -

    If you enable this policy setting, Windows is prevented from installing a device whose hardware ID or compatible ID appears in the list you create. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server.

    - -

    If you disable or do not configure this policy setting, devices can be installed and updated as allowed or prevented by other policy settings.

    - -**DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses** - -

    This policy setting allows you to specify a list of device setup class globally unique identifiers (GUIDs) for device drivers that Windows is prevented from installing. This policy setting takes precedence over any other policy setting that allows Windows to install a device. - -If you enable this policy setting, Windows is prevented from installing or updating device drivers whose device setup class GUIDs appear in the list you create. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server.

    - -

    If you disable or do not configure this policy setting, Windows can install and update devices as allowed or prevented by other policy settings.

    - -**ErrorReporting/CustomizeConsentSettings** - -

    This policy setting determines the consent behavior of Windows Error Reporting for specific event types.

    - -

    If you enable this policy setting, you can add specific event types to a list by clicking Show, and typing event types in the Value Name column of the Show Contents dialog box. Event types are those for generic, non-fatal errors: crash, no response, and kernel fault errors. For each specified event type, you can set a consent level of 0, 1, 2, 3, or 4.

    - -

    - 0 (Disable): Windows Error Reporting sends no data to Microsoft for this event type.

    - -

    - 1 (Always ask before sending data): Windows prompts the user for consent to send reports.

    - -

    - 2 (Send parameters): Windows Error Reporting automatically sends the minimum data required to check for an existing solution, and Windows prompts the user for consent to send any additional data requested by Microsoft.

    - -

    - 3 (Send parameters and safe additional data): Windows Error Reporting automatically sends the minimum data required to check for an existing solution, as well as data which Windows has determined (within a high probability) does not contain personally identifiable data, and prompts the user for consent to send any additional data requested by Microsoft.

    - -

    - 4 (Send all data): Any data requested by Microsoft is sent automatically.

    - -

    If you disable or do not configure this policy setting, then the default consent settings that are applied are those specified by the user in Control Panel, or in the Configure Default Consent policy setting.

    - -**ErrorReporting/DisableWindowsErrorReporting** - -

    This policy setting turns off Windows Error Reporting, so that reports are not collected or sent to either Microsoft or internal servers within your organization when software unexpectedly stops working or fails.

    - -

    If you enable this policy setting, Windows Error Reporting does not send any problem information to Microsoft. Additionally, solution information is not available in Security and Maintenance in Control Panel.

    - -

    If you disable or do not configure this policy setting, the Turn off Windows Error Reporting policy setting in Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication settings takes precedence. If Turn off Windows Error Reporting is also either disabled or not configured, user settings in Control Panel for Windows Error Reporting are applied.

    - -**ErrorReporting/DisplayErrorNotification** - -

    This policy setting controls whether users are shown an error dialog box that lets them report an error.

    - -

    If you enable this policy setting, users are notified in a dialog box that an error has occurred, and can display more details about the error. If the Configure Error Reporting policy setting is also enabled, the user can also report the error.

    - -

    If you disable this policy setting, users are not notified that errors have occurred. If the Configure Error Reporting policy setting is also enabled, errors are reported, but users receive no notification. Disabling this policy setting is useful for servers that do not have interactive users.

    - -

    If you do not configure this policy setting, users can change this setting in Control Panel, which is set to enable notification by default on computers that are running Windows XP Personal Edition and Windows XP Professional Edition, and disable notification by default on computers that are running Windows Server.

    - -

    See also the Configure Error Reporting policy setting.

    - -**ErrorReporting/DoNotSendAdditionalData** - -

    This policy setting controls whether additional data in support of error reports can be sent to Microsoft automatically.

    - -

    If you enable this policy setting, any additional data requests from Microsoft in response to a Windows Error Reporting report are automatically declined, without notification to the user.

    - -

    If you disable or do not configure this policy setting, then consent policy settings in Computer Configuration/Administrative Templates/Windows Components/Windows Error Reporting/Consent take precedence.

    - -**ErrorReporting/PreventCriticalErrorDisplay** - -

    This policy setting prevents the display of the user interface for critical errors.

    - -

    If you enable this policy setting, Windows Error Reporting does not display any GUI-based error messages or dialog boxes for critical errors.

    - -

    If you disable or do not configure this policy setting, Windows Error Reporting displays the user interface for critical errors.

    - -**EventLogService/ControlEventLogBehavior** - -

    This policy setting controls Event Log behavior when the log file reaches its maximum size.

    - -

    If you enable this policy setting and a log file reaches its maximum size, new events are not written to the log and are lost.

    - -

    If you disable or do not configure this policy setting and a log file reaches its maximum size, new events overwrite old events.

    - -

    Note: Old events may or may not be retained according to the "Backup log automatically when full" policy setting.

    - -**EventLogService/SpecifyMaximumFileSizeApplicationLog** - -

    This policy setting specifies the maximum size of the log file in kilobytes.

    - -

    If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments.

    - -

    If you disable or do not configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog and it defaults to 20 megabytes.

    - -**EventLogService/SpecifyMaximumFileSizeSecurityLog** - -

    This policy setting specifies the maximum size of the log file in kilobytes.

    - -

    If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments.

    - -

    If you disable or do not configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog and it defaults to 20 megabytes.

    - -**EventLogService/SpecifyMaximumFileSizeSystemLog** - -

    This policy setting specifies the maximum size of the log file in kilobytes.

    - -

    If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments.

    - -

    If you disable or do not configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog and it defaults to 20 megabytes.

    - -**InternetExplorer/AddSearchProvider** - -

    This policy setting allows you to add a specific list of search providers to the user's default list of search providers. Normally, search providers can be added from third-party toolbars or in Setup. The user can also add a search provider from the provider's website.

    - -

    If you enable this policy setting, the user can add and remove search providers, but only from the set of search providers specified in the list of policy keys for search providers (found under [HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\SearchScopes]). Note: This list can be created from a custom administrative template file. For information about creating this custom administrative template file, see the Internet Explorer documentation on search providers.

    - -

    If you disable or do not configure this policy setting, the user can configure their list of search providers unless another policy setting restricts such configuration.

    - -**InternetExplorer/AllowActiveXFiltering** - -

    This policy setting controls the ActiveX Filtering feature for websites that are running ActiveX controls. The user can choose to turn off ActiveX Filtering for specific websites so that ActiveX controls can run properly.

    - -

    If you enable this policy setting, ActiveX Filtering is enabled by default for the user. The user cannot turn off ActiveX Filtering, although they may add per-site exceptions.

    - -

    If you disable or do not configure this policy setting, ActiveX Filtering is not enabled by default for the user. The user can turn ActiveX Filtering on or off.

    - -**InternetExplorer/AllowAddOnList** - -

    This policy setting allows you to manage a list of add-ons to be allowed or denied by Internet Explorer. Add-ons in this case are controls like ActiveX Controls, Toolbars, and Browser Helper Objects (BHOs) which are specifically written to extend or enhance the functionality of the browser or web pages.

    - -

    This list can be used with the 'Deny all add-ons unless specifically allowed in the Add-on List' policy setting, which defines whether add-ons not listed here are assumed to be denied.

    - -

    If you enable this policy setting, you can enter a list of add-ons to be allowed or denied by Internet Explorer. For each entry that you add to the list, enter the following information:

    - -

    Name of the Value - the CLSID (class identifier) for the add-on you wish to add to the list. The CLSID should be in brackets for example, {000000000-0000-0000-0000-0000000000000}'. The CLSID for an add-on can be obtained by reading the OBJECT tag from a Web page on which the add-on is referenced.

    - -

    Value - A number indicating whether Internet Explorer should deny or allow the add-on to be loaded. To specify that an add-on should be denied enter a 0 (zero) into this field. To specify that an add-on should be allowed, enter a 1 (one) into this field. To specify that an add-on should be allowed and also permit the user to manage the add-on through Add-on Manager, enter a 2 (two) into this field.

    - -

    If you disable this policy setting, the list is deleted. The 'Deny all add-ons unless specifically allowed in the Add-on List' policy setting will still determine whether add-ons not in this list are assumed to be denied.

    - -**InternetExplorer/AllowEnhancedProtectedMode** - -

    Enhanced Protected Mode provides additional protection against malicious websites by using 64-bit processes on 64-bit versions of Windows. For computers running at least Windows 8, Enhanced Protected Mode also limits the locations Internet Explorer can read from in the registry and the file system.

    - -

    If you enable this policy setting, Enhanced Protected Mode will be turned on. Any zone that has Protected Mode enabled will use Enhanced Protected Mode. Users will not be able to disable Enhanced Protected Mode.

    - -

    If you disable this policy setting, Enhanced Protected Mode will be turned off. Any zone that has Protected Mode enabled will use the version of Protected Mode introduced in Internet Explorer 7 for Windows Vista.

    - -

    If you do not configure this policy, users will be able to turn on or turn off Enhanced Protected Mode on the Advanced tab of the Internet Options dialog.

    - -**InternetExplorer/AllowEnterpriseModeFromToolsMenu** - -

    This policy setting lets you decide whether users can turn on Enterprise Mode for websites with compatibility issues. Optionally, this policy also lets you specify where to get reports (through post messages) about the websites for which users turn on Enterprise Mode using the Tools menu.

    - -

    If you turn this setting on, users can see and use the Enterprise Mode option from the Tools menu. If you turn this setting on, but don't specify a report location, Enterprise Mode will still be available to your users, but you won't get any reports.

    - -

    If you disable or don't configure this policy setting, the menu option won't appear and users won't be able to run websites in Enterprise Mode.

    - -**InternetExplorer/AllowEnterpriseModeSiteList** - -

    This policy setting lets you specify where to find the list of websites you want opened using Enterprise Mode IE, instead of Standard mode, because of compatibility issues. Users can't edit this list.

    - -

    If you enable this policy setting, Internet Explorer downloads the website list from your location (HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\Main\EnterpriseMode), opening all listed websites using Enterprise Mode IE.

    - -

    If you disable or don't configure this policy setting, Internet Explorer opens all websites using Standards mode.

    - -**InternetExplorer/AllowInternetExplorer7PolicyList ** - -

    This policy setting allows you to add specific sites that must be viewed in Internet Explorer 7 Compatibility View.

    - -

    If you enable this policy setting, the user can add and remove sites from the list, but the user cannot remove the entries that you specify.

    - -

    If you disable or do not configure this policy setting, the user can add and remove sites from the list.

    - -**InternetExplorer/AllowInternetExplorerStandardsMode** - -

    This policy setting controls how Internet Explorer displays local intranet content. Intranet content is defined as any webpage that belongs to the local intranet security zone.

    - -

    If you enable this policy setting, Internet Explorer uses the current user agent string for local intranet content. Additionally, all local intranet Standards Mode pages appear in the Standards Mode available with the latest version of Internet Explorer. The user cannot change this behavior through the Compatibility View Settings dialog box.

    - -

    If you disable this policy setting, Internet Explorer uses an Internet Explorer 7 user agent string (with an additional string appended) for local intranet content. Additionally, all local intranet Standards Mode pages appear in Internet Explorer 7 Standards Mode. The user cannot change this behavior through the Compatibility View Settings dialog box.

    - -

    If you do not configure this policy setting, Internet Explorer uses an Internet Explorer 7 user agent string (with an additional string appended) for local intranet content. Additionally, all local intranet Standards Mode pages appear in Internet Explorer 7 Standards Mode. This option results in the greatest compatibility with existing webpages, but newer content written to common Internet standards may be displayed incorrectly. This option matches the default behavior of Internet Explorer.

    - -**InternetExplorer/AllowInternetZoneTemplate** - -

    This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.

    - -

    If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.

    - -

    If you disable this template policy setting, no security level is configured.

    - -

    If you do not configure this template policy setting, no security level is configured.

    - -

    Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.

    - -

    Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.

    - -**InternetExplorer/AllowIntranetZoneTemplate** - -

    This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.

    - -

    If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.

    - -

    If you disable this template policy setting, no security level is configured.

    - -

    If you do not configure this template policy setting, no security level is configured.

    - -

    Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.

    - -

    Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.

    - -**InternetExplorer/AllowLocalMachineZoneTemplate** - -

    This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.

    - -

    If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.

    - -

    If you disable this template policy setting, no security level is configured.

    - -

    If you do not configure this template policy setting, no security level is configured.

    - -

    Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.

    - -

    Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.

    - -**InternetExplorer/AllowLockedDownInternetZoneTemplate** - -

    This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.

    - -

    If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.

    - -

    If you disable this template policy setting, no security level is configured.

    - -

    If you do not configure this template policy setting, no security level is configured.

    - -

    Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.

    - -

    Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.

    - -**InternetExplorer/AllowLockedDownIntranetZoneTemplate** - -

    This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.

    - -

    If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.

    - -

    If you disable this template policy setting, no security level is configured.

    - -

    If you do not configure this template policy setting, no security level is configured.

    - -

    Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.

    - -

    Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.

    - -**InternetExplorer/AllowLockedDownLocalMachineZoneTemplate** - -

    This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.

    - -

    If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.

    - -

    If you disable this template policy setting, no security level is configured.

    - -

    If you do not configure this template policy setting, no security level is configured.

    - -

    Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.

    - -

    Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.

    - -**InternetExplorer/AllowLockedDownRestrictedSitesZoneTemplate** - -

    This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.

    - -

    If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.

    - -

    If you disable this template policy setting, no security level is configured.

    - -

    If you do not configure this template policy setting, no security level is configured.

    - -

    Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.

    - -

    Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.

    - -**InternetExplorer/AllowOneWordEntry** - -

    This policy allows the user to go directly to an intranet site for a one-word entry in the Address bar.

    - -

    If you enable this policy setting, Internet Explorer goes directly to an intranet site for a one-word entry in the Address bar, if it is available.

    - -

    If you disable or do not configure this policy setting, Internet Explorer does not go directly to an intranet site for a one-word entry in the Address bar.

    - -**InternetExplorer/AllowSiteToZoneAssignmentList** - -

    This policy setting allows you to manage a list of sites that you want to associate with a particular security zone. These zone numbers have associated security settings that apply to all of the sites in the zone.

    - -

    Internet Explorer has 4 security zones, numbered 1-4, and these are used by this policy setting to associate sites to zones. They are: (1) Intranet zone, (2) Trusted Sites zone, (3) Internet zone, and (4) Restricted Sites zone. Security settings can be set for each of these zones through other policy settings, and their default settings are: Trusted Sites zone (Low template), Intranet zone (Medium-Low template), Internet zone (Medium template), and Restricted Sites zone (High template). (The Local Machine zone and its locked down equivalent have special security settings that protect your local computer.)

    - -

    If you enable this policy setting, you can enter a list of sites and their related zone numbers. The association of a site with a zone will ensure that the security settings for the specified zone are applied to the site. For each entry that you add to the list, enter the following information:

    - -

    Valuename A host for an intranet site, or a fully qualified domain name for other sites. The valuename may also includea specificprotocol. For example, if you enter http://www.contoso.comas the valuename, other protocols are not affected.If you enter just www.contoso.com,then all protocolsare affected for that site, including http, https, ftp, and so on. The site may also be expressed as an IP address (e.g., 127.0.0.1) or range (e.g., 127.0.0.1-10). To avoid creating conflicting policies, do not include additional characters after the domain such as trailing slashes or URL path. For example, policy settings for www.contoso.com and www.contoso.com/mail would be treated as the same policy setting by Internet Explorer, and would therefore be in conflict.

    - -

    Value - A number indicating the zone with which this site should be associated for security settings. The Internet Explorer zones described above are 1-4.

    - -

    If you disable or do not configure this policy, users may choose their own site-to-zone assignments.

    - -**InternetExplorer/AllowSuggestedSites** - -

    This policy setting controls the Suggested Sites feature, which recommends websites based on the users browsing activity. Suggested Sites reports a users browsing history to Microsoft to suggest sites that the user might want to visit.

    - -

    If you enable this policy setting, the user is not prompted to enable Suggested Sites. The users browsing history is sent to Microsoft to produce suggestions.

    - -

    If you disable this policy setting, the entry points and functionality associated with this feature are turned off.

    - -

    If you do not configure this policy setting, the user can turn on and turn off the Suggested Sites feature.

    - -**InternetExplorer/AllowTrustedSitesZoneTemplate** - -

    This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.

    - -

    If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.

    - -

    If you disable this template policy setting, no security level is configured.

    - -

    If you do not configure this template policy setting, no security level is configured.

    - -

    Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.

    - -

    Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.

    - -**InternetExplorer/AllowsLockedDownTrustedSitesZoneTemplate** - -

    This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.

    - -

    If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.

    - -

    If you disable this template policy setting, no security level is configured.

    - -

    If you do not configure this template policy setting, no security level is configured.

    - -

    Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.

    - -

    Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.

    - -**InternetExplorer/AllowsRestrictedSitesZoneTemplate** - -

    This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.

    - -

    If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.

    - -

    If you disable this template policy setting, no security level is configured.

    - -

    If you do not configure this template policy setting, no security level is configured.

    - -

    Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.

    - -

    Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.

    - -**InternetExplorer/DisableAdobeFlash** - -

    This policy setting turns off Adobe Flash in Internet Explorer and prevents applications from using Internet Explorer technology to instantiate Flash objects.

    - -

    If you enable this policy setting, Flash is turned off for Internet Explorer, and applications cannot use Internet Explorer technology to instantiate Flash objects. In the Manage Add-ons dialog box, the Flash status will be 'Disabled', and users cannot enable Flash. If you enable this policy setting, Internet Explorer will ignore settings made for Adobe Flash through the "Add-on List" and "Deny all add-ons unless specifically allowed in the Add-on List" policy settings.

    - -

    If you disable, or do not configure this policy setting, Flash is turned on for Internet Explorer, and applications can use Internet Explorer technology to instantiate Flash objects. Users can enable or disable Flash in the Manage Add-ons dialog box.

    - -

    Note that Adobe Flash can still be disabled through the "Add-on List" and "Deny all add-ons unless specifically allowed in the Add-on List" policy settings, even if this policy setting is disabled, or not configured. However, if Adobe Flash is disabled through the "Add-on List" and "Deny all add-ons unless specifically allowed in the Add-on List" policy settings and not through this policy setting, all applications that use Internet Explorer technology to instantiate Flash object can still do so. For more information, see "Group Policy Settings in Internet Explorer 10" in the Internet Explorer TechNet library.

    - -**InternetExplorer/DisableCustomerExperienceImprovementProgramParticipation** - -

    This policy setting prevents the user from participating in the Customer Experience Improvement Program (CEIP).

    - -

    If you enable this policy setting, the user cannot participate in the CEIP, and the Customer Feedback Options command does not appear on the Help menu.

    - -

    If you disable this policy setting, the user must participate in the CEIP, and the Customer Feedback Options command does not appear on the Help menu.

    - -

    If you do not configure this policy setting, the user can choose to participate in the CEIP.

    - -**InternetExplorer/DisableEnclosureDownloading** - -

    This policy setting prevents the user from having enclosures (file attachments) downloaded from a feed to the user's computer.

    - -

    If you enable this policy setting, the user cannot set the Feed Sync Engine to download an enclosure through the Feed property page. A developer cannot change the download setting through the Feed APIs.

    - -

    If you disable or do not configure this policy setting, the user can set the Feed Sync Engine to download an enclosure through the Feed property page. A developer can change the download setting through the Feed APIs.

    - -**InternetExplorer/DisableEncryptionSupport** - -

    This policy setting allows you to turn off support for Transport Layer Security (TLS) 1.0, TLS 1.1, TLS 1.2, Secure Sockets Layer (SSL) 2.0, or SSL 3.0 in the browser. TLS and SSL are protocols that help protect communication between the browser and the target server. When the browser attempts to set up a protected communication with the target server, the browser and server negotiate which protocol and version to use. The browser and server attempt to match each others list of supported protocols and versions, and they select the most preferred match.

    - -

    If you enable this policy setting, the browser negotiates or does not negotiate an encryption tunnel by using the encryption methods that you select from the drop-down list.

    - -

    If you disable or do not configure this policy setting, the user can select which encryption method the browser supports.

    - -

    Note: SSL 2.0 is off by default and is no longer supported starting with Windows 10 Version 1607. SSL 2.0 is an outdated security protocol, and enabling SSL 2.0 impairs the performance and functionality of TLS 1.0.

    - -**InternetExplorer/DisableFirstRunWizard** - -

    This policy setting prevents Internet Explorer from running the First Run wizard the first time a user starts the browser after installing Internet Explorer or Windows.

    - -

    If you enable this policy setting, you must make one of the following choices: - Skip the First Run wizard, and go directly to the user's home page. - Skip the First Run wizard, and go directly to the "Welcome to Internet Explorer" webpage.

    - -

    Starting with Windows 8, the "Welcome to Internet Explorer" webpage is not available. The user's home page will display regardless of which option is chosen.

    - -

    If you disable or do not configure this policy setting, Internet Explorer may run the First Run wizard the first time the browser is started after installation.

    - -**InternetExplorer/DisableFlipAheadFeature** - -

    This policy setting determines whether a user can swipe across a screen or click Forward to go to the next pre-loaded page of a website.

    - -

    Microsoft collects your browsing history to improve how flip ahead with page prediction works. This feature isn't available for Internet Explorer for the desktop.

    - -

    If you enable this policy setting, flip ahead with page prediction is turned off and the next webpage isn't loaded into the background.

    - -

    If you disable this policy setting, flip ahead with page prediction is turned on and the next webpage is loaded into the background.

    - -

    If you don't configure this setting, users can turn this behavior on or off, using the Settings charm.

    - -**InternetExplorer/DisableHomePageChange** - -

    The Home page specified on the General tab of the Internet Options dialog box is the default Web page that Internet Explorer loads whenever it is run.

    - -

    If you enable this policy setting, a user cannot set a custom default home page. You must specify which default home page should load on the user machine. For machines with at least Internet Explorer 7, the home page can be set within this policy to override other home page policies.

    - -

    If you disable or do not configure this policy setting, the Home page box is enabled and users can choose their own home page.

    - -**InternetExplorer/DisableSearchProviderChange** - -

    This policy setting prevents the user from changing the default search provider for the Address bar and the toolbar Search box.

    - -

    If you enable this policy setting, the user cannot change the default search provider.

    - -

    If you disable or do not configure this policy setting, the user can change the default search provider.

    - -**InternetExplorer/DisableSecondaryHomePageChange** - -

    Secondary home pages are the default Web pages that Internet Explorer loads in separate tabs from the home page whenever the browser is run. This policy setting allows you to set default secondary home pages.

    - -

    If you enable this policy setting, you can specify which default home pages should load as secondary home pages. The user cannot set custom default secondary home pages.

    - -

    If you disable or do not configure this policy setting, the user can add secondary home pages.

    - -

    Note: If the Disable Changing Home Page Settings policy is enabled, the user cannot add secondary home pages.

    - -**InternetExplorer/DoNotBlockOutdatedActiveXControls** - -

    This policy setting determines whether Internet Explorer blocks specific outdated ActiveX controls. Outdated ActiveX controls are never blocked in the Intranet Zone.

    - -

    If you enable this policy setting, Internet Explorer stops blocking outdated ActiveX controls.

    - -

    If you disable or don't configure this policy setting, Internet Explorer continues to block specific outdated ActiveX controls.

    - -

    For more information, see "Outdated ActiveX Controls" in the Internet Explorer TechNet library.

    - -**InternetExplorer/DoNotBlockOutdatedActiveXControlsOnSpecificDomains** - -

    This policy setting allows you to manage a list of domains on which Internet Explorer will stop blocking outdated ActiveX controls. Outdated ActiveX controls are never blocked in the Intranet Zone.

    - -

    If you enable this policy setting, you can enter a custom list of domains for which outdated ActiveX controls won't be blocked in Internet Explorer. Each domain entry must be formatted like one of the following:

    - -

    1. "domain.name.TLD". For example, if you want to include *.contoso.com/*, use "contoso.com" -2. "hostname". For example, if you want to include http://example, use "example" -3. "file:///path/filename.htm". For example, use "file:///C:/Users/contoso/Desktop/index.htm"

    - -

    If you disable or don't configure this policy setting, the list is deleted and Internet Explorer continues to block specific outdated ActiveX controls on all domains in the Internet Zone.

    - -

    For more information, see "Outdated ActiveX Controls" in the Internet Explorer TechNet library.

    - -**InternetExplorer/IncludeAllLocalSites** - -

    This policy setting controls whether local sites which are not explicitly mapped into any Security Zone are forced into the local Intranet security zone.

    - -

    If you enable this policy setting, local sites which are not explicitly mapped into a zone are considered to be in the Intranet Zone.

    - -

    If you disable this policy setting, local sites which are not explicitly mapped into a zone will not be considered to be in the Intranet Zone (so would typically be in the Internet Zone).

    - -

    If you do not configure this policy setting, users choose whether to force local sites into the Intranet Zone.

    - -**InternetExplorer/IncludeAllNetworkPaths** - -

    This policy setting controls whether URLs representing UNCs are mapped into the local Intranet security zone.

    - -

    If you enable this policy setting, all network paths are mapped into the Intranet Zone.

    - -

    If you disable this policy setting, network paths are not necessarily mapped into the Intranet Zone (other rules might map one there).

    - -

    If you do not configure this policy setting, users choose whether network paths are mapped into the Intranet Zone.

    - -**InternetExplorer/InternetZoneAllowAccessToDataSources** - -

    This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).

    - -

    If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.

    - -

    If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.

    - -

    If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.

    - -**InternetExplorer/InternetZoneAllowAutomaticPromptingForActiveXControls** - -

    This policy setting manages whether users will be automatically prompted for ActiveX control installations.

    - -

    If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.

    - -

    If you disable this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.

    - -

    If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.

    - -**InternetExplorer/InternetZoneAllowAutomaticPromptingForFileDownloads** - -

    This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.

    - -

    If you enable this setting, users will receive a file download dialog for automatic download attempts.

    - -

    If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.

    - -**InternetExplorer/InternetZoneAllowFontDownloads** - -

    This policy setting allows you to manage whether pages of the zone may download HTML fonts.

    - -

    If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.

    - -

    If you disable this policy setting, HTML fonts are prevented from downloading.

    - -

    If you do not configure this policy setting, HTML fonts can be downloaded automatically.

    - -**InternetExplorer/InternetZoneAllowLessPrivilegedSites** - -

    This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone.

    - -

    If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.

    - -

    If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.

    - -

    If you do not configure this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone.

    - -**InternetExplorer/InternetZoneAllowNETFrameworkReliantComponents** - -

    This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.

    - -

    If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.

    - -

    If you disable this policy setting, Internet Explorer will not execute unsigned managed components.

    - -

    If you do not configure this policy setting, Internet Explorer will execute unsigned managed components.

    - -**InternetExplorer/InternetZoneAllowScriptlets** - -

    This policy setting allows you to manage whether the user can run scriptlets.

    - -

    If you enable this policy setting, the user can run scriptlets.

    - -

    If you disable this policy setting, the user cannot run scriptlets.

    - -

    If you do not configure this policy setting, the user can enable or disable scriptlets.

    - -**InternetExplorer/InternetZoneAllowSmartScreenIE** - -

    This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.

    - -

    If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.

    - -

    If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.

    - -

    If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.

    - -

    Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.

    - -**InternetExplorer/InternetZoneAllowUserDataPersistence** - -

    This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.

    - -

    If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.

    - -

    If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.

    - -

    If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.

    - -**InternetExplorer/InternetZoneInitializeAndScriptActiveXControls** - -

    This policy setting allows you to manage ActiveX controls not marked as safe.

    - -

    If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.

    - -

    If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.

    - -

    If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.

    - -

    If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.

    - -**InternetExplorer/InternetZoneNavigateWindowsAndFrames** - -

    This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.

    - -

    If you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.

    - -

    If you disable this policy setting, users cannot open windows and frames to access applications from different domains.

    - -

    If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains.

    - -**InternetExplorer/IntranetZoneAllowAccessToDataSources** - -

    This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).

    - -

    If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.

    - -

    If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.

    - -

    If you do not configure this policy setting, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.

    - -**InternetExplorer/IntranetZoneAllowAutomaticPromptingForActiveXControls** - -

    This policy setting manages whether users will be automatically prompted for ActiveX control installations.

    - -

    If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.

    - -

    If you disable this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.

    - -

    If you do not configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.

    - -**InternetExplorer/IntranetZoneAllowAutomaticPromptingForFileDownloads** - -

    This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.

    - -

    If you enable this setting, users will receive a file download dialog for automatic download attempts.

    - -

    If you disable or do not configure this setting, users will receive a file download dialog for automatic download attempts.

    - -**InternetExplorer/IntranetZoneAllowFontDownloads** - -

    This policy setting allows you to manage whether pages of the zone may download HTML fonts.

    - -

    If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.

    - -

    If you disable this policy setting, HTML fonts are prevented from downloading.

    - -

    If you do not configure this policy setting, HTML fonts can be downloaded automatically.

    - -**InternetExplorer/IntranetZoneAllowLessPrivilegedSites** - -

    This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone.

    - -

    If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.

    - -

    If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.

    - -

    If you do not configure this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone.

    - -**InternetExplorer/IntranetZoneAllowNETFrameworkReliantComponents** - -

    This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.

    - -

    If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.

    - -

    If you disable this policy setting, Internet Explorer will not execute unsigned managed components.

    - -

    If you do not configure this policy setting, Internet Explorer will execute unsigned managed components.

    - -**InternetExplorer/IntranetZoneAllowScriptlets** - -

    This policy setting allows you to manage whether the user can run scriptlets.

    - -

    If you enable this policy setting, the user can run scriptlets.

    - -

    If you disable this policy setting, the user cannot run scriptlets.

    - -

    If you do not configure this policy setting, the user can enable or disable scriptlets.

    - -**InternetExplorer/IntranetZoneAllowSmartScreenIE** - -

    This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.

    - -

    If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.

    - -

    If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.

    - -

    If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.

    - -

    Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.

    - -**InternetExplorer/IntranetZoneAllowUserDataPersistence** - -

    This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.

    - -

    If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.

    - -

    If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.

    - -

    If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.

    - -**InternetExplorer/IntranetZoneInitializeAndScriptActiveXControls** - -

    This policy setting allows you to manage ActiveX controls not marked as safe.

    - -

    If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.

    - -

    If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.

    - -

    If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.

    - -

    If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.

    - -**InternetExplorer/IntranetZoneNavigateWindowsAndFrames** - -

    This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.

    - -

    If you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.

    - -

    If you disable this policy setting, users cannot open windows and frames to access applications from different domains.

    - -

    If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains.

    - -**InternetExplorer/LocalMachineZoneAllowAccessToDataSources** - -

    This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).

    - -

    If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.

    - -

    If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.

    - -

    If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone.

    - -**InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForActiveXControls** - -

    This policy setting manages whether users will be automatically prompted for ActiveX control installations.

    - -

    If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.

    - -

    If you disable this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.

    - -

    If you do not configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.

    - -**InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForFileDownloads** - -

    This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.

    - -

    If you enable this setting, users will receive a file download dialog for automatic download attempts.

    - -

    If you disable or do not configure this setting, users will receive a file download dialog for automatic download attempts.

    - -**InternetExplorer/LocalMachineZoneAllowFontDownloads** - -

    This policy setting allows you to manage whether pages of the zone may download HTML fonts.

    - -

    If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.

    - -

    If you disable this policy setting, HTML fonts are prevented from downloading.

    - -

    If you do not configure this policy setting, HTML fonts can be downloaded automatically.

    - -**InternetExplorer/LocalMachineZoneAllowLessPrivilegedSites** - -

    This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.

    - -

    If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.

    - -

    If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.

    - -

    If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.

    - -**InternetExplorer/LocalMachineZoneAllowNETFrameworkReliantComponents** - -

    This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.

    - -

    If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.

    - -

    If you disable this policy setting, Internet Explorer will not execute unsigned managed components.

    - -

    If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.

    - -**InternetExplorer/LocalMachineZoneAllowScriptlets** - -

    This policy setting allows you to manage whether the user can run scriptlets.

    - -

    If you enable this policy setting, the user can run scriptlets.

    - -

    If you disable this policy setting, the user cannot run scriptlets.

    - -

    If you do not configure this policy setting, the user can enable or disable scriptlets.

    - -**InternetExplorer/LocalMachineZoneAllowSmartScreenIE** - -

    This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.

    - -

    If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.

    - -

    If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.

    - -

    If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.

    - -

    Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.

    - -**InternetExplorer/LocalMachineZoneAllowUserDataPersistence** - -

    This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.

    - -

    If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.

    - -

    If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.

    - -

    If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.

    - -**InternetExplorer/LocalMachineZoneInitializeAndScriptActiveXControls** - -

    This policy setting allows you to manage ActiveX controls not marked as safe.

    - -

    If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.

    - -

    If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.

    - -

    If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.

    - -

    If you do not configure this policy setting, users are queried whether to allow the control to be loaded with parameters or scripted.

    - -**InternetExplorer/LocalMachineZoneNavigateWindowsAndFrames** - -

    This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.

    - -

    If you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.

    - -

    If you disable this policy setting, users cannot open windows and frames to access applications from different domains.

    - -

    If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains.

    - -**InternetExplorer/LockedDownInternetZoneAllowAccessToDataSources** - -

    This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).

    - -

    If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.

    - -

    If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.

    - -

    If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.

    - -**InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForActiveXControls** - -

    This policy setting manages whether users will be automatically prompted for ActiveX control installations.

    - -

    If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.

    - -

    If you disable this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.

    - -

    If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.

    - -**InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForFileDownloads** - -

    This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.

    - -

    If you enable this setting, users will receive a file download dialog for automatic download attempts.

    - -

    If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.

    - -**InternetExplorer/LockedDownInternetZoneAllowFontDownloads** - -

    This policy setting allows you to manage whether pages of the zone may download HTML fonts.

    - -

    If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.

    - -

    If you disable this policy setting, HTML fonts are prevented from downloading.

    - -

    If you do not configure this policy setting, HTML fonts can be downloaded automatically.

    - -**InternetExplorer/LockedDownInternetZoneAllowLessPrivilegedSites** - -

    This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.

    - -

    If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.

    - -

    If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.

    - -

    If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.

    - -**InternetExplorer/LockedDownInternetZoneAllowNETFrameworkReliantComponents** - -

    This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.

    - -

    If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.

    - -

    If you disable this policy setting, Internet Explorer will not execute unsigned managed components.

    - -

    If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.

    - -**InternetExplorer/LockedDownInternetZoneAllowScriptlets** - -

    This policy setting allows you to manage whether the user can run scriptlets.

    - -

    If you enable this policy setting, the user can run scriptlets.

    - -

    If you disable this policy setting, the user cannot run scriptlets.

    - -

    If you do not configure this policy setting, the user can enable or disable scriptlets.

    - -**InternetExplorer/LockedDownInternetZoneAllowSmartScreenIE** - -

    This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.

    - -

    If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.

    - -

    If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.

    - -

    If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.

    - -

    Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.

    - -**InternetExplorer/LockedDownInternetZoneAllowUserDataPersistence** - -

    This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.

    - -

    If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.

    - -

    If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.

    - -

    If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.

    - -**InternetExplorer/LockedDownInternetZoneInitializeAndScriptActiveXControls** - -

    This policy setting allows you to manage ActiveX controls not marked as safe.

    - -

    If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.

    - -

    If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.

    - -

    If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.

    - -

    If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.

    - -**InternetExplorer/LockedDownInternetZoneNavigateWindowsAndFrames** - -

    This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.

    - -

    If you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.

    - -

    If you disable this policy setting, users cannot open windows and frames to access applications from different domains.

    - -

    If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains.

    - -**InternetExplorer/LockedDownIntranetZoneAllowAccessToDataSources** - -

    This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).

    - -

    If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.

    - -

    If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.

    - -

    If you do not configure this policy setting, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.

    - -**InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForActiveXControls** - -

    This policy setting manages whether users will be automatically prompted for ActiveX control installations.

    - -

    If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.

    - -

    If you disable this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.

    - -

    If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.

    - -**InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForFileDownloads** - -

    This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.

    - -

    If you enable this setting, users will receive a file download dialog for automatic download attempts.

    - -

    If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.

    - -**InternetExplorer/LockedDownIntranetZoneAllowFontDownloads** - -

    This policy setting allows you to manage whether pages of the zone may download HTML fonts.

    - -

    If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.

    - -

    If you disable this policy setting, HTML fonts are prevented from downloading.

    - -

    If you do not configure this policy setting, HTML fonts can be downloaded automatically.

    - -**InternetExplorer/LockedDownIntranetZoneAllowLessPrivilegedSites** - -

    This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.

    - -

    If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.

    - -

    If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.

    - -

    If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.

    - -**InternetExplorer/LockedDownIntranetZoneAllowNETFrameworkReliantComponents** - -

    This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.

    - -

    If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.

    - -

    If you disable this policy setting, Internet Explorer will not execute unsigned managed components.

    - -

    If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.

    - -**InternetExplorer/LockedDownIntranetZoneAllowScriptlets** - -

    This policy setting allows you to manage whether the user can run scriptlets.

    - -

    If you enable this policy setting, the user can run scriptlets.

    - -

    If you disable this policy setting, the user cannot run scriptlets.

    - -

    If you do not configure this policy setting, the user can enable or disable scriptlets.

    - -**InternetExplorer/LockedDownIntranetZoneAllowSmartScreenIE** - -

    This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.

    - -

    If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.

    - -

    If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.

    - -

    If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.

    - -

    Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.

    - -**InternetExplorer/LockedDownIntranetZoneAllowUserDataPersistence** - -

    This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.

    - -

    If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.

    - -

    If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.

    - -

    If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.

    - -**InternetExplorer/LockedDownIntranetZoneInitializeAndScriptActiveXControls** - -

    This policy setting allows you to manage ActiveX controls not marked as safe.

    - -

    If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.

    - -

    If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.

    - -

    If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.

    - -

    If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.

    - -**InternetExplorer/LockedDownIntranetZoneNavigateWindowsAndFrames** - -

    This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.

    - -

    If you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.

    - -

    If you disable this policy setting, users cannot open windows and frames to access applications from different domains.

    - -

    If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains.

    - -**InternetExplorer/LockedDownLocalMachineZoneAllowAccessToDataSources** - -

    This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).

    - -

    If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.

    - -

    If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.

    - -

    If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone.

    - -**InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForActiveXControls** - -

    This policy setting manages whether users will be automatically prompted for ActiveX control installations.

    - -

    If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.

    - -

    If you disable this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.

    - -

    If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.

    - -**InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForFileDownloads** - -

    This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.

    - -

    If you enable this setting, users will receive a file download dialog for automatic download attempts.

    - -

    If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.

    - -**InternetExplorer/LockedDownLocalMachineZoneAllowFontDownloads** - -

    This policy setting allows you to manage whether pages of the zone may download HTML fonts.

    - -

    If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.

    - -

    If you disable this policy setting, HTML fonts are prevented from downloading.

    - -

    If you do not configure this policy setting, HTML fonts can be downloaded automatically.

    - -**InternetExplorer/LockedDownLocalMachineZoneAllowLessPrivilegedSites** - -

    This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.

    - -

    If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.

    - -

    If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.

    - -

    If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.

    - -**InternetExplorer/LockedDownLocalMachineZoneAllowNETFrameworkReliantComponents** - -

    This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.

    - -

    If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.

    - -

    If you disable this policy setting, Internet Explorer will not execute unsigned managed components.

    - -

    If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.

    - -**InternetExplorer/LockedDownLocalMachineZoneAllowScriptlets** - -

    This policy setting allows you to manage whether the user can run scriptlets.

    - -

    If you enable this policy setting, the user can run scriptlets.

    - -

    If you disable this policy setting, the user cannot run scriptlets.

    - -

    If you do not configure this policy setting, the user can enable or disable scriptlets.

    - -**InternetExplorer/LockedDownLocalMachineZoneAllowSmartScreenIE** - -

    This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.

    - -

    If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.

    - -

    If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.

    - -

    If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.

    - -

    Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.

    - -**InternetExplorer/LockedDownLocalMachineZoneAllowUserDataPersistence** - -

    This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.

    - -

    If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.

    - -

    If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.

    - -

    If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.

    - -**InternetExplorer/LockedDownLocalMachineZoneInitializeAndScriptActiveXControls** - -

    This policy setting allows you to manage ActiveX controls not marked as safe.

    - -

    If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.

    - -

    If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.

    - -

    If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.

    - -

    If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.

    - -**InternetExplorer/LockedDownLocalMachineZoneNavigateWindowsAndFrames** - -

    This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.

    - -

    If you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.

    - -

    If you disable this policy setting, users cannot open windows and frames to access applications from different domains.

    - -

    If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains.

    - -**InternetExplorer/LockedDownRestrictedSitesZoneAllowAccessToDataSources** - -

    This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).

    - -

    If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.

    - -

    If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.

    - -

    If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.

    - -**InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForActiveXControls** - -

    This policy setting manages whether users will be automatically prompted for ActiveX control installations.

    - -

    If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.

    - -

    If you disable this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.

    - -

    If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.

    - -**InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForFileDownloads** - -

    This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.

    - -

    If you enable this setting, users will receive a file download dialog for automatic download attempts.

    - -

    If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.

    - -**InternetExplorer/LockedDownRestrictedSitesZoneAllowFontDownloads** - -

    This policy setting allows you to manage whether pages of the zone may download HTML fonts.

    - -

    If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.

    - -

    If you disable this policy setting, HTML fonts are prevented from downloading.

    - -

    If you do not configure this policy setting, users are queried whether to allow HTML fonts to download.

    - -**InternetExplorer/LockedDownRestrictedSitesZoneAllowLessPrivilegedSites** - -

    This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.

    - -

    If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.

    - -

    If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.

    - -

    If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.

    - -**InternetExplorer/LockedDownRestrictedSitesZoneAllowNETFrameworkReliantComponents** - -

    This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.

    - -

    If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.

    - -

    If you disable this policy setting, Internet Explorer will not execute unsigned managed components.

    - -

    If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.

    - -**InternetExplorer/LockedDownRestrictedSitesZoneAllowScriptlets** - -

    This policy setting allows you to manage whether the user can run scriptlets.

    - -

    If you enable this policy setting, the user can run scriptlets.

    - -

    If you disable this policy setting, the user cannot run scriptlets.

    - -

    If you do not configure this policy setting, the user can enable or disable scriptlets.

    - -**InternetExplorer/LockedDownRestrictedSitesZoneAllowSmartScreenIE** - -

    This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.

    - -

    If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.

    - -

    If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.

    - -

    If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.

    - -

    Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.

    - -**InternetExplorer/LockedDownRestrictedSitesZoneAllowUserDataPersistence** - -

    This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.

    - -

    If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.

    - -

    If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.

    - -

    If you do not configure this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.

    - -**InternetExplorer/LockedDownRestrictedSitesZoneInitializeAndScriptActiveXControls** - -

    This policy setting allows you to manage ActiveX controls not marked as safe.

    - -

    If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.

    - -

    If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.

    - -

    If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.

    - -

    If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.

    - -**InternetExplorer/LockedDownRestrictedSitesZoneNavigateWindowsAndFrames** - -

    This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.

    - -

    If you enable this policy setting, users can open additional windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow additional windows and frames to access applications from other domains.

    - -

    If you disable this policy setting, users cannot open other windows and frames from other domains or access applications from different domains.

    - -

    If you do not configure this policy setting, users cannot open other windows and frames from different domains or access applications from different domains.

    - -**InternetExplorer/LockedDownTrustedSitesZoneAllowAccessToDataSources** - -

    This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).

    - -

    If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.

    - -

    If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.

    - -

    If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone.

    - -**InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForActiveXControls** - -

    This policy setting manages whether users will be automatically prompted for ActiveX control installations.

    - -

    If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.

    - -

    If you disable this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.

    - -

    If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.

    - -**InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForFileDownloads** - -

    This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.

    - -

    If you enable this setting, users will receive a file download dialog for automatic download attempts.

    - -

    If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.

    - -**InternetExplorer/LockedDownTrustedSitesZoneAllowFontDownloads** - -

    This policy setting allows you to manage whether pages of the zone may download HTML fonts.

    - -

    If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.

    - -

    If you disable this policy setting, HTML fonts are prevented from downloading.

    - -

    If you do not configure this policy setting, HTML fonts can be downloaded automatically.

    - -**InternetExplorer/LockedDownTrustedSitesZoneAllowLessPrivilegedSites** - -

    This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.

    - -

    If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.

    - -

    If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.

    - -

    If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.

    - -**InternetExplorer/LockedDownTrustedSitesZoneAllowNETFrameworkReliantComponents** - -

    This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.

    - -

    If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.

    - -

    If you disable this policy setting, Internet Explorer will not execute unsigned managed components.

    - -

    If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.

    - -**InternetExplorer/LockedDownTrustedSitesZoneAllowScriptlets** - -

    This policy setting allows you to manage whether the user can run scriptlets.

    - -

    If you enable this policy setting, the user can run scriptlets.

    - -

    If you disable this policy setting, the user cannot run scriptlets.

    - -

    If you do not configure this policy setting, the user can enable or disable scriptlets.

    - -**InternetExplorer/LockedDownTrustedSitesZoneAllowSmartScreenIE** - -

    This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.

    - -

    If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.

    - -

    If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.

    - -

    If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.

    - -

    Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.

    - -**InternetExplorer/LockedDownTrustedSitesZoneAllowUserDataPersistence** - -

    This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.

    - -

    If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.

    - -

    If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.

    - -

    If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.

    - -**InternetExplorer/LockedDownTrustedSitesZoneInitializeAndScriptActiveXControls** - -

    This policy setting allows you to manage ActiveX controls not marked as safe.

    - -

    If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.

    - -

    If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.

    - -

    If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.

    - -

    If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.

    - -**InternetExplorer/LockedDownTrustedSitesZoneNavigateWindowsAndFrames** - -

    This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.

    - -

    If you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.

    - -

    If you disable this policy setting, users cannot open windows and frames to access applications from different domains.

    - -

    If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains.

    - -**InternetExplorer/RestrictedSitesZoneAllowAccessToDataSources** - -

    This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).

    - -

    If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.

    - -

    If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.

    - -

    If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.

    - -**InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForActiveXControls** - -

    This policy setting manages whether users will be automatically prompted for ActiveX control installations.

    - -

    If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.

    - -

    If you disable this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.

    - -

    If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.

    - -**InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads** - -

    This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.

    - -

    If you enable this setting, users will receive a file download dialog for automatic download attempts.

    - -

    If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.

    - -**InternetExplorer/RestrictedSitesZoneAllowFontDownloads** - -

    This policy setting allows you to manage whether pages of the zone may download HTML fonts.

    - -

    If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.

    - -

    If you disable this policy setting, HTML fonts are prevented from downloading.

    - -

    If you do not configure this policy setting, users are queried whether to allow HTML fonts to download.

    - -**InternetExplorer/RestrictedSitesZoneAllowLessPrivilegedSites** - -

    This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.

    - -

    If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.

    - -

    If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.

    - -

    If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.

    - -**InternetExplorer/RestrictedSitesZoneAllowNETFrameworkReliantComponents** - -

    This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.

    - -

    If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.

    - -

    If you disable this policy setting, Internet Explorer will not execute unsigned managed components.

    - -

    If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.

    - -**InternetExplorer/RestrictedSitesZoneAllowScriptlets** - -

    This policy setting allows you to manage whether the user can run scriptlets.

    - -

    If you enable this policy setting, the user can run scriptlets.

    - -

    If you disable this policy setting, the user cannot run scriptlets.

    - -

    If you do not configure this policy setting, the user can enable or disable scriptlets.

    - -**InternetExplorer/RestrictedSitesZoneAllowSmartScreenIE** - -

    This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.

    - -

    If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.

    - -

    If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.

    - -

    If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.

    - -

    Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.

    - -**InternetExplorer/RestrictedSitesZoneAllowUserDataPersistence** - -

    This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.

    - -

    If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.

    - -

    If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.

    - -

    If you do not configure this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.

    - -**InternetExplorer/RestrictedSitesZoneInitializeAndScriptActiveXControls** - -

    This policy setting allows you to manage ActiveX controls not marked as safe.

    - -

    If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.

    - -

    If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.

    - -

    If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.

    - -

    If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.

    - -**InternetExplorer/RestrictedSitesZoneNavigateWindowsAndFrames** - -

    This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.

    - -

    If you enable this policy setting, users can open additional windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow additional windows and frames to access applications from other domains.

    - -

    If you disable this policy setting, users cannot open other windows and frames from other domains or access applications from different domains.

    - -

    If you do not configure this policy setting, users cannot open other windows and frames from different domains or access applications from different domains.

    - -**InternetExplorer/SearchProviderList** - -

    This policy setting allows you to restrict the search providers that appear in the Search box in Internet Explorer to those defined in the list of policy keys for search providers (found under [HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\SearchScopes]). Normally, search providers can be added from third-party toolbars or in Setup, but the user can also add them from a search provider's website.

    - -

    If you enable this policy setting, the user cannot configure the list of search providers on his or her computer, and any default providers installed do not appear (including providers installed from other applications). The only providers that appear are those in the list of policy keys for search providers. Note: This list can be created through a custom administrative template file. For information about creating this custom administrative template file, see the Internet Explorer documentation on search providers.

    - -

    If you disable or do not configure this policy setting, the user can configure his or her list of search providers.

    - -**InternetExplorer/TrustedSitesZoneAllowAccessToDataSources** - -

    This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).

    - -

    If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.

    - -

    If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.

    - -

    If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone.

    - -**InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForActiveXControls** - -

    This policy setting manages whether users will be automatically prompted for ActiveX control installations.

    - -

    If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.

    - -

    If you disable this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.

    - -

    If you do not configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.

    - -**InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForFileDownloads** - -

    This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.

    - -

    If you enable this setting, users will receive a file download dialog for automatic download attempts.

    - -

    If you disable or do not configure this setting, users will receive a file download dialog for automatic download attempts.

    - -**InternetExplorer/TrustedSitesZoneAllowFontDownloads** - -

    This policy setting allows you to manage whether pages of the zone may download HTML fonts.

    - -

    If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.

    - -

    If you disable this policy setting, HTML fonts are prevented from downloading.

    - -

    If you do not configure this policy setting, HTML fonts can be downloaded automatically.

    - -**InternetExplorer/TrustedSitesZoneAllowLessPrivilegedSites** - -

    This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone.

    - -

    If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.

    - -

    If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.

    - -

    If you do not configure this policy setting, a warning is issued to the user that potentially risky navigation is about to occur.

    - -**InternetExplorer/TrustedSitesZoneAllowNETFrameworkReliantComponents** - -

    This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.

    - -

    If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.

    - -

    If you disable this policy setting, Internet Explorer will not execute unsigned managed components.

    - -

    If you do not configure this policy setting, Internet Explorer will execute unsigned managed components.

    - -**InternetExplorer/TrustedSitesZoneAllowScriptlets** - -

    This policy setting allows you to manage whether the user can run scriptlets.

    - -

    If you enable this policy setting, the user can run scriptlets.

    - -

    If you disable this policy setting, the user cannot run scriptlets.

    - -

    If you do not configure this policy setting, the user can enable or disable scriptlets.

    - -**InternetExplorer/TrustedSitesZoneAllowSmartScreenIE** - -

    This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.

    - -

    If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.

    - -

    If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.

    - -

    If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.

    - -

    Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.

    - -**InternetExplorer/TrustedSitesZoneAllowUserDataPersistence** - -

    This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.

    - -

    If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.

    - -

    If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.

    - -

    If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.

    - -**InternetExplorer/TrustedSitesZoneInitializeAndScriptActiveXControls** - -

    This policy setting allows you to manage ActiveX controls not marked as safe.

    - -

    If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.

    - -

    If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.

    - -

    If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.

    - -

    If you do not configure this policy setting, users are queried whether to allow the control to be loaded with parameters or scripted.

    - -**InternetExplorer/TrustedSitesZoneNavigateWindowsAndFrames** - -

    This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.

    - -

    If you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.

    - -

    If you disable this policy setting, users cannot open windows and frames to access applications from different domains.

    - -

    If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains.

    - -**Kerberos/AllowForestSearchOrder** - -

    This policy setting defines the list of trusting forests that the Kerberos client searches when attempting to resolve two-part service principal names (SPNs).

    - -

    If you enable this policy setting, the Kerberos client searches the forests in this list, if it is unable to resolve a two-part SPN. If a match is found, the Kerberos client requests a referral ticket to the appropriate domain.

    - -

    If you disable or do not configure this policy setting, the Kerberos client does not search the listed forests to resolve the SPN. If the Kerberos client is unable to resolve the SPN because the name is not found, NTLM authentication might be used.

    - -**Kerberos/KerberosClientSupportsClaimsCompoundArmor** - -

    This policy setting controls whether a device will request claims and compound authentication for Dynamic Access Control and Kerberos armoring using Kerberos authentication with domains that support these features. -If you enable this policy setting, the client computers will request claims, provide information required to create compounded authentication and armor Kerberos messages in domains which support claims and compound authentication for Dynamic Access Control and Kerberos armoring.

    - -

    If you disable or do not configure this policy setting, the client devices will not request claims, provide information required to create compounded authentication and armor Kerberos messages. Services hosted on the device will not be able to retrieve claims for clients using Kerberos protocol transition. -

    - -**Kerberos/RequireKerberosArmoring** - -

    This policy setting controls whether a computer requires that Kerberos message exchanges be armored when communicating with a domain controller.

    - -

    Warning: When a domain does not support Kerberos armoring by enabling "Support Dynamic Access Control and Kerberos armoring", then all authentication for all its users will fail from computers with this policy setting enabled.

    - -

    If you enable this policy setting, the client computers in the domain enforce the use of Kerberos armoring in only authentication service (AS) and ticket-granting service (TGS) message exchanges with the domain controllers.

    - -

    Note: The Kerberos Group Policy "Kerberos client support for claims, compound authentication and Kerberos armoring" must also be enabled to support Kerberos armoring.

    - -

    If you disable or do not configure this policy setting, the client computers in the domain enforce the use of Kerberos armoring when possible as supported by the target domain. -

    - -**Kerberos/RequireStrictKDCValidation** - -

    This policy setting controls the Kerberos client's behavior in validating the KDC certificate for smart card and system certificate logon.

    - -

    If you enable this policy setting, the Kerberos client requires that the KDC's X.509 certificate contains the KDC key purpose object identifier in the Extended Key Usage (EKU) extensions, and that the KDC's X.509 certificate contains a dNSName subjectAltName (SAN) extension that matches the DNS name of the domain. If the computer is joined to a domain, the Kerberos client requires that the KDC's X.509 certificate must be signed by a Certificate Authority (CA) in the NTAuth store. If the computer is not joined to a domain, the Kerberos client allows the root CA certificate on the smart card to be used in the path validation of the KDC's X.509 certificate.

    - -

    If you disable or do not configure this policy setting, the Kerberos client requires only that the KDC certificate contain the Server Authentication purpose object identifier in the EKU extensions which can be issued to any server. -

    - -**Kerberos/SetMaximumContextTokenSize** - -

    This policy setting allows you to set the value returned to applications which request the maximum size of the SSPI context token buffer size. - -The size of the context token buffer determines the maximum size of SSPI context tokens an application expects and allocates. Depending upon authentication request processing and group memberships, the buffer might be smaller than the actual size of the SSPI context token.

    - -

    If you enable this policy setting, the Kerberos client or server uses the configured value, or the locally allowed maximum value, whichever is smaller.

    - -

    If you disable or do not configure this policy setting, the Kerberos client or server uses the locally configured value or the default value.

    - -

    Note: This policy setting configures the existing MaxTokenSize registry value in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters, which was added in Windows XP and Windows Server 2003, with a default value of 12,000 bytes. Beginning with Windows 8 the default is 48,000 bytes. Due to HTTP's base64 encoding of authentication context tokens, it is not advised to set this value more than 48,000 bytes.

    - -

    - -**Power/AllowStandbyWhenSleepingPluggedIn** - -

    This policy setting manages whether or not Windows is allowed to use standby states when putting the computer in a sleep state.

    - -

    If you enable this policy setting, Windows uses standby states to put the computer in a sleep state.

    - -

    If you disable or do not configure this policy setting, the only sleep state a computer may enter is hibernate.

    - -**Power/RequirePasswordWhenComputerWakesOnBattery** - -

    This policy setting specifies whether or not the user is prompted for a password when the system resumes from sleep.

    - -

    If you enable or do not configure this policy setting, the user is prompted for a password when the system resumes from sleep.

    - -

    If you disable this policy setting, the user is not prompted for a password when the system resumes from sleep.

    - -**Power/RequirePasswordWhenComputerWakesPluggedIn** - -

    This policy setting specifies whether or not the user is prompted for a password when the system resumes from sleep.

    - -

    If you enable or do not configure this policy setting, the user is prompted for a password when the system resumes from sleep.

    - -

    If you disable this policy setting, the user is not prompted for a password when the system resumes from sleep.

    - -**Printers/PointAndPrintRestrictions** - -

    This policy setting controls the client Point and Print behavior, including the security prompts for Windows Vista computers. The policy setting applies only to non-Print Administrator clients, and only to computers that are members of a domain.

    - -

    If you enable this policy setting: - -Windows XP and later clients will only download print driver components from a list of explicitly named servers. If a compatible print driver is available on the client, a printer connection will be made. If a compatible print driver is not available on the client, no connection will be made. - -You can configure Windows Vista clients so that security warnings and elevated command prompts do not appear when users Point and Print, or when printer connection drivers need to be updated.

    - -

    If you do not configure this policy setting: - -Windows Vista client computers can point and print to any server. - -Windows Vista computers will show a warning and an elevated command prompt when users create a printer connection to any server using Point and Print. - -Windows Vista computers will show a warning and an elevated command prompt when an existing printer connection driver needs to be updated. - -Windows Server 2003 and Windows XP client computers can create a printer connection to any server in their forest using Point and Print.

    - -

    If you disable this policy setting: - -Windows Vista client computers can create a printer connection to any server using Point and Print. - -Windows Vista computers will not show a warning or an elevated command prompt when users create a printer connection to any server using Point and Print. - -Windows Vista computers will not show a warning or an elevated command prompt when an existing printer connection driver needs to be updated. - -Windows Server 2003 and Windows XP client computers can create a printer connection to any server using Point and Print. - -The "Users can only point and print to computers in their forest" setting applies only to Windows Server 2003 and Windows XP SP1 (and later service packs).

    - -**Printers/PointAndPrintRestrictions_User** - -

    This policy setting controls the client Point and Print behavior, including the security prompts for Windows Vista computers. The policy setting applies only to non-Print Administrator clients, and only to computers that are members of a domain.

    - -

    If you enable this policy setting: - -Windows XP and later clients will only download print driver components from a list of explicitly named servers. If a compatible print driver is available on the client, a printer connection will be made. If a compatible print driver is not available on the client, no connection will be made. - -You can configure Windows Vista clients so that security warnings and elevated command prompts do not appear when users Point and Print, or when printer connection drivers need to be updated.

    - -

    If you do not configure this policy setting: - -Windows Vista client computers can point and print to any server. - -Windows Vista computers will show a warning and an elevated command prompt when users create a printer connection to any server using Point and Print. - -Windows Vista computers will show a warning and an elevated command prompt when an existing printer connection driver needs to be updated. - -Windows Server 2003 and Windows XP client computers can create a printer connection to any server in their forest using Point and Print.

    - -

    If you disable this policy setting: - -Windows Vista client computers can create a printer connection to any server using Point and Print. - -Windows Vista computers will not show a warning or an elevated command prompt when users create a printer connection to any server using Point and Print. - -Windows Vista computers will not show a warning or an elevated command prompt when an existing printer connection driver needs to be updated. - -Windows Server 2003 and Windows XP client computers can create a printer connection to any server using Point and Print. - -The "Users can only point and print to computers in their forest" setting applies only to Windows Server 2003 and Windows XP SP1 (and later service packs).

    - -**Printers/PublishPrinters** - -

    Determines whether the computer's shared printers can be published in Active Directory.

    - -

    If you enable this setting or do not configure it, users can use the "List in directory" option in the Printer's Properties' Sharing tab to publish shared printers in Active Directory.

    - -

    If you disable this setting, this computer's shared printers cannot be published in Active Directory, and the "List in directory" option is not available.

    - -

    Note: This settings takes priority over the setting "Automatically publish new printers in the Active Directory".

    - -**RemoteAssistance/CustomizeWarningMessages** - -

    This policy setting lets you customize warning messages.

    - -

    The "Display warning message before sharing control" policy setting allows you to specify a custom message to display before a user shares control of his or her computer.

    - -

    The "Display warning message before connecting" policy setting allows you to specify a custom message to display before a user allows a connection to his or her computer.

    - -

    If you enable this policy setting, the warning message you specify overrides the default message that is seen by the novice.

    - -

    If you disable this policy setting, the user sees the default warning message.

    - -

    If you do not configure this policy setting, the user sees the default warning message.

    - -**RemoteAssistance/SessionLogging** - -

    This policy setting allows you to turn logging on or off. Log files are located in the user's Documents folder under Remote Assistance.

    - -

    If you enable this policy setting, log files are generated.

    - -

    If you disable this policy setting, log files are not generated.

    - -

    If you do not configure this setting, application-based settings are used.

    - -**RemoteAssistance/SolicitedRemoteAssistance** - -

    This policy setting allows you to turn on or turn off Solicited (Ask for) Remote Assistance on this computer.

    - -

    If you enable this policy setting, users on this computer can use email or file transfer to ask someone for help. Also, users can use instant messaging programs to allow connections to this computer, and you can configure additional Remote Assistance settings.

    - -

    If you disable this policy setting, users on this computer cannot use email or file transfer to ask someone for help. Also, users cannot use instant messaging programs to allow connections to this computer.

    - -

    If you do not configure this policy setting, users can turn on or turn off Solicited (Ask for) Remote Assistance themselves in System Properties in Control Panel. Users can also configure Remote Assistance settings.

    - -

    If you enable this policy setting, you have two ways to allow helpers to provide Remote Assistance: "Allow helpers to only view the computer" or "Allow helpers to remotely control the computer."

    - -

    The "Maximum ticket time" policy setting sets a limit on the amount of time that a Remote Assistance invitation created by using email or file transfer can remain open.

    - -

    The "Select the method for sending email invitations" setting specifies which email standard to use to send Remote Assistance invitations. Depending on your email program, you can use either the Mailto standard (the invitation recipient connects through an Internet link) or the SMAPI (Simple MAPI) standard (the invitation is attached to your email message). This policy setting is not available in Windows Vista since SMAPI is the only method supported.

    - -

    If you enable this policy setting you should also enable appropriate firewall exceptions to allow Remote Assistance communications.

    - -**RemoteAssistance/UnsolicitedRemoteAssistance** - -

    This policy setting allows you to turn on or turn off Offer (Unsolicited) Remote Assistance on this computer.

    - -

    If you enable this policy setting, users on this computer can get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance.

    - -

    If you disable this policy setting, users on this computer cannot get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance.

    - -

    If you do not configure this policy setting, users on this computer cannot get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance.

    - -

    If you enable this policy setting, you have two ways to allow helpers to provide Remote Assistance: "Allow helpers to only view the computer" or "Allow helpers to remotely control the computer." When you configure this policy setting, you also specify the list of users or user groups that are allowed to offer remote assistance.

    - -

    To configure the list of helpers, click "Show." In the window that opens, you can enter the names of the helpers. Add each user or group one by one. When you enter the name of the helper user or user groups, use the following format:

    - -

    \ or

    - -

    \

    - -

    If you enable this policy setting, you should also enable firewall exceptions to allow Remote Assistance communications. The firewall exceptions required for Offer (Unsolicited) Remote Assistance depend on the version of Windows you are running.

    - -

    Windows Vista and later

    - -

    Enable the Remote Assistance exception for the domain profile. The exception must contain: -Port 135:TCP -%WINDIR%\System32\msra.exe -%WINDIR%\System32\raserver.exe

    - -

    Windows XP with Service Pack 2 (SP2) and Windows XP Professional x64 Edition with Service Pack 1 (SP1)

    - -

    Port 135:TCP -%WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe -%WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe -%WINDIR%\System32\Sessmgr.exe

    - -

    For computers running Windows Server 2003 with Service Pack 1 (SP1)

    - -

    Port 135:TCP -%WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe -%WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe -Allow Remote Desktop Exception

    - -**RemoteDesktopServices/AllowUsersToConnectRemotely** - -

    This policy setting allows you to configure remote access to computers by using Remote Desktop Services.

    - -

    If you enable this policy setting, users who are members of the Remote Desktop Users group on the target computer can connect remotely to the target computer by using Remote Desktop Services.

    - -

    If you disable this policy setting, users cannot connect remotely to the target computer by using Remote Desktop Services. The target computer will maintain any current connections, but will not accept any new incoming connections.

    - -

    If you do not configure this policy setting, Remote Desktop Services uses the Remote Desktop setting on the target computer to determine whether the remote connection is allowed. This setting is found on the Remote tab in the System properties sheet. By default, remote connections are not allowed.

    - -

    Note: You can limit which clients are able to connect remotely by using Remote Desktop Services by configuring the policy setting at Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security\Require user authentication for remote connections by using Network Level Authentication.

    - -

    You can limit the number of users who can connect simultaneously by configuring the policy setting at Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections\Limit number of connections, or by configuring the policy setting Maximum Connections by using the Remote Desktop Session Host WMI Provider. -

    - -**RemoteDesktopServices/ClientConnectionEncryptionLevel** - -

    Specifies whether to require the use of a specific encryption level to secure communications between client computers and RD Session Host servers during Remote Desktop Protocol (RDP) connections. This policy only applies when you are using native RDP encryption. However, native RDP encryption (as opposed to SSL encryption) is not recommended. This policy does not apply to SSL encryption.

    - -

    If you enable this policy setting, all communications between clients and RD Session Host servers during remote connections must use the encryption method specified in this setting. By default, the encryption level is set to High. The following encryption methods are available:

    - -

    * High: The High setting encrypts data sent from the client to the server and from the server to the client by using strong 128-bit encryption. Use this encryption level in environments that contain only 128-bit clients (for example, clients that run Remote Desktop Connection). Clients that do not support this encryption level cannot connect to RD Session Host servers.

    - -

    * Client Compatible: The Client Compatible setting encrypts data sent between the client and the server at the maximum key strength supported by the client. Use this encryption level in environments that include clients that do not support 128-bit encryption.

    - -

    * Low: The Low setting encrypts only data sent from the client to the server by using 56-bit encryption.

    - -

    If you disable or do not configure this setting, the encryption level to be used for remote connections to RD Session Host servers is not enforced through Group Policy.

    - -

    Important

    - -

    FIPS compliance can be configured through the System cryptography. Use FIPS compliant algorithms for encryption, hashing, and signing settings in Group Policy (under Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options.) The FIPS compliant setting encrypts and decrypts data sent from the client to the server and from the server to the client, with the Federal Information Processing Standard (FIPS) 140 encryption algorithms, by using Microsoft cryptographic modules. Use this encryption level when communications between clients and RD Session Host servers requires the highest level of encryption. -

    - -**RemoteDesktopServices/DoNotAllowDriveRedirection** - -

    This policy setting specifies whether to prevent the mapping of client drives in a Remote Desktop Services session (drive redirection).

    - -

    By default, an RD Session Host server maps client drives automatically upon connection. Mapped drives appear in the session folder tree in File Explorer or Computer in the format on . You can use this policy setting to override this behavior.

    - -

    If you enable this policy setting, client drive redirection is not allowed in Remote Desktop Services sessions, and Clipboard file copy redirection is not allowed on computers running Windows Server 2003, Windows 8, and Windows XP.

    - -

    If you disable this policy setting, client drive redirection is always allowed. In addition, Clipboard file copy redirection is always allowed if Clipboard redirection is allowed.

    - -

    If you do not configure this policy setting, client drive redirection and Clipboard file copy redirection are not specified at the Group Policy level. -

    - -**RemoteDesktopServices/DoNotAllowPasswordSaving** - -

    Controls whether passwords can be saved on this computer from Remote Desktop Connection.

    - -

    If you enable this setting the password saving checkbox in Remote Desktop Connection will be disabled and users will no longer be able to save passwords. When a user opens an RDP file using Remote Desktop Connection and saves his settings, any password that previously existed in the RDP file will be deleted.

    - -

    If you disable this setting or leave it not configured, the user will be able to save passwords using Remote Desktop Connection.

    - -**RemoteDesktopServices/PromptForPasswordUponConnection** - -

    This policy setting specifies whether Remote Desktop Services always prompts the client for a password upon connection.

    - -

    You can use this setting to enforce a password prompt for users logging on to Remote Desktop Services, even if they already provided the password in the Remote Desktop Connection client.

    - -

    By default, Remote Desktop Services allows users to automatically log on by entering a password in the Remote Desktop Connection client.

    - -

    If you enable this policy setting, users cannot automatically log on to Remote Desktop Services by supplying their passwords in the Remote Desktop Connection client. They are prompted for a password to log on.

    - -

    If you disable this policy setting, users can always log on to Remote Desktop Services automatically by supplying their passwords in the Remote Desktop Connection client.

    - -

    If you do not configure this policy setting, automatic logon is not specified at the Group Policy level. -

    - -**RemoteDesktopServices/RequireSecureRPCCommunication** - -

    Specifies whether a Remote Desktop Session Host server requires secure RPC communication with all clients or allows unsecured communication.

    - -

    You can use this setting to strengthen the security of RPC communication with clients by allowing only authenticated and encrypted requests.

    - -

    If the status is set to Enabled, Remote Desktop Services accepts requests from RPC clients that support secure requests, and does not allow unsecured communication with untrusted clients.

    - -

    If the status is set to Disabled, Remote Desktop Services always requests security for all RPC traffic. However, unsecured communication is allowed for RPC clients that do not respond to the request.

    - -

    If the status is set to Not Configured, unsecured communication is allowed.

    - -

    Note: The RPC interface is used for administering and configuring Remote Desktop Services.

    - -**RemoteProcedureCall/RPCEndpointMapperClientAuthentication** - -

    This policy setting controls whether RPC clients authenticate with the Endpoint Mapper Service when the call they are making contains authentication information. The Endpoint Mapper Service on computers running Windows NT4 (all service packs) cannot process authentication information supplied in this manner.

    - -

    If you disable this policy setting, RPC clients will not authenticate to the Endpoint Mapper Service, but they will be able to communicate with the Endpoint Mapper Service on Windows NT4 Server.

    - -

    If you enable this policy setting, RPC clients will authenticate to the Endpoint Mapper Service for calls that contain authentication information. Clients making such calls will not be able to communicate with the Windows NT4 Server Endpoint Mapper Service.

    - -

    If you do not configure this policy setting, it remains disabled. RPC clients will not authenticate to the Endpoint Mapper Service, but they will be able to communicate with the Windows NT4 Server Endpoint Mapper Service.

    - -

    Note: This policy will not be applied until the system is rebooted.

    - -**RemoteProcedureCall/RestrictUnauthenticatedRPCClients** - -

    This policy setting controls how the RPC server runtime handles unauthenticated RPC clients connecting to RPC servers.

    - -

    This policy setting impacts all RPC applications. In a domain environment this policy setting should be used with caution as it can impact a wide range of functionality including group policy processing itself. Reverting a change to this policy setting can require manual intervention on each affected machine. This policy setting should never be applied to a domain controller.

    - -

    If you disable this policy setting, the RPC server runtime uses the value of "Authenticated" on Windows Client, and the value of "None" on Windows Server versions that support this policy setting.

    - -

    If you do not configure this policy setting, it remains disabled. The RPC server runtime will behave as though it was enabled with the value of "Authenticated" used for Windows Client and the value of "None" used for Server SKUs that support this policy setting.

    - -

    If you enable this policy setting, it directs the RPC server runtime to restrict unauthenticated RPC clients connecting to RPC servers running on a machine. A client will be considered an authenticated client if it uses a named pipe to communicate with the server or if it uses RPC Security. RPC Interfaces that have specifically requested to be accessible by unauthenticated clients may be exempt from this restriction, depending on the selected value for this policy setting.

    - -

    -- "None" allows all RPC clients to connect to RPC Servers running on the machine on which the policy setting is applied.

    - -

    -- "Authenticated" allows only authenticated RPC Clients (per the definition above) to connect to RPC Servers running on the machine on which the policy setting is applied. Exemptions are granted to interfaces that have requested them.

    - -

    -- "Authenticated without exceptions" allows only authenticated RPC Clients (per the definition above) to connect to RPC Servers running on the machine on which the policy setting is applied. No exceptions are allowed.

    - -

    Note: This policy setting will not be applied until the system is rebooted.

    - -**Storage/EnhancedStorageDevices** - -

    This policy setting configures whether or not Windows will activate an Enhanced Storage device.

    - -

    If you enable this policy setting, Windows will not activate unactivated Enhanced Storage devices.

    - -

    If you disable or do not configure this policy setting, Windows will activate unactivated Enhanced Storage devices.

    - -**System/BootStartDriverInitialization** - -

    N/A

    - -**System/DisableSystemRestore** - -

    Allows you to disable System Restore.

    - -

    This policy setting allows you to turn off System Restore.

    - -

    System Restore enables users, in the event of a problem, to restore their computers to a previous state without losing personal data files. By default, System Restore is turned on for the boot volume.

    - -

    If you enable this policy setting, System Restore is turned off, and the System Restore Wizard cannot be accessed. The option to configure System Restore or create a restore point through System Protection is also disabled.

    - -

    If you disable or do not configure this policy setting, users can perform System Restore and configure System Restore settings through System Protection.

    - -

    Also, see the "Turn off System Restore configuration" policy setting. If the "Turn off System Restore" policy setting is disabled or not configured, the "Turn off System Restore configuration" policy setting is used to determine whether the option to configure System Restore is available.

    - -**WindowsLogon/DisableLockScreenAppNotifications** - -

    This policy setting allows you to prevent app notifications from appearing on the lock screen.

    - -

    If you enable this policy setting, no app notifications are displayed on the lock screen.

    - -

    If you disable or do not configure this policy setting, users can choose which apps display notifications on the lock screen.

    - -**WindowsLogon/DontDisplayNetworkSelectionUI** - -

    This policy setting allows you to control whether anyone can interact with available networks UI on the logon screen.

    - -

    If you enable this policy setting, the PC's network connectivity state cannot be changed without signing into Windows.

    - -

    If you disable or don't configure this policy setting, any user can disconnect the PC from the network or can connect the PC to other available networks without signing into Windows.

    - - - - - - - diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 2e05286caf..ff951b9536 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -1,19 +1,14 @@ --- title: Policy CSP description: Policy CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 4F3A1134-D401-44FC-A583-6EDD3070BA4F -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Policy CSP The Policy configuration service provider enables the enterprise to configure policies on Windows 10. Use this configuration service provider to configure any company policies. @@ -112,6 +107,9 @@ The following diagram shows the Policy configuration service provider in tree fo

    Supported operations are Add and Get. Does not support Delete. +> [!Note] +> The policies supported in Windows 10 S is the same as in Windows 10 Pro, except that policies under AppliationsDefaults are not suppported in Windows 10 S. +

    @@ -120,6 +118,29 @@ The following diagram shows the Policy configuration service provider in tree fo **AboveLock/AllowActionCenterNotifications** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcross markcross markcross markcheck markcheck mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. @@ -133,26 +154,34 @@ The following diagram shows the Policy configuration service provider in tree fo

    Most restricted value is 0. - - - - -SKU Support: -- Home: No -- Pro: No -- Enterprise: No -- Education: No -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **AboveLock/AllowCortanaAboveLock** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. Specifies whether or not the user can interact with Cortana using speech while the system is locked. If you enable or don’t configure this setting, the user can interact with Cortana using speech while the system is locked. If you disable this setting, the system will need to be unlocked for the user to interact with Cortana using speech. @@ -161,26 +190,34 @@ SKU Support: - 0 – Not allowed. - 1 (default) – Allowed. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **AboveLock/AllowToasts** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Specifies whether to allow toast notifications above the device lock screen. @@ -191,26 +228,34 @@ SKU Support:

    Most restricted value is 0. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Accounts/AllowAddingNonMicrosoftAccountsManually** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Specifies whether user is allowed to add non-MSA email accounts. @@ -224,26 +269,34 @@ SKU Support: > [!NOTE] > This policy will only block UI/UX-based methods for adding non-Microsoft accounts. Even if this policy is enforced, you can still provision non-MSA accounts using the [EMAIL2 CSP](email2-csp.md). - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Accounts/AllowMicrosoftAccountConnection** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Specifies whether the user is allowed to use an MSA account for non-email related connection authentication and services. @@ -254,26 +307,34 @@ SKU Support:

    Most restricted value is 0. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Accounts/AllowMicrosoftAccountSignInAssistant** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2check mark2check mark2
    + +

    Added in Windows 10, version 1703. Allows IT Admins the ability to disable the "Microsoft Account Sign-In Assistant" (wlidsvc) NT service. @@ -282,27 +343,34 @@ SKU Support: - 0 – Disabled. - 1 (default) – Manual start. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Business: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Accounts/DomainNamesForEmailSync** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Specifies a list of the domains that are allowed to sync email on the device. @@ -310,22 +378,7 @@ SKU Support:

    The default value is an empty string, which allows all email accounts on the device to sync email. Otherwise, the string should contain a pipe-separated list of domains that are allowed to sync email on the device. For example, "contoso.com|fabrikam.net|woodgrove.gov". - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **ActiveXControls/ApprovedInstallationSites** @@ -339,9 +392,6 @@ If you disable or do not configure this policy setting, ActiveX controls prompt Note: Wild card characters cannot be used when specifying the host URLs. - - - ADMX Info: @@ -358,8 +408,6 @@ ADMX Info: This policy setting allows you to enable or disable Microsoft Application Virtualization (App-V) feature. Reboot is needed for disable to take effect. - - ADMX Info: @@ -376,8 +424,6 @@ ADMX Info: Enables Dynamic Virtualization of supported shell extensions, browser helper objects, and ActiveX controls. - - ADMX Info: @@ -394,8 +440,6 @@ ADMX Info: Enables automatic cleanup of appv packages that were added after Windows10 anniversary release. - - ADMX Info: @@ -412,8 +456,6 @@ ADMX Info: Enables scripts defined in the package manifest of configuration files that should run. - - ADMX Info: @@ -430,8 +472,6 @@ ADMX Info: Enables a UX to display to the user when a publishing refresh is performed on the client. - - ADMX Info: @@ -458,9 +498,6 @@ Data Cache Limit: This value specifies the maximum size in megabytes (MB) of the Data Block Size: This value specifies the maximum size in bytes to transmit to the server at once on a reporting upload, to avoid permanent transmission failures when the log has reached a significant size. The default value is 65536. When transmitting report data to the server, one block at a time of application records that is less than or equal to the block size in bytes of XML data will be removed from the cache and sent to the server. Each block will have the general Client data and global package list data prepended, and these will not factor into the block size calculations; the potential exists for an extremely large package list to result in transmission failures over low bandwidth or unreliable connections. - - - ADMX Info: @@ -477,8 +514,6 @@ ADMX Info: Specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage: /FILEEXCLUSIONLIST='desktop;my pictures'. - - ADMX Info: @@ -495,8 +530,6 @@ ADMX Info: Specifies the registry paths that do not roam with a user profile. Example usage: /REGISTRYEXCLUSIONLIST=software\classes;software\clients. - - ADMX Info: @@ -513,8 +546,6 @@ ADMX Info: Specifies how new packages should be loaded automatically by App-V on a specific computer. - - ADMX Info: @@ -531,8 +562,6 @@ ADMX Info: Migration mode allows the App-V client to modify shortcuts and FTA's for packages created using a previous version of App-V. - - ADMX Info: @@ -549,8 +578,6 @@ ADMX Info: Specifies the location where symbolic links are created to the current version of a per-user published package. Shortcuts, file type associations, etc. are created pointing to this path. If empty, symbolic links are not used during publishing. Example: %localappdata%\Microsoft\AppV\Client\Integration. - - ADMX Info: @@ -567,8 +594,6 @@ ADMX Info: Specifies the location where symbolic links are created to the current version of a globally published package. Shortcuts, file type associations, etc. are created pointing to this path. If empty, symbolic links are not used during publishing. Example: %allusersprofile%\Microsoft\AppV\Client\Integration. - - ADMX Info: @@ -603,9 +628,6 @@ User Publishing Refresh Interval: Specifies the publishing refresh interval usin User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31). - - - ADMX Info: @@ -640,9 +662,6 @@ User Publishing Refresh Interval: Specifies the publishing refresh interval usin User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31). - - - ADMX Info: @@ -677,9 +696,6 @@ User Publishing Refresh Interval: Specifies the publishing refresh interval usin User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31). - - - ADMX Info: @@ -714,9 +730,6 @@ User Publishing Refresh Interval: Specifies the publishing refresh interval usin User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31). - - - ADMX Info: @@ -751,9 +764,6 @@ User Publishing Refresh Interval: Specifies the publishing refresh interval usin User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31). - - - ADMX Info: @@ -770,8 +780,6 @@ ADMX Info: Specifies the path to a valid certificate in the certificate store. - - ADMX Info: @@ -788,8 +796,6 @@ ADMX Info: This setting controls whether virtualized applications are launched on Windows 8 machines connected via a metered network connection (e.g. 4G). - - ADMX Info: @@ -806,8 +812,6 @@ ADMX Info: Specifies the CLSID for a compatible implementation of the IAppvPackageLocationProvider interface. - - ADMX Info: @@ -824,8 +828,6 @@ ADMX Info: Specifies directory where all new applications and updates will be installed. - - ADMX Info: @@ -842,8 +844,6 @@ ADMX Info: Overrides source location for downloading package content. - - ADMX Info: @@ -860,8 +860,6 @@ ADMX Info: Specifies the number of seconds between attempts to reestablish a dropped session. - - ADMX Info: @@ -878,8 +876,6 @@ ADMX Info: Specifies the number of times to retry a dropped session. - - ADMX Info: @@ -896,8 +892,6 @@ ADMX Info: Specifies that streamed package contents will be not be saved to the local hard disk. - - ADMX Info: @@ -914,8 +908,6 @@ ADMX Info: If enabled, the App-V client will support BrancheCache compatible HTTP streaming. If BranchCache support is not desired, this should be disabled. The client can then apply HTTP optimizations which are incompatible with BranchCache - - ADMX Info: @@ -932,8 +924,6 @@ ADMX Info: Verifies Server certificate revocation status before streaming using HTTPS. - - ADMX Info: @@ -950,8 +940,6 @@ ADMX Info: Specifies a list of process paths (may contain wildcards) which are candidates for using virtual components (shell extensions, browser helper objects, etc). Only processes whose full path matches one of these items can use virtual components. - - ADMX Info: @@ -965,6 +953,29 @@ ADMX Info: **ApplicationDefaults/DefaultAssociationsConfiguration** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2check mark2check mark2
    + +

    Added in Windows 10, version 1703. This policy allows an administrator to set default file type and protocol associations. When set, default associations will be applied on sign-in to the PC. The association file can be created using the DISM tool (dism /online /export-defaultappassociations:appassoc.xml), and then needs to be base64 encoded before being added to SyncML. @@ -1022,27 +1033,34 @@ PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4NCjxEZWZhdWx0QXNzb2NpYXRpb25z ``` - - - - -SKU Support: -- Home: No -- Pro: Yes -- Business: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): No - - **ApplicationManagement/AllowAllTrustedApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check markcheck markcheck markcheck markcheck markcheck mark
    + +

    Specifies whether non Windows Store apps are allowed. @@ -1054,26 +1072,34 @@ SKU Support:

    Most restricted value is 0. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **ApplicationManagement/AllowAppStoreAutoUpdate** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Specifies whether automatic update of apps from Windows Store are allowed. @@ -1084,26 +1110,34 @@ SKU Support:

    Most restricted value is 0. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **ApplicationManagement/AllowDeveloperUnlock** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Specifies whether developer unlock is allowed. @@ -1115,26 +1149,34 @@ SKU Support:

    Most restricted value is 0. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): No - - **ApplicationManagement/AllowGameDVR** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > The policy is only enforced in Windows 10 for desktop. @@ -1148,26 +1190,34 @@ SKU Support:

    Most restricted value is 0. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **ApplicationManagement/AllowSharedUserAppData** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Specifies whether multiple users of the same app can share data. @@ -1178,26 +1228,34 @@ SKU Support:

    Most restricted value is 0. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **ApplicationManagement/AllowStore** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcross markcross markcross markcheck markcheck mark
    + +

    Specifies whether app store is allowed at the device. @@ -1208,26 +1266,34 @@ SKU Support:

    Most restricted value is 0. - - - - -SKU Support: -- Home: No -- Pro: No -- Enterprise: No -- Education: No -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **ApplicationManagement/ApplicationRestrictions** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcross markcross markcross markcheck markcheck mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. For desktop devices, use the [AppLocker CSP](applocker-csp.md) instead. @@ -1253,26 +1319,34 @@ SKU Support:

    Value evaluation rule - The information for PolicyManager is opaque. There is no most restricted value evaluation. Whenever there is a change to the value, the device parses the node value and enforces specified policies. - - - - -SKU Support: -- Home: No -- Pro: No -- Enterprise: No -- Education: No -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **ApplicationManagement/DisableStoreOriginatedApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcross markcheck mark1check mark1cross markcross mark
    + +

    Added in Windows 10, version 1607. Boolean value that disables the launch of all apps from Windows Store that came pre-installed or were downloaded. @@ -1281,26 +1355,34 @@ SKU Support: - 0 (default) – Enable launch of apps. - 1 – Disable launch of apps. - - - - -SKU Support: -- Home: No -- Pro: No -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **ApplicationManagement/RequirePrivateStoreOnly** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcross markcheck markcheck markcheck markcheck mark
    + +

    Allows disabling of the retail catalog and only enables the Private store. @@ -1320,26 +1402,34 @@ SKU Support:

    Most restricted value is 1. - - - - -SKU Support: -- Home: No -- Pro: No -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **ApplicationManagement/RestrictAppDataToSystemVolume** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Specifies whether application data is restricted to the system drive. @@ -1350,26 +1440,34 @@ SKU Support:

    Most restricted value is 1. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **ApplicationManagement/RestrictAppToSystemVolume** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Specifies whether the installation of applications is restricted to the system drive. @@ -1380,22 +1478,7 @@ SKU Support:

    Most restricted value is 1. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **AttachmentManager/DoNotPreserveZoneInformation** @@ -1409,8 +1492,6 @@ If you disable this policy setting, Windows marks file attachments with their zo If you do not configure this policy setting, Windows marks file attachments with their zone information. - - ADMX Info: @@ -1433,8 +1514,6 @@ If you disable this policy setting, Windows shows the check box and Unblock butt If you do not configure this policy setting, Windows hides the check box and Unblock button. - - ADMX Info: @@ -1457,8 +1536,6 @@ If you disable this policy setting, Windows does not call the registered antivir If you do not configure this policy setting, Windows does not call the registered antivirus programs when file attachments are opened. - - ADMX Info: @@ -1472,6 +1549,29 @@ ADMX Info: **Authentication/AllowEAPCertSSO** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. @@ -1491,26 +1591,34 @@ ADMX Info: - 0 – Not allowed. - 1 (default) – Allowed. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Authentication/AllowFastReconnect** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check markcheck markcheck markcheck markcheck markcheck mark
    + +

    Allows EAP Fast Reconnect from being attempted for EAP Method TLS. @@ -1521,26 +1629,34 @@ SKU Support:

    Most restricted value is 0. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): No - - **Authentication/AllowSecondaryAuthenticationDevice** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. Allows secondary authentication devices to work with Windows. @@ -1551,22 +1667,7 @@ SKU Support:

    The default for this policy must be on for consumer devices (defined as local or Microsoft account connected device) and off for enterprise devices (such as cloud domain-joined, cloud domain-joined in an on-premise only environment, cloud domain-joined in a hybrid environment, and BYOD). - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): No - - **Autoplay/DisallowAutoplayForNonVolumeDevices** @@ -1578,8 +1679,6 @@ If you enable this policy setting, AutoPlay is not allowed for MTP devices like If you disable or do not configure this policy setting, AutoPlay is enabled for non-volume devices. - - ADMX Info: @@ -1609,8 +1708,6 @@ b) Revert back to pre-Windows Vista behavior of automatically executing the auto If you disable or not configure this policy setting, Windows Vista or later will prompt the user whether autorun command is to be run. - - ADMX Info: @@ -1641,8 +1738,6 @@ If you disable or do not configure this policy setting, AutoPlay is enabled. Note: This policy setting appears in both the Computer Configuration and User Configuration folders. If the policy settings conflict, the policy setting in Computer Configuration takes precedence over the policy setting in User Configuration. - - ADMX Info: @@ -1656,6 +1751,29 @@ ADMX Info: **Bitlocker/EncryptionMethod** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Specifies the BitLocker Drive Encryption method and cipher strength. @@ -1666,26 +1784,34 @@ ADMX Info: - 6 -XTS 128 - 7 - XTS 256 - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Bluetooth/AllowAdvertising** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Specifies whether the device can send out Bluetooth advertisements. @@ -1698,26 +1824,34 @@ SKU Support:

    Most restricted value is 0. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): No - - **Bluetooth/AllowDiscoverableMode** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Specifies whether other Bluetooth-enabled devices can discover the device. @@ -1730,26 +1864,34 @@ SKU Support:

    Most restricted value is 0. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): No - - **Bluetooth/AllowPrepairing** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark1check mark1check mark1check mark1check mark1
    + +

    Specifies whether to allow specific bundled Bluetooth peripherals to automatically pair with the host device. @@ -1758,26 +1900,34 @@ SKU Support: - 0 – Not allowed. - 1 (default)– Allowed. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): No - - **Bluetooth/LocalDeviceName** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Sets the local Bluetooth device name. @@ -1785,51 +1935,67 @@ SKU Support:

    If this policy is not set or it is deleted, the default local radio name is used. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): No - - **Bluetooth/ServicesAllowedList** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Set a list of allowable services and profiles. String hex formatted array of Bluetooth service UUIDs in canonical format, delimited by semicolons. For example, {782AFCFC-7CAA-436C-8BF0-78CD0FFBD4AF}.

    The default value is an empty string. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): No - - **Browser/AllowAddressBarDropdown** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2cross markcross mark
    + +

    Added in Windows 10, version 1703. Specifies whether to allow the address bar drop-down functionality in Microsoft Edge. If you want to minimize network connections from Microsoft Edge to Microsoft services, we recommend disabling this functionality.  @@ -1843,14 +2009,34 @@ SKU Support:

    Most restricted value is 0. - - - **Browser/AllowAutofill** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcross markcross mark
    + +

    Specifies whether autofill on websites is allowed. @@ -1868,26 +2054,34 @@ SKU Support: 3. Click **Settings** in the drop down list, and select **View Advanced Settings**. 4. Verify the setting **Save form entries** is greyed out. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): No - - **Browser/AllowBrowser** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcross markcross markcross markcheck markcheck mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. For desktop devices, use the [AppLocker CSP](applocker-csp.md) instead. @@ -1904,26 +2098,34 @@ SKU Support:

    When this policy is set to 0 (not allowed), the Microsoft Edge for Windows 10 Mobile tile will appear greyed out, and clicking on the tile will display a message indicating theat Internet browsing has been disabled by your administrator. - - - - -SKU Support: -- Home: No -- Pro: No -- Enterprise: No -- Education: No -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): Yes - - **Browser/AllowCookies** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Specifies whether cookies are allowed. @@ -1941,25 +2143,34 @@ SKU Support: 3. Click **Settings** in the drop down list, and select **View Advanced Settings**. 4. Verify the setting **Cookies** is greyed out. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: Yes - - **Browser/AllowDeveloperTools** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. @@ -1974,26 +2185,34 @@ SKU Support:

    Most restricted value is 0. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Browser/AllowDoNotTrack** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Specifies whether Do Not Track headers are allowed. @@ -2011,26 +2230,34 @@ SKU Support: 3. Click **Settings** in the drop down list, and select **View Advanced Settings**. 4. Verify the setting **Send Do Not Track requests** is greyed out. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): No - - **Browser/AllowExtensions** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark1check mark1check mark1cross markcross mark
    + +

    Added in Windows 10, version 1607. Specifies whether Microsoft Edge extensions are allowed. @@ -2039,26 +2266,34 @@ SKU Support: - 0 – Not allowed. - 1 (default) – Allowed. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Browser/AllowFlash** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcross markcross mark
    + +

    Added in Windows 10. Specifies whether Adobe Flash can run in Microsoft Edge. @@ -2067,26 +2302,34 @@ SKU Support: - 0 – Not allowed. - 1 (default) – Allowed. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Browser/AllowFlashClickToRun** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2cross markcross mark
    + +

    Added in Windows 10, version 1703. Specifies whether users must take an action, such as clicking the content or a Click-to-Run button, before seeing content in Adobe Flash. @@ -2095,26 +2338,34 @@ SKU Support: - 0 – Adobe Flash content is automatically loaded and run by Microsoft Edge. - 1 (default) – Users must click the content, click a Click-to-Run button, or have the site appear on an auto-allow list before Microsoft Edge loads and runs Adobe Flash content. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Browser/AllowInPrivate** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check markcheck markcheck markcheck markcheck markcheck mark
    + +

    Specifies whether InPrivate browsing is allowed on corporate networks. @@ -2125,26 +2376,34 @@ SKU Support:

    Most restricted value is 0. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): No - - **Browser/AllowMicrosoftCompatibilityList** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2check mark2check mark2
    + +

    Added in Windows 10, version 1703. Specifies whether to use the Microsoft compatibility list in Microsoft Edge. The Microsoft compatibility list is a Microsoft-provided list that enables sites with known compatibility issues to display properly. By default, the Microsoft compatibility list is enabled and can be viewed by visiting "about:compat". @@ -2158,14 +2417,34 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis

    Most restricted value is 0. - - - **Browser/AllowPasswordManager** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Specifies whether saving and managing passwords locally on the device is allowed. @@ -2183,26 +2462,34 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis 3. Click **Settings** in the drop down list, and select **View Advanced Settings**. 4. Verify the settings **Offer to save password** and **Manage my saved passwords** are greyed out. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): No - - **Browser/AllowPopups** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcross markcross mark
    + +

    Specifies whether pop-up blocker is allowed or enabled. @@ -2220,26 +2507,34 @@ SKU Support: 3. Click **Settings** in the drop down list, and select **View Advanced Settings**. 4. Verify the setting **Block pop-ups** is greyed out. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): No - - **Browser/AllowSearchEngineCustomization** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2check mark2check mark2
    + +

    Added in Windows 10, version 1703. Allows search engine customization for MDM-enrolled devices. Users can change their default search engine.     @@ -2252,14 +2547,34 @@ SKU Support:

    Most restricted value is 0. - - - **Browser/AllowSearchSuggestionsinAddressBar** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Specifies whether search suggestions are allowed in the address bar. @@ -2270,26 +2585,34 @@ SKU Support:

    Most restricted value is 0. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): No - - **Browser/AllowSmartScreen** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Specifies whether Windows Defender SmartScreen is allowed. @@ -2307,26 +2630,34 @@ SKU Support: 3. Click **Settings** in the drop down list, and select **View Advanced Settings**. 4. Verify the setting **Help protect me from malicious sites and download with SmartScreen Filter** is greyed out. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Browser/ClearBrowsingDataOnExit** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2check mark2check mark2
    + +

    Added in Windows 10, version 1703. Specifies whether to clear browsing data on exiting Microsoft Edge. @@ -2343,14 +2674,34 @@ SKU Support: 2. Close the Microsoft Edge window. 3. Open Microsoft Edge and start typing the same URL in address bar. Verify that it does not auto-complete from history. - - - **Browser/ConfigureAdditionalSearchEngines** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2check mark2check mark2
    + +

    Added in Windows 10, version 1703. Allows you to add up to 5 additional search engines for MDM-enrolled devices.    @@ -2369,14 +2720,34 @@ Employees cannot remove these search engines, but they can set any one as the de

    Most restricted value is 0. - - - **Browser/DisableLockdownOfStartPages** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2cross markcross mark
    + +

    Added in Windows 10, version 1703. Boolean value that specifies whether the lockdown on the Start pages is disabled. This policy works with the Browser/HomePages policy, which locks down the Start pages that the users cannot modify. You can use the DisableLockdownOfStartPages policy to allow users to modify the Start pages when the Browser/HomePages policy is in effect.     @@ -2393,14 +2764,34 @@ Employees cannot remove these search engines, but they can set any one as the de

    Most restricted value is 0. - - - **Browser/EnterpriseModeSiteList** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check markcheck markcheck markcheck markcheck markcheck mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. @@ -2413,50 +2804,66 @@ Employees cannot remove these search engines, but they can set any one as the de - Not configured. The device checks for updates from Microsoft Update. - Set to a URL location of the enterprise site list. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): No - - **Browser/EnterpriseSiteListServiceUrl** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check markcheck markcheck markcheck markcheck markcheck mark
    + + > [!IMPORTANT] > This policy (introduced in Windows 10, version 1507) was deprecated in Windows 10, version 1511 by [Browser/EnterpriseModeSiteList](#browser-enterprisemodesitelist). - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): No - - **Browser/FirstRunURL** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcross markcross markcross markcheck markcheck mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. @@ -2468,26 +2875,34 @@ SKU Support:

    The default value is an empty string. Otherwise, the string should contain the URL of the webpage users will see the first time Microsoft Edge is run. For example, “contoso.com”. - - - - -SKU Support: -- Home: No -- Pro: No -- Enterprise: No -- Education: No -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Browser/HomePages** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > This policy is only available for Windows 10 for desktop and not supported in Windows 10 Mobile. @@ -2501,27 +2916,34 @@ SKU Support: > [!NOTE] > Turning this setting off, or not configuring it, sets your default Start pages to the webpages specified in App settings. - - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Browser/PreventAccessToAboutFlagsInMicrosoftEdge** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check markcheck markcheck markcheck markcross markcross mark
    + +

    Specifies whether users can access the about:flags page, which is used to change developer settings and to enable experimental features. @@ -2530,26 +2952,34 @@ SKU Support: - 0 (default) – Users can access the about:flags page in Microsoft Edge. - 1 – Users can't access the about:flags page in Microsoft Edge. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Browser/PreventFirstRunPage** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2check mark2check mark2
    + +

    Added in Windows 10, version 1703. Specifies whether to enable or disable the First Run webpage. On the first explicit user-launch of Microsoft Edge, a First Run webpage hosted on Microsoft.com opens automatically via a FWLINK. This policy allows enterprises (such as those enrolled in a zero-emissions configuration) to prevent this page from opening. @@ -2560,14 +2990,34 @@ SKU Support:

    Most restricted value is 1. - - - **Browser/PreventLiveTileDataCollection** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2check mark2check mark2
    + +

    Added in Windows 10, version 1703. Specifies whether Microsoft can collect information to create a Live Tile when pinning a site to Start from Microsoft Edge. @@ -2578,14 +3028,34 @@ SKU Support:

    Most restricted value is 1. - - - **Browser/PreventSmartScreenPromptOverride** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Specifies whether users can override the Windows Defender SmartScreen Filter warnings about potentially malicious websites. @@ -2596,26 +3066,34 @@ SKU Support:

    Turning this setting on stops users from ignoring the Windows Defender SmartScreen Filter warnings and blocks them from going to the site. Turning this setting off, or not configuring it, lets users ignore the Windows Defender SmartScreen Filter warnings about potentially malicious websites and to continue to the site. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Browser/PreventSmartScreenPromptOverrideForFiles** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Specifies whether users can override the Windows Defender SmartScreen Filter warnings about downloading unverified files. Turning this setting on stops users from ignoring the Windows Defender SmartScreen Filter warnings and blocks them from downloading unverified files. Turning this setting off, or not configuring it, lets users ignore the Windows Defender SmartScreen Filter warnings about unverified files and lets them continue the download process. @@ -2624,26 +3102,34 @@ SKU Support: - 0 (default) – Off. - 1 – On. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Browser/PreventUsingLocalHostIPAddressForWebRTC** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. @@ -2656,26 +3142,34 @@ SKU Support: - 0 (default) – The localhost IP address is shown. - 1 – The localhost IP address is hidden. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Browser/SendIntranetTraffictoInternetExplorer** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. @@ -2690,26 +3184,34 @@ SKU Support:

    Most restricted value is 0. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): No - - **Browser/SetDefaultSearchEngine** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2check mark2check mark2
    + +

    Added in Windows 10, version 1703. Allows you configure the default search engine for your employees. By default, your employees can change the default search engine at any time. If you want to prevent your employees from changing the default search engine that you set, you can do so by configuring the AllowSearchEngineCustomization policy. @@ -2727,14 +3229,34 @@ SKU Support:

    Most restricted value is 0. - - - **Browser/ShowMessageWhenOpeningSitesInInternetExplorer** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. @@ -2749,26 +3271,34 @@ SKU Support:

    Most restricted value is 0. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Browser/SyncFavoritesBetweenIEAndMicrosoftEdge** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2cross markcross mark
    + +

    Added in Windows 10, version 1703. Specifies whether favorites are kept in sync between Internet Explorer and Microsoft Edge. Changes to favorites in one browser are reflected in the other, including: additions, deletions, modifications, and ordering. @@ -2790,27 +3320,34 @@ SKU Support:

  • Verify that the favorites added to Internet Explorer show up in the favorites list in Microsoft Edge. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Business: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Camera/AllowCamera** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Disables or enables the camera. @@ -2821,26 +3358,34 @@ SKU Support:

    Most restricted value is 0. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): Yes - - **Connectivity/AllowBluetooth** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Allows the user to enable Bluetooth or restrict access. @@ -2858,26 +3403,34 @@ SKU Support:

    Most restricted value is 0. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): Yes - - **Connectivity/AllowCellularData** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcross markcross markcross markcheck markcheck mark
    + +

    Allows the cellular data channel on the device. Device reboot is not required to enforce the policy. @@ -2887,26 +3440,34 @@ SKU Support: - 1 (default) – Allow the cellular data channel. The user can turn it off. - 2 - Allow the cellular data channel. The user cannot turn it off. - - - - -SKU Support: -- Home: No -- Pro: No -- Enterprise: No -- Education: No -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Connectivity/AllowCellularDataRoaming** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Allows or disallows cellular data roaming on the device. Device reboot is not required to enforce the policy. @@ -2926,26 +3487,34 @@ SKU Support: 2. Click on the SIM (next to the signal strength icon) and select **Properties**. 3. On the Properties page, select **Data roaming options**. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): Yes - - **Connectivity/AllowConnectedDevices** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark2check mark2check mark2check mark2check mark2check mark2check mark2
    + + > [!NOTE] > This policy requires reboot to take effect. @@ -2957,27 +3526,34 @@ SKU Support: - 1 (default) - Allow (CDP service available). - 0 - Disable (CDP service not available). - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Business: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Connectivity/AllowNFC** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcross markcross markcross markcheck markcheck mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. @@ -2992,26 +3568,34 @@ SKU Support:

    Most restricted value is 0. - - - - -SKU Support: -- Home: No -- Pro: No -- Enterprise: No -- Education: No -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): No - - **Connectivity/AllowUSBConnection** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcross markcross markcross markcheck markcheck mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. @@ -3028,26 +3612,34 @@ SKU Support:

    Most restricted value is 0. - - - - -SKU Support: -- Home: No -- Pro: No -- Enterprise: No -- Education: No -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): Yes - - **Connectivity/AllowVPNOverCellular** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Specifies what type of underlying connections VPN is allowed to use. @@ -3058,26 +3650,34 @@ SKU Support:

    Most restricted value is 0. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): No - - **Connectivity/AllowVPNRoamingOverCellular** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Prevents the device from connecting to VPN when the device roams over cellular networks. @@ -3088,22 +3688,7 @@ SKU Support:

    Most restricted value is 0. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): No - - **Connectivity/HardenedUNCPaths** @@ -3113,9 +3698,6 @@ This policy setting configures secure access to UNC paths. If you enable this policy, Windows only allows access to the specified UNC paths after fulfilling additional security requirements. - - - ADMX Info: @@ -3140,8 +3722,6 @@ Note: The user's domain password will be cached in the system vault when using t To configure Windows Hello for Business, use the Administrative Template policies under Windows Hello for Business. - - ADMX Info: @@ -3164,8 +3744,6 @@ If you disable or don't configure this policy setting, a domain user can set up Note that the user's domain password will be cached in the system vault when using this feature. - - ADMX Info: @@ -3190,8 +3768,6 @@ By default, the password reveal button is displayed after a user types a passwor The policy applies to all Windows components and applications that use the Windows system controls, including Internet Explorer. - - ADMX Info: @@ -3212,8 +3788,6 @@ If you enable this policy setting, all local administrator accounts on the PC wi If you disable this policy setting, users will always be required to type a user name and password to elevate. - - ADMX Info: @@ -3227,6 +3801,29 @@ ADMX Info: **Cryptography/AllowFipsAlgorithmPolicy** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Allows or disallows the Federal Information Processing Standard (FIPS) policy. @@ -3235,49 +3832,65 @@ ADMX Info: - 0 (default) – Not allowed. - 1– Allowed. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Cryptography/TLSCipherSuites** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Lists the Cryptographic Cipher Algorithms allowed for SSL connections. Format is a semicolon delimited list. Last write win. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **DataProtection/AllowDirectMemoryAccess** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    This policy setting allows you to block direct memory access (DMA) for all hot pluggable PCI downstream ports until a user logs into Windows. Once a user logs in, Windows will enumerate the PCI devices connected to the host plug PCI ports. Every time the user locks the machine, DMA will be blocked on hot plug PCI ports with no children devices until the user logs in again. Devices which were already enumerated when the machine was unlocked will continue to function until unplugged. This policy setting is only enforced when BitLocker or device encryption is enabled. @@ -3288,26 +3901,34 @@ SKU Support:

    Most restricted value is 0. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): No - - **DataProtection/LegacySelectiveWipeID** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check markcheck markcheck markcheck markcross markcross mark
    + + > [!IMPORTANT] > This policy may change in a future release. It may be used for testing purposes, but should not be used in a production environment at this time. @@ -3318,23 +3939,7 @@ SKU Support: > [!NOTE] > This policy is not recommended for use in Windows 10. - - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **DataUsage/SetCost3G** @@ -3352,9 +3957,6 @@ If this policy setting is enabled, a drop-down list box presenting possible cost If this policy setting is disabled or is not configured, the cost of 3G connections is Fixed by default. - - - ADMX Info: @@ -3381,9 +3983,6 @@ If this policy setting is enabled, a drop-down list box presenting possible cost If this policy setting is disabled or is not configured, the cost of 4G connections is Fixed by default. - - - ADMX Info: @@ -3397,6 +3996,29 @@ ADMX Info: **Defender/AllowArchiveScanning** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -3409,26 +4031,34 @@ ADMX Info: - 0 – Not allowed. - 1 (default) – Allowed. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Defender/AllowBehaviorMonitoring** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -3441,26 +4071,34 @@ SKU Support: - 0 – Not allowed. - 1 (default) – Allowed. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Defender/AllowCloudProtection** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -3473,26 +4111,34 @@ SKU Support: - 0 – Not allowed. - 1 (default) – Allowed. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Defender/AllowEmailScanning** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -3505,26 +4151,34 @@ SKU Support: - 0 (default) – Not allowed. - 1 – Allowed. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Defender/AllowFullScanOnMappedNetworkDrives** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -3537,26 +4191,34 @@ SKU Support: - 0 (default) – Not allowed. - 1 – Allowed. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Defender/AllowFullScanRemovableDriveScanning** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -3569,26 +4231,34 @@ SKU Support: - 0 – Not allowed. - 1 (default) – Allowed. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Defender/AllowIOAVProtection** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -3601,26 +4271,34 @@ SKU Support: - 0 – Not allowed. - 1 (default) – Allowed. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Defender/AllowIntrusionPreventionSystem** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -3633,26 +4311,34 @@ SKU Support: - 0 – Not allowed. - 1 (default) – Allowed. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Defender/AllowOnAccessProtection** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -3665,26 +4351,34 @@ SKU Support: - 0 – Not allowed. - 1 (default) – Allowed. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Defender/AllowRealtimeMonitoring** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -3697,26 +4391,34 @@ SKU Support: - 0 – Not allowed. - 1 (default) – Allowed. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Defender/AllowScanningNetworkFiles** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -3729,26 +4431,34 @@ SKU Support: - 0 – Not allowed. - 1 (default) – Allowed. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Defender/AllowScriptScanning** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -3761,26 +4471,34 @@ SKU Support: - 0 – Not allowed. - 1 (default) – Allowed. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Defender/AllowUserUIAccess** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -3793,26 +4511,34 @@ SKU Support: - 0 – Not allowed. - 1 (default) – Allowed. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Defender/AvgCPULoadFactor** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -3824,26 +4550,34 @@ SKU Support:

    The default value is 50. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Defender/DaysToRetainCleanedMalware** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -3855,26 +4589,34 @@ SKU Support:

    The default value is 0, which keeps items in quarantine, and does not automatically remove them. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Defender/ExcludedExtensions** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -3882,26 +4624,34 @@ SKU Support:  

    llows an administrator to specify a list of file type extensions to ignore during a scan. Each file type in the list must be separated by a **|**. For example, "lib|obj". - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Defender/ExcludedPaths** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -3909,26 +4659,34 @@ SKU Support:

    Allows an administrator to specify a list of directory paths to ignore during a scan. Each path in the list must be separated by a **|**. For example, "C:\\Example|C:\\Example1". - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Defender/ExcludedProcesses** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -3942,26 +4700,34 @@ SKU Support:  

    Each file type must be separated by a **|**. For example, "C:\\Example.exe|C:\\Example1.exe". - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Defender/PUAProtection** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -3975,26 +4741,34 @@ SKU Support: - 1 – PUA Protection on. Detected items are blocked. They will show in history along with other threats. - 2 – Audit mode. Windows Defender will detect potentially unwanted applications, but take no action. You can review information about the applications Windows Defender would have taken action against by searching for events created by Windows Defender in the Event Viewer. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Defender/RealTimeScanDirection** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -4012,26 +4786,34 @@ SKU Support: - 1 – Monitor incoming files. - 2 – Monitor outgoing files. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Defender/ScanParameter** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -4044,26 +4826,34 @@ SKU Support: - 1 (default) – Quick scan - 2 – Full scan - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Defender/ScheduleQuickScanTime** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -4081,26 +4871,34 @@ SKU Support:

    The default value is 120 - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Defender/ScheduleScanDay** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -4124,26 +4922,34 @@ SKU Support: - 7 – Sunday - 8 – No scheduled scan - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Defender/ScheduleScanTime** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -4161,26 +4967,34 @@ SKU Support:

    The default value is 120. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Defender/SignatureUpdateInterval** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -4194,26 +5008,34 @@ SKU Support:

    The default value is 8. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Defender/SubmitSamplesConsent** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -4228,26 +5050,34 @@ SKU Support: - 2 – Never send. - 3 – Send all samples automatically. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Defender/ThreatSeverityDefaultAction** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -4273,26 +5103,34 @@ SKU Support: - 8 – User defined - 10 – Block - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **DeliveryOptimization/DOAbsoluteMaxCacheSize** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark1check mark1check mark1cross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. @@ -4302,26 +5140,34 @@ SKU Support:

    The default value is 10. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **DeliveryOptimization/DOAllowVPNPeerCaching** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2cross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. @@ -4331,27 +5177,34 @@ SKU Support:

    The default value is 0 (FALSE). - - - - -SKU Support: -- Home: No -- Pro: Yes -- Business: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **DeliveryOptimization/DODownloadMode** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. @@ -4368,26 +5221,34 @@ SKU Support: - 99 - Simple download mode with no peering. Delivery Optimization downloads using HTTP only and does not attempt to contact the Delivery Optimization cloud services. Added in Windows 10, version 1607. - 100 - Bypass mode. Do not use Delivery Optimization and use BITS instead. Added in Windows 10, version 1607. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **DeliveryOptimization/DOGroupId** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. @@ -4398,27 +5259,34 @@ SKU Support: > [!NOTE] > You must use a GUID as the group ID. - - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **DeliveryOptimization/DOMaxCacheAge** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. @@ -4428,26 +5296,34 @@ SKU Support:

    The default value is 259200 seconds (3 days). - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **DeliveryOptimization/DOMaxCacheSize** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. @@ -4457,26 +5333,34 @@ SKU Support:

    The default value is 20. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **DeliveryOptimization/DOMaxDownloadBandwidth** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark1check mark1check mark1cross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. @@ -4486,26 +5370,34 @@ SKU Support:

    The default value 0 (zero) means that Delivery Optimization dynamically adjusts to use the available bandwidth for downloads. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **DeliveryOptimization/DOMaxUploadBandwidth** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. @@ -4515,26 +5407,34 @@ SKU Support:

    The default value is 0, which permits unlimited possible bandwidth (optimized for minimal usage of upload bandwidth). - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **DeliveryOptimization/DOMinBackgroundQos** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark1check mark1check mark1cross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. @@ -4544,26 +5444,34 @@ SKU Support:

    The default value is 500. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **DeliveryOptimization/DOMinBatteryPercentageAllowedToUpload** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2cross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile. @@ -4572,27 +5480,34 @@ SKU Support:

    The default value is 0. The value 0 (zero) means "not limited" and the cloud service default value will be used. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Business: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **DeliveryOptimization/DOMinDiskSizeAllowedToPeer** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2cross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile. @@ -4605,28 +5520,34 @@ SKU Support:

    The default value is 32 GB. - - - - - -SKU Support: -- Home: No -- Pro: Yes -- Business: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **DeliveryOptimization/DOMinFileSizeToCache** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2cross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile. @@ -4636,28 +5557,34 @@ SKU Support:

    The default value is 100 MB. - - - - - -SKU Support: -- Home: No -- Pro: Yes -- Business: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **DeliveryOptimization/DOMinRAMAllowedToPeer** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2cross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile. @@ -4667,27 +5594,34 @@ SKU Support:

    The default value is 4 GB. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Business: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **DeliveryOptimization/DOModifyCacheDrive** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark1check mark1check mark1cross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. @@ -4697,26 +5631,34 @@ SKU Support:

    By default, %SystemDrive% is used to store the cache. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **DeliveryOptimization/DOMonthlyUploadDataCap** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark1check mark1check mark1cross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. @@ -4728,26 +5670,34 @@ SKU Support:

    The default value is 20. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **DeliveryOptimization/DOPercentageMaxDownloadBandwidth** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark1check mark1check mark1cross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. @@ -4757,22 +5707,7 @@ SKU Support:

    The default value 0 (zero) means that Delivery Optimization dynamically adjusts to use the available bandwidth for downloads. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Desktop/PreventUserRedirectionOfProfileFolders** @@ -4784,8 +5719,6 @@ By default, a user can change the location of their individual profile folders l If you enable this setting, users are unable to type a new location in the Target box. - - ADMX Info: @@ -4806,8 +5739,6 @@ If you enable this policy setting, Windows is prevented from installing a device If you disable or do not configure this policy setting, devices can be installed and updated as allowed or prevented by other policy settings. - - ADMX Info: @@ -4828,8 +5759,6 @@ If you enable this policy setting, Windows is prevented from installing or updat If you disable or do not configure this policy setting, Windows can install and update devices as allowed or prevented by other policy settings. - - ADMX Info: @@ -4843,6 +5772,29 @@ ADMX Info: **DeviceLock/AllowIdleReturnWithoutPassword** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcross markcross markcross markcheck markcheck mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. @@ -4859,26 +5811,34 @@ ADMX Info: - 0 – Not allowed. - 1 (default) – Allowed. - - - - -SKU Support: -- Home: No -- Pro: No -- Enterprise: No -- Education: No -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **DeviceLock/AllowScreenTimeoutWhileLockedUserConfig** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcross markcross markcross markcheck markcheck mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. @@ -4898,27 +5858,34 @@ SKU Support: > [!IMPORTANT] > If this policy is set to 1 (Allowed), the value set by **DeviceLock/ScreenTimeOutWhileLocked** is ignored. To ensure enterprise control over the screen timeout, set this policy to 0 (Not allowed) and use **DeviceLock/ScreenTimeOutWhileLocked** to set the screen timeout period. - - - - - -SKU Support: -- Home: No -- Pro: No -- Enterprise: No -- Education: No -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **DeviceLock/AllowSimpleDevicePassword** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check markcheck markcheck markcheck markcheck markcheck mark
    + +

    Specifies whether PINs or passwords such as "1111" or "1234" are allowed. For the desktop, it also controls the use of picture passwords. @@ -4933,26 +5900,34 @@ SKU Support:

    For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx). - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): Yes - - **DeviceLock/AlphanumericDevicePasswordRequired** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check markcheck markcheck markcheck markcheck markcheck mark
    + +

    Determines the type of PIN or password required. This policy only applies if the **DeviceLock/DevicePasswordEnabled** policy is set to 0 (required). @@ -4975,25 +5950,34 @@ SKU Support:   - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): Yes - - **DeviceLock/DevicePasswordEnabled** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check markcheck markcheck markcheck markcheck markcheck mark
    + +

    Specifies whether device lock is enabled. @@ -5042,26 +6026,34 @@ SKU Support: > - MaxDevicePasswordFailedAttempts > - MaxInactivityTimeDeviceLock - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): Yes - - **DeviceLock/DevicePasswordExpiration** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check markcheck markcheck markcheck markcheck markcheck mark
    + +

    Specifies when the password expires (in days). @@ -5078,26 +6070,34 @@ SKU Support:

    For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx). - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): Yes - - **DeviceLock/DevicePasswordHistory** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check markcheck markcheck markcheck markcheck markcheck mark
    + +

    Specifies how many passwords can be stored in the history that can’t be used. @@ -5116,26 +6116,34 @@ SKU Support:

    For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx). - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): Yes - - **DeviceLock/EnforceLockScreenAndLogonImage** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcross markcheck mark1check mark1cross markcross mark
    + +

    Added in Windows 10, version 1607. Specifies the default lock screen and logon image shown when no user is signed in. It also sets the specified image for all users, which replaces the default image. The same image is used for both the lock and logon screens. Users will not be able to change this image. @@ -5145,26 +6153,34 @@ SKU Support:

    Value type is a string, which is the full image filepath and filename. - - - - -SKU Support: -- Home: No -- Pro: No -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **DeviceLock/EnforceLockScreenProvider** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcross markcross markcross markcheck mark1check mark1
    + +

    Added in Windows 10, version 1607. Restricts lock screen image to a specific lock screen provider. Users will not be able change this provider. @@ -5174,26 +6190,34 @@ SKU Support:

    Value type is a string, which is the AppID. - - - - -SKU Support: -- Home: No -- Pro: No -- Enterprise: No -- Education: No -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **DeviceLock/MaxDevicePasswordFailedAttempts** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check markcheck markcheck markcheck markcheck markcheck mark
    + + The number of authentication failures allowed before the device will be wiped. A value of 0 disables device wipe functionality. @@ -5217,26 +6241,34 @@ The number of authentication failures allowed before the device will be wiped. A

    For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx). - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): Yes - - **DeviceLock/MaxInactivityTimeDeviceLock** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check markcheck markcheck markcheck markcheck markcheck mark
    + +

    Specifies the maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked. Users can select any existing timeout value less than the specified maximum time in the Settings app. Note the Lumia 950 and 950XL have a maximum timeout value of 5 minutes, regardless of the value set by this policy. @@ -5251,26 +6283,34 @@ SKU Support:

    For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx). - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): Yes - - **DeviceLock/MaxInactivityTimeDeviceLockWithExternalDisplay** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcross markcross markcross markcross markcheck mark2check mark2
    + +

    Specifies the maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked while connected to an external display. @@ -5283,27 +6323,34 @@ SKU Support: - An integer X where 0 <= X <= 999. - 0 (default) - No timeout is defined. The default of "0" is Windows Phone 7.5 parity and is interpreted by as "No timeout is defined." - - - - -SKU Support: -- Home: No -- Pro: No -- Business: No -- Enterprise: No -- Education: No -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **DeviceLock/MinDevicePasswordComplexCharacters** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check markcheck markcheck markcheck markcheck markcheck mark
    + +

    The number of complex element types (uppercase and lowercase letters, numbers, and punctuation) required for a strong PIN or password. @@ -5378,26 +6425,34 @@ SKU Support:

    For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx) and [KB article](https://support.office.com/article/This-device-doesn-t-meet-the-security-requirements-set-by-your-email-administrator-87132fc7-2c7f-4a71-9de0-779ff81c86ca). - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): Yes - - **DeviceLock/MinDevicePasswordLength** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check markcheck markcheck markcheck markcheck markcheck mark
    + +

    Specifies the minimum number or characters required in the PIN or password. @@ -5417,22 +6472,7 @@ SKU Support:

    For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx) and [KB article](https://support.office.com/article/This-device-doesn-t-meet-the-security-requirements-set-by-your-email-administrator-87132fc7-2c7f-4a71-9de0-779ff81c86ca). - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): Yes - - **DeviceLock/PreventLockScreenSlideShow** @@ -5444,8 +6484,6 @@ By default, users can enable a slide show that will run after they lock the mach If you enable this setting, users will no longer be able to modify slide show settings in PC Settings, and no slide show will ever start. - - ADMX Info: @@ -5459,6 +6497,29 @@ ADMX Info: **DeviceLock/ScreenTimeoutWhileLocked** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcross markcross markcross markcheck markcheck mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. @@ -5473,25 +6534,34 @@ ADMX Info:

    Most restricted value is 0. - - - - -SKU Support: -- Home: No -- Pro: No -- Enterprise: No -- Education: No -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No - - **Display/TurnOffGdiDPIScalingForApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2cross markcross mark
    + +

    GDI DPI Scaling enables applications that are not DPI aware to become per monitor DPI aware. @@ -5508,27 +6578,34 @@ SKU Support: 1. Configure the setting for an app which has GDI DPI scaling enabled via MDM or any other supported mechanisms. 2. Run the app and observe blurry text. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Business: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Display/TurnOnGdiDPIScalingForApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2cross markcross mark
    + +

    GDI DPI Scaling enables applications that are not DPI aware to become per monitor DPI aware. @@ -5545,191 +6622,217 @@ SKU Support: 1. Configure the setting for an app which uses GDI. 2. Run the app and observe crisp text. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Business: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **EnterpriseCloudPrint/CloudPrintOAuthAuthority** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2check mark2check mark2
    + + -

    Added in Windows 10, version 1703. Specifies the authentication endpoint for acquiring OAuth tokens. This policy must target ./User, otherwise it fails. +

    Added in Windows 10, version 1703. Specifies the authentication endpoint for acquiring OAuth tokens.

    The datatype is a string.

    The default value is an empty string. Otherwise, the value should contain the URL of an endpoint. For example, "https://azuretenant.contoso.com/adfs". - - - - -SKU Support: -- Home: No -- Pro: Yes -- Business: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **EnterpriseCloudPrint/CloudPrintOAuthClientId** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2check mark2check mark2
    + + -

    Added in Windows 10, version 1703. Specifies the GUID of a client application authorized to retrieve OAuth tokens from the OAuthAuthority. This policy must target ./User, otherwise it fails. +

    Added in Windows 10, version 1703. Specifies the GUID of a client application authorized to retrieve OAuth tokens from the OAuthAuthority.

    The datatype is a string.

    The default value is an empty string. Otherwise, the value should contain a GUID. For example, "E1CF1107-FF90-4228-93BF-26052DD2C714". - - - - -SKU Support: -- Home: No -- Pro: Yes -- Business: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **EnterpriseCloudPrint/CloudPrintResourceId** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2check mark2check mark2
    + + -

    Added in Windows 10, version 1703. Specifies the per-user resource URL for which access is requested by the enterprise cloud print client during OAuth authentication. This policy must target ./User, otherwise it fails. +

    Added in Windows 10, version 1703. Specifies the per-user resource URL for which access is requested by the enterprise cloud print client during OAuth authentication.

    The datatype is a string.

    The default value is an empty string. Otherwise, the value should contain a URL. For example, "http://MicrosoftEnterpriseCloudPrint/CloudPrint". - - - - -SKU Support: -- Home: No -- Pro: Yes -- Business: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **EnterpriseCloudPrint/CloudPrinterDiscoveryEndPoint** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2check mark2check mark2
    + + -

    Added in Windows 10, version 1703. Specifies the per-user end point for discovering cloud printers. This policy must target ./User, otherwise it fails. +

    Added in Windows 10, version 1703. Specifies the per-user end point for discovering cloud printers.

    The datatype is a string.

    The default value is an empty string. Otherwise, the value should contain the URL of an endpoint. For example, "https://cloudprinterdiscovery.contoso.com". - - - - -SKU Support: -- Home: No -- Pro: Yes -- Business: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **EnterpriseCloudPrint/DiscoveryMaxPrinterLimit** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2check mark2check mark2
    + + -

    Added in Windows 10, version 1703. Defines the maximum number of printers that should be queried from a discovery end point. This policy must target ./User, otherwise it fails. +

    Added in Windows 10, version 1703. Defines the maximum number of printers that should be queried from a discovery end point.

    The datatype is an integer.

    For Windows Mobile, the default value is 20. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Business: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **EnterpriseCloudPrint/MopriaDiscoveryResourceId** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2check mark2check mark2
    + + -

    Added in Windows 10, version 1703. Specifies the per-user resource URL for which access is requested by the Mopria discovery client during OAuth authentication. This policy must target ./User, otherwise it fails. +

    Added in Windows 10, version 1703. Specifies the per-user resource URL for which access is requested by the Mopria discovery client during OAuth authentication.

    The datatype is a string.

    The default value is an empty string. Otherwise, the value should contain a URL. For example, "http://MopriaDiscoveryService/CloudPrint". - - - - -SKU Support: -- Home: No -- Pro: Yes -- Business: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **ErrorReporting/CustomizeConsentSettings** @@ -5751,8 +6854,6 @@ If you enable this policy setting, you can add specific event types to a list by If you disable or do not configure this policy setting, then the default consent settings that are applied are those specified by the user in Control Panel, or in the Configure Default Consent policy setting. - - ADMX Info: @@ -5773,8 +6874,6 @@ If you enable this policy setting, Windows Error Reporting does not send any pro If you disable or do not configure this policy setting, the Turn off Windows Error Reporting policy setting in Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication settings takes precedence. If Turn off Windows Error Reporting is also either disabled or not configured, user settings in Control Panel for Windows Error Reporting are applied. - - ADMX Info: @@ -5799,8 +6898,6 @@ If you do not configure this policy setting, users can change this setting in Co See also the Configure Error Reporting policy setting. - - ADMX Info: @@ -5821,8 +6918,6 @@ If you enable this policy setting, any additional data requests from Microsoft i If you disable or do not configure this policy setting, then consent policy settings in Computer Configuration/Administrative Templates/Windows Components/Windows Error Reporting/Consent take precedence. - - ADMX Info: @@ -5843,8 +6938,6 @@ If you enable this policy setting, Windows Error Reporting does not display any If you disable or do not configure this policy setting, Windows Error Reporting displays the user interface for critical errors. - - ADMX Info: @@ -5867,8 +6960,6 @@ If you disable or do not configure this policy setting and a log file reaches it Note: Old events may or may not be retained according to the "Backup log automatically when full" policy setting. - - ADMX Info: @@ -5889,8 +6980,6 @@ If you enable this policy setting, you can configure the maximum log file size t If you disable or do not configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog and it defaults to 20 megabytes. - - ADMX Info: @@ -5911,8 +7000,6 @@ If you enable this policy setting, you can configure the maximum log file size t If you disable or do not configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog and it defaults to 20 megabytes. - - ADMX Info: @@ -5933,8 +7020,6 @@ If you enable this policy setting, you can configure the maximum log file size t If you disable or do not configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog and it defaults to 20 megabytes. - - ADMX Info: @@ -5948,6 +7033,29 @@ ADMX Info: **Experience/AllowCopyPaste** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcross markcross markcross markcheck markcheck mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. @@ -5961,26 +7069,34 @@ ADMX Info:

    Most restricted value is 0. - - - - -SKU Support: -- Home: No -- Pro: No -- Enterprise: No -- Education: No -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Experience/AllowCortana** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Specifies whether Cortana is allowed on the device. If you enable or don’t configure this setting, Cortana is allowed on the device. If you disable this setting, Cortana is turned off. When Cortana is off, users will still be able to use search to find items on the device. @@ -5999,26 +7115,34 @@ SKU Support:

    An enterprise employee customer is going through OOBE and enjoys Cortana’s help in this process. The customer is happy to learn during OOBE that Cortana can help them be more productive, and chooses to set up Cortana before OOBE finishes. When their setup is finished, they are immediately ready to engage with Cortana to help manage their schedule and more. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Experience/AllowDeviceDiscovery** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Allows users to turn on/off device discovery UX. @@ -6031,41 +7155,34 @@ SKU Support:

    Most restricted value is 0. - - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - - - -**Experience/AllowFindMyDevice** - - -

    Added in Windows 10, version 1703. This policy turns on Find My Device feature. - -

    When Find My Device is on, the device and its location are registered in the cloud so that the device can be located when the user initiates a Find command from account.microsoft.com. - -

    When Find My Device is off, the device and its location are not registered and the Find My Device feature will not work. - - - - **Experience/AllowManualMDMUnenrollment** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Specifies whether to allow the user to delete the workplace account using the workplace control panel. @@ -6080,26 +7197,34 @@ SKU Support:

    Most restricted value is 0. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Experience/AllowSIMErrorDialogPromptWhenNoSIM** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcross markcross markcross markcheck markcheck mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. @@ -6112,26 +7237,34 @@ SKU Support: - 0 – SIM card dialog prompt is not displayed. - 1 (default) – SIM card dialog prompt is displayed. - - - - -SKU Support: -- Home: No -- Pro: No -- Enterprise: No -- Education: No -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Experience/AllowScreenCapture** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcross markcross markcross markcheck markcheck mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. @@ -6146,26 +7279,34 @@ SKU Support:

    Most restricted value is 0. - - - - -SKU Support: -- Home: No -- Pro: No -- Enterprise: No -- Education: No -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Experience/AllowSyncMySettings** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Allows or disallows all Windows sync settings on the device. For information about what settings are sync'ed, see [About sync setting on Windows 10 devices](http://windows.microsoft.com/windows-10/about-sync-settings-on-windows-10-devices). @@ -6174,26 +7315,34 @@ SKU Support: - 0 – Sync settings is not allowed. - 1 (default) – Sync settings allowed. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Experience/AllowTailoredExperiencesWithDiagnosticData** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2cross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. @@ -6211,14 +7360,34 @@ SKU Support:

    Most restricted value is 0. - - - **Experience/AllowTaskSwitcher** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcross markcross markcross markcheck markcheck mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. @@ -6231,26 +7400,34 @@ SKU Support: - 0 – Task switching not allowed. - 1 (default) – Task switching allowed. - - - - -SKU Support: -- Home: No -- Pro: No -- Enterprise: No -- Education: No -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Experience/AllowThirdPartySuggestionsInWindowsSpotlight** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark1check mark1check mark1cross markcross mark
    + + > [!NOTE] > This policy is only available for Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education. @@ -6263,26 +7440,34 @@ SKU Support: - 0 – Third-party suggestions not allowed. - 1 (default) – Third-party suggestions allowed. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Experience/AllowVoiceRecording** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcross markcross markcross markcheck markcheck mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. @@ -6297,26 +7482,34 @@ SKU Support:

    Most restricted value is 0. - - - - -SKU Support: -- Home: No -- Pro: No -- Enterprise: No -- Education: No -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Experience/AllowWindowsConsumerFeatures** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. @@ -6338,26 +7531,34 @@ SKU Support:

    Most restricted value is 0. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Experience/AllowWindowsSpotlight** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcross markcheck mark1check mark1cross markcross mark
    + + > [!NOTE] > This policy is only available for Windows 10 Enterprise and Windows 10 Education. @@ -6372,26 +7573,34 @@ SKU Support:

    Most restricted value is 0. - - - - -SKU Support: -- Home: No -- Pro: No -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Experience/AllowWindowsSpotlightOnActionCenter** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcross markcheck mark2check mark2check mark2cross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. @@ -6405,14 +7614,34 @@ SKU Support:

    Most restricted value is 0. - - - **Experience/AllowWindowsSpotlightWindowsWelcomeExperience** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcross markcheck mark2check mark2check mark2cross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. @@ -6427,14 +7656,34 @@ The Windows welcome experience feature introduces onboard users to Windows; for

    Most restricted value is 0. - - - **Experience/AllowWindowsTips** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcross markcross mark
    + + Enables or disables Windows Tips / soft landing. @@ -6443,26 +7692,34 @@ Enables or disables Windows Tips / soft landing. - 0 – Disabled. - 1 (default) – Enabled. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Experience/ConfigureWindowsSpotlightOnLockScreen** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcross markcheck mark1check mark1cross markcross mark
    + + > [!NOTE] > This policy is only available for Windows 10 Enterprise and Windows 10 Education. @@ -6476,26 +7733,34 @@ SKU Support: - 1 (default) – Windows spotlight enabled. - 2 – placeholder only for future extension. Using this value has no effect. - - - - -SKU Support: -- Home: No -- Pro: No -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Experience/DoNotShowFeedbackNotifications** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Prevents devices from showing feedback questions from Microsoft. @@ -6508,22 +7773,7 @@ SKU Support: - 0 (default) – Feedback notifications are not disabled. The actual state of feedback notifications on the device will then depend on what GP has configured or what the user has configured locally. - 1 – Feedback notifications are disabled. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Games/AllowAdvancedGamingServices** @@ -6531,9 +7781,6 @@ SKU Support:

    Placeholder only. Currently not supported. - - - @@ -6546,8 +7793,6 @@ If you enable this policy setting, the user can add and remove search providers, If you disable or do not configure this policy setting, the user can configure their list of search providers unless another policy setting restricts such configuration. - - ADMX Info: @@ -6568,8 +7813,6 @@ If you enable this policy setting, ActiveX Filtering is enabled by default for t If you disable or do not configure this policy setting, ActiveX Filtering is not enabled by default for the user. The user can turn ActiveX Filtering on or off. - - ADMX Info: @@ -6596,8 +7839,6 @@ Value - A number indicating whether Internet Explorer should deny or allow the a If you disable this policy setting, the list is deleted. The 'Deny all add-ons unless specifically allowed in the Add-on List' policy setting will still determine whether add-ons not in this list are assumed to be denied. - - ADMX Info: @@ -6620,8 +7861,6 @@ If you disable this policy setting, Enhanced Protected Mode will be turned off. If you do not configure this policy, users will be able to turn on or turn off Enhanced Protected Mode on the Advanced tab of the Internet Options dialog. - - ADMX Info: @@ -6642,8 +7881,6 @@ If you turn this setting on, users can see and use the Enterprise Mode option fr If you disable or don't configure this policy setting, the menu option won't appear and users won't be able to run websites in Enterprise Mode. - - ADMX Info: @@ -6664,8 +7901,6 @@ If you enable this policy setting, Internet Explorer downloads the website list If you disable or don't configure this policy setting, Internet Explorer opens all websites using Standards mode. - - ADMX Info: @@ -6686,8 +7921,6 @@ If you enable this policy setting, the user can add and remove sites from the li If you disable or do not configure this policy setting, the user can add and remove sites from the list. - - ADMX Info: @@ -6709,8 +7942,6 @@ If you disable this policy setting, Internet Explorer uses an Internet Explorer If you do not configure this policy setting, Internet Explorer uses an Internet Explorer 7 user agent string (with an additional string appended) for local intranet content. Additionally, all local intranet Standards Mode pages appear in Internet Explorer 7 Standards Mode. This option results in the greatest compatibility with existing webpages, but newer content written to common Internet standards may be displayed incorrectly. This option matches the default behavior of Internet Explorer. - - ADMX Info: @@ -6737,8 +7968,6 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. - - ADMX Info: @@ -6765,8 +7994,6 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. - - ADMX Info: @@ -6793,8 +8020,6 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. - - ADMX Info: @@ -6821,8 +8046,6 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. - - ADMX Info: @@ -6849,8 +8072,6 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. - - ADMX Info: @@ -6877,8 +8098,6 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. - - ADMX Info: @@ -6905,8 +8124,6 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. - - ADMX Info: @@ -6927,8 +8144,6 @@ If you enable this policy setting, Internet Explorer goes directly to an intrane If you disable or do not configure this policy setting, Internet Explorer does not go directly to an intranet site for a one-word entry in the Address bar. - - ADMX Info: @@ -6955,8 +8170,6 @@ Value - A number indicating the zone with which this site should be associated f If you disable or do not configure this policy, users may choose their own site-to-zone assignments. - - ADMX Info: @@ -6979,8 +8192,6 @@ If you disable this policy setting, the entry points and functionality associate If you do not configure this policy setting, the user can turn on and turn off the Suggested Sites feature. - - ADMX Info: @@ -7007,8 +8218,6 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. - - ADMX Info: @@ -7035,8 +8244,6 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. - - ADMX Info: @@ -7062,8 +8269,6 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. - - ADMX Info: @@ -7086,8 +8291,6 @@ If you disable, or do not configure this policy setting, Flash is turned on for Note that Adobe Flash can still be disabled through the "Add-on List" and "Deny all add-ons unless specifically allowed in the Add-on List" policy settings, even if this policy setting is disabled, or not configured. However, if Adobe Flash is disabled through the "Add-on List" and "Deny all add-ons unless specifically allowed in the Add-on List" policy settings and not through this policy setting, all applications that use Internet Explorer technology to instantiate Flash object can still do so. For more information, see "Group Policy Settings in Internet Explorer 10" in the Internet Explorer TechNet library. - - ADMX Info: @@ -7108,8 +8311,6 @@ If you enable this policy setting, SmartScreen Filter warnings block the user. If you disable or do not configure this policy setting, the user can bypass SmartScreen Filter warnings. - - ADMX Info: @@ -7130,8 +8331,6 @@ If you enable this policy setting, SmartScreen Filter warnings block the user. If you disable or do not configure this policy setting, the user can bypass SmartScreen Filter warnings. - - ADMX Info: @@ -7154,8 +8353,6 @@ If you disable this policy setting, the user must participate in the CEIP, and t If you do not configure this policy setting, the user can choose to participate in the CEIP. - - ADMX Info: @@ -7176,8 +8373,6 @@ If you enable this policy setting, the user cannot set the Feed Sync Engine to d If you disable or do not configure this policy setting, the user can set the Feed Sync Engine to download an enclosure through the Feed property page. A developer can change the download setting through the Feed APIs. - - ADMX Info: @@ -7200,8 +8395,6 @@ If you disable or do not configure this policy setting, the user can select whic Note: SSL 2.0 is off by default and is no longer supported starting with Windows 10 Version 1607. SSL 2.0 is an outdated security protocol, and enabling SSL 2.0 impairs the performance and functionality of TLS 1.0. - - ADMX Info: @@ -7226,8 +8419,6 @@ Starting with Windows 8, the "Welcome to Internet Explorer" webpage is not avail If you disable or do not configure this policy setting, Internet Explorer may run the First Run wizard the first time the browser is started after installation. - - ADMX Info: @@ -7252,8 +8443,6 @@ If you disable this policy setting, flip ahead with page prediction is turned on If you don't configure this setting, users can turn this behavior on or off, using the Settings charm. - - ADMX Info: @@ -7274,8 +8463,6 @@ If you enable this policy setting, a user cannot set a custom default home page. If you disable or do not configure this policy setting, the Home page box is enabled and users can choose their own home page. - - ADMX Info: @@ -7296,8 +8483,6 @@ If you enable this policy setting, the user will not be able to configure proxy If you disable or do not configure this policy setting, the user can configure proxy settings. - - ADMX Info: @@ -7318,8 +8503,6 @@ If you enable this policy setting, the user cannot change the default search pro If you disable or do not configure this policy setting, the user can change the default search provider. - - ADMX Info: @@ -7342,8 +8525,6 @@ If you disable or do not configure this policy setting, the user can add seconda Note: If the Disable Changing Home Page Settings policy is enabled, the user cannot add secondary home pages. - - ADMX Info: @@ -7366,8 +8547,6 @@ If you disable this policy or do not configure it, Internet Explorer checks ever This policy is intended to help the administrator maintain version control for Internet Explorer by preventing users from being notified about new versions of the browser. - - ADMX Info: @@ -7394,8 +8573,6 @@ Note: The "Disable the Security page" policy (located in \User Configuration\Ad Also, see the "Security zones: Use only machine settings" policy. - - ADMX Info: @@ -7422,8 +8599,6 @@ Note: The "Disable the Security page" policy (located in \User Configuration\Adm Also, see the "Security zones: Use only machine settings" policy. - - ADMX Info: @@ -7446,8 +8621,6 @@ If you disable or don't configure this policy setting, Internet Explorer continu For more information, see "Outdated ActiveX Controls" in the Internet Explorer TechNet library. - - ADMX Info: @@ -7474,8 +8647,6 @@ If you disable or don't configure this policy setting, the list is deleted and I For more information, see "Outdated ActiveX Controls" in the Internet Explorer TechNet library. - - ADMX Info: @@ -7498,8 +8669,6 @@ If you disable this policy setting, local sites which are not explicitly mapped If you do not configure this policy setting, users choose whether to force local sites into the Intranet Zone. - - ADMX Info: @@ -7522,8 +8691,6 @@ If you disable this policy setting, network paths are not necessarily mapped int If you do not configure this policy setting, users choose whether network paths are mapped into the Intranet Zone. - - ADMX Info: @@ -7546,8 +8713,6 @@ If you disable this policy setting, users cannot load a page in the zone that us If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. - - ADMX Info: @@ -7570,8 +8735,6 @@ If you disable this policy setting, ActiveX control installations will be blocke If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. - - ADMX Info: @@ -7592,8 +8755,6 @@ If you enable this setting, users will receive a file download dialog for automa If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt. - - ADMX Info: @@ -7616,8 +8777,6 @@ If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML fonts can be downloaded automatically. - - ADMX Info: @@ -7640,8 +8799,6 @@ If you disable this policy setting, the possibly harmful navigations are prevent If you do not configure this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. - - ADMX Info: @@ -7664,8 +8821,6 @@ If you disable this policy setting, Internet Explorer will not execute unsigned If you do not configure this policy setting, Internet Explorer will execute unsigned managed components. - - ADMX Info: @@ -7688,8 +8843,6 @@ If you disable this policy setting, the user cannot run scriptlets. If you do not configure this policy setting, the user can enable or disable scriptlets. - - ADMX Info: @@ -7714,8 +8867,6 @@ If you do not configure this policy setting, the user can choose whether SmartSc Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. - - ADMX Info: @@ -7738,8 +8889,6 @@ If you disable this policy setting, users cannot preserve information in the bro If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. - - ADMX Info: @@ -7764,8 +8913,6 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. - - ADMX Info: @@ -7788,8 +8935,6 @@ If you disable this policy setting, users cannot open windows and frames to acce If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains. - - ADMX Info: @@ -7812,8 +8957,6 @@ If you disable this policy setting, users cannot load a page in the zone that us If you do not configure this policy setting, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. - - ADMX Info: @@ -7836,8 +8979,6 @@ If you disable this policy setting, ActiveX control installations will be blocke If you do not configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. - - ADMX Info: @@ -7858,8 +8999,6 @@ If you enable this setting, users will receive a file download dialog for automa If you disable or do not configure this setting, users will receive a file download dialog for automatic download attempts. - - ADMX Info: @@ -7882,8 +9021,6 @@ If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML fonts can be downloaded automatically. - - ADMX Info: @@ -7906,8 +9043,6 @@ If you disable this policy setting, the possibly harmful navigations are prevent If you do not configure this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. - - ADMX Info: @@ -7930,8 +9065,6 @@ If you disable this policy setting, Internet Explorer will not execute unsigned If you do not configure this policy setting, Internet Explorer will execute unsigned managed components. - - ADMX Info: @@ -7954,8 +9087,6 @@ If you disable this policy setting, the user cannot run scriptlets. If you do not configure this policy setting, the user can enable or disable scriptlets. - - ADMX Info: @@ -7980,8 +9111,6 @@ If you do not configure this policy setting, the user can choose whether SmartSc Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. - - ADMX Info: @@ -8004,8 +9133,6 @@ If you disable this policy setting, users cannot preserve information in the bro If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. - - ADMX Info: @@ -8030,8 +9157,6 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. - - ADMX Info: @@ -8054,8 +9179,6 @@ If you disable this policy setting, users cannot open windows and frames to acce If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains. - - ADMX Info: @@ -8078,8 +9201,6 @@ If you disable this policy setting, users cannot load a page in the zone that us If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. - - ADMX Info: @@ -8102,8 +9223,6 @@ If you disable this policy setting, ActiveX control installations will be blocke If you do not configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. - - ADMX Info: @@ -8124,8 +9243,6 @@ If you enable this setting, users will receive a file download dialog for automa If you disable or do not configure this setting, users will receive a file download dialog for automatic download attempts. - - ADMX Info: @@ -8148,8 +9265,6 @@ If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML fonts can be downloaded automatically. - - ADMX Info: @@ -8172,8 +9287,6 @@ If you disable this policy setting, the possibly harmful navigations are prevent If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. - - ADMX Info: @@ -8196,8 +9309,6 @@ If you disable this policy setting, Internet Explorer will not execute unsigned If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. - - ADMX Info: @@ -8220,8 +9331,6 @@ If you disable this policy setting, the user cannot run scriptlets. If you do not configure this policy setting, the user can enable or disable scriptlets. - - ADMX Info: @@ -8246,8 +9355,6 @@ If you do not configure this policy setting, the user can choose whether SmartSc Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. - - ADMX Info: @@ -8270,8 +9377,6 @@ If you disable this policy setting, users cannot preserve information in the bro If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. - - ADMX Info: @@ -8296,8 +9401,6 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar If you do not configure this policy setting, users are queried whether to allow the control to be loaded with parameters or scripted. - - ADMX Info: @@ -8320,8 +9423,6 @@ If you disable this policy setting, users cannot open windows and frames to acce If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains. - - ADMX Info: @@ -8344,8 +9445,6 @@ If you disable this policy setting, users cannot load a page in the zone that us If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. - - ADMX Info: @@ -8368,8 +9467,6 @@ If you disable this policy setting, ActiveX control installations will be blocke If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. - - ADMX Info: @@ -8390,8 +9487,6 @@ If you enable this setting, users will receive a file download dialog for automa If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt. - - ADMX Info: @@ -8414,8 +9509,6 @@ If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML fonts can be downloaded automatically. - - ADMX Info: @@ -8438,8 +9531,6 @@ If you disable this policy setting, the possibly harmful navigations are prevent If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. - - ADMX Info: @@ -8462,8 +9553,6 @@ If you disable this policy setting, Internet Explorer will not execute unsigned If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. - - ADMX Info: @@ -8486,8 +9575,6 @@ If you disable this policy setting, the user cannot run scriptlets. If you do not configure this policy setting, the user can enable or disable scriptlets. - - ADMX Info: @@ -8512,8 +9599,6 @@ If you do not configure this policy setting, the user can choose whether SmartSc Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. - - ADMX Info: @@ -8536,8 +9621,6 @@ If you disable this policy setting, users cannot preserve information in the bro If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. - - ADMX Info: @@ -8562,8 +9645,6 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. - - ADMX Info: @@ -8586,8 +9667,6 @@ If you disable this policy setting, users cannot open windows and frames to acce If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains. - - ADMX Info: @@ -8610,8 +9689,6 @@ If you disable this policy setting, users cannot load a page in the zone that us If you do not configure this policy setting, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. - - ADMX Info: @@ -8634,8 +9711,6 @@ If you disable this policy setting, ActiveX control installations will be blocke If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. - - ADMX Info: @@ -8656,8 +9731,6 @@ If you enable this setting, users will receive a file download dialog for automa If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt. - - ADMX Info: @@ -8680,8 +9753,6 @@ If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML fonts can be downloaded automatically. - - ADMX Info: @@ -8704,8 +9775,6 @@ If you disable this policy setting, the possibly harmful navigations are prevent If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. - - ADMX Info: @@ -8728,8 +9797,6 @@ If you disable this policy setting, Internet Explorer will not execute unsigned If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. - - ADMX Info: @@ -8752,8 +9819,6 @@ If you disable this policy setting, the user cannot run scriptlets. If you do not configure this policy setting, the user can enable or disable scriptlets. - - ADMX Info: @@ -8778,8 +9843,6 @@ If you do not configure this policy setting, the user can choose whether SmartSc Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. - - ADMX Info: @@ -8802,8 +9865,6 @@ If you disable this policy setting, users cannot preserve information in the bro If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. - - ADMX Info: @@ -8828,8 +9889,6 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. - - ADMX Info: @@ -8852,8 +9911,6 @@ If you disable this policy setting, users cannot open windows and frames to acce If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains. - - ADMX Info: @@ -8876,8 +9933,6 @@ If you disable this policy setting, users cannot load a page in the zone that us If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. - - ADMX Info: @@ -8900,8 +9955,6 @@ If you disable this policy setting, ActiveX control installations will be blocke If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. - - ADMX Info: @@ -8922,8 +9975,6 @@ If you enable this setting, users will receive a file download dialog for automa If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt. - - ADMX Info: @@ -8946,8 +9997,6 @@ If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML fonts can be downloaded automatically. - - ADMX Info: @@ -8970,8 +10019,6 @@ If you disable this policy setting, the possibly harmful navigations are prevent If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. - - ADMX Info: @@ -8994,8 +10041,6 @@ If you disable this policy setting, Internet Explorer will not execute unsigned If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. - - ADMX Info: @@ -9018,8 +10063,6 @@ If you disable this policy setting, the user cannot run scriptlets. If you do not configure this policy setting, the user can enable or disable scriptlets. - - ADMX Info: @@ -9044,8 +10087,6 @@ If you do not configure this policy setting, the user can choose whether SmartSc Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. - - ADMX Info: @@ -9068,8 +10109,6 @@ If you disable this policy setting, users cannot preserve information in the bro If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. - - ADMX Info: @@ -9094,8 +10133,6 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. - - ADMX Info: @@ -9118,8 +10155,6 @@ If you disable this policy setting, users cannot open windows and frames to acce If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains. - - ADMX Info: @@ -9142,8 +10177,6 @@ If you disable this policy setting, users cannot load a page in the zone that us If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. - - ADMX Info: @@ -9166,8 +10199,6 @@ If you disable this policy setting, ActiveX control installations will be blocke If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. - - ADMX Info: @@ -9188,8 +10219,6 @@ If you enable this setting, users will receive a file download dialog for automa If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt. - - ADMX Info: @@ -9212,8 +10241,6 @@ If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, users are queried whether to allow HTML fonts to download. - - ADMX Info: @@ -9236,8 +10263,6 @@ If you disable this policy setting, the possibly harmful navigations are prevent If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. - - ADMX Info: @@ -9260,8 +10285,6 @@ If you disable this policy setting, Internet Explorer will not execute unsigned If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. - - ADMX Info: @@ -9284,8 +10307,6 @@ If you disable this policy setting, the user cannot run scriptlets. If you do not configure this policy setting, the user can enable or disable scriptlets. - - ADMX Info: @@ -9310,8 +10331,6 @@ If you do not configure this policy setting, the user can choose whether SmartSc Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. - - ADMX Info: @@ -9334,8 +10353,6 @@ If you disable this policy setting, users cannot preserve information in the bro If you do not configure this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. - - ADMX Info: @@ -9360,8 +10377,6 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. - - ADMX Info: @@ -9384,8 +10399,6 @@ If you disable this policy setting, users cannot open other windows and frames f If you do not configure this policy setting, users cannot open other windows and frames from different domains or access applications from different domains. - - ADMX Info: @@ -9408,8 +10421,6 @@ If you disable this policy setting, users cannot load a page in the zone that us If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. - - ADMX Info: @@ -9432,8 +10443,6 @@ If you disable this policy setting, ActiveX control installations will be blocke If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. - - ADMX Info: @@ -9454,8 +10463,6 @@ If you enable this setting, users will receive a file download dialog for automa If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt. - - ADMX Info: @@ -9478,8 +10485,6 @@ If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML fonts can be downloaded automatically. - - ADMX Info: @@ -9502,8 +10507,6 @@ If you disable this policy setting, the possibly harmful navigations are prevent If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. - - ADMX Info: @@ -9526,8 +10529,6 @@ If you disable this policy setting, Internet Explorer will not execute unsigned If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. - - ADMX Info: @@ -9550,8 +10551,6 @@ If you disable this policy setting, the user cannot run scriptlets. If you do not configure this policy setting, the user can enable or disable scriptlets. - - ADMX Info: @@ -9576,8 +10575,6 @@ If you do not configure this policy setting, the user can choose whether SmartSc Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. - - ADMX Info: @@ -9600,8 +10597,6 @@ If you disable this policy setting, users cannot preserve information in the bro If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. - - ADMX Info: @@ -9626,8 +10621,6 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. - - ADMX Info: @@ -9650,8 +10643,6 @@ If you disable this policy setting, users cannot open windows and frames to acce If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains. - - ADMX Info: @@ -9674,8 +10665,6 @@ If you disable this policy setting, users cannot load a page in the zone that us If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. - - ADMX Info: @@ -9698,8 +10687,6 @@ If you disable this policy setting, ActiveX control installations will be blocke If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. - - ADMX Info: @@ -9720,8 +10707,6 @@ If you enable this setting, users will receive a file download dialog for automa If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt. - - ADMX Info: @@ -9744,8 +10729,6 @@ If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, users are queried whether to allow HTML fonts to download. - - ADMX Info: @@ -9768,8 +10751,6 @@ If you disable this policy setting, the possibly harmful navigations are prevent If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. - - ADMX Info: @@ -9792,8 +10773,6 @@ If you disable this policy setting, Internet Explorer will not execute unsigned If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. - - ADMX Info: @@ -9816,8 +10795,6 @@ If you disable this policy setting, the user cannot run scriptlets. If you do not configure this policy setting, the user can enable or disable scriptlets. - - ADMX Info: @@ -9842,8 +10819,6 @@ If you do not configure this policy setting, the user can choose whether SmartSc Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. - - ADMX Info: @@ -9866,8 +10841,6 @@ If you disable this policy setting, users cannot preserve information in the bro If you do not configure this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. - - ADMX Info: @@ -9892,8 +10865,6 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. - - ADMX Info: @@ -9916,8 +10887,6 @@ If you disable this policy setting, users cannot open other windows and frames f If you do not configure this policy setting, users cannot open other windows and frames from different domains or access applications from different domains. - - ADMX Info: @@ -9938,8 +10907,6 @@ If you enable this policy setting, the user cannot configure the list of search If you disable or do not configure this policy setting, the user can configure his or her list of search providers. - - ADMX Info: @@ -9962,8 +10929,6 @@ If you disable this policy setting, users cannot load a page in the zone that us If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. - - ADMX Info: @@ -9986,8 +10951,6 @@ If you disable this policy setting, ActiveX control installations will be blocke If you do not configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. - - ADMX Info: @@ -10008,8 +10971,6 @@ If you enable this setting, users will receive a file download dialog for automa If you disable or do not configure this setting, users will receive a file download dialog for automatic download attempts. - - ADMX Info: @@ -10032,8 +10993,6 @@ If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML fonts can be downloaded automatically. - - ADMX Info: @@ -10056,8 +11015,6 @@ If you disable this policy setting, the possibly harmful navigations are prevent If you do not configure this policy setting, a warning is issued to the user that potentially risky navigation is about to occur. - - ADMX Info: @@ -10080,8 +11037,6 @@ If you disable this policy setting, Internet Explorer will not execute unsigned If you do not configure this policy setting, Internet Explorer will execute unsigned managed components. - - ADMX Info: @@ -10104,8 +11059,6 @@ If you disable this policy setting, the user cannot run scriptlets. If you do not configure this policy setting, the user can enable or disable scriptlets. - - ADMX Info: @@ -10130,8 +11083,6 @@ If you do not configure this policy setting, the user can choose whether SmartSc Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. - - ADMX Info: @@ -10154,8 +11105,6 @@ If you disable this policy setting, users cannot preserve information in the bro If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. - - ADMX Info: @@ -10180,8 +11129,6 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar If you do not configure this policy setting, users are queried whether to allow the control to be loaded with parameters or scripted. - - ADMX Info: @@ -10204,8 +11151,6 @@ If you disable this policy setting, users cannot open windows and frames to acce If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains. - - ADMX Info: @@ -10226,8 +11171,6 @@ If you enable this policy setting, the Kerberos client searches the forests in t If you disable or do not configure this policy setting, the Kerberos client does not search the listed forests to resolve the SPN. If the Kerberos client is unable to resolve the SPN because the name is not found, NTLM authentication might be used. - - ADMX Info: @@ -10246,9 +11189,6 @@ If you enable this policy setting, the client computers will request claims, pro If you disable or do not configure this policy setting, the client devices will not request claims, provide information required to create compounded authentication and armor Kerberos messages. Services hosted on the device will not be able to retrieve claims for clients using Kerberos protocol transition. - - - ADMX Info: @@ -10273,9 +11213,6 @@ Note: The Kerberos Group Policy "Kerberos client support for claims, compound au If you disable or do not configure this policy setting, the client computers in the domain enforce the use of Kerberos armoring when possible as supported by the target domain. - - - ADMX Info: @@ -10296,9 +11233,6 @@ If you enable this policy setting, the Kerberos client requires that the KDC's X If you disable or do not configure this policy setting, the Kerberos client requires only that the KDC certificate contain the Server Authentication purpose object identifier in the EKU extensions which can be issued to any server. - - - ADMX Info: @@ -10323,10 +11257,6 @@ If you disable or do not configure this policy setting, the Kerberos client or s Note: This policy setting configures the existing MaxTokenSize registry value in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters, which was added in Windows XP and Windows Server 2003, with a default value of 12,000 bytes. Beginning with Windows 8 the default is 48,000 bytes. Due to HTTP's base64 encoding of authentication context tokens, it is not advised to set this value more than 48,000 bytes. - - - - ADMX Info: @@ -10340,6 +11270,29 @@ ADMX Info: **Licensing/AllowWindowsEntitlementReactivation** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark1check mark1check mark1cross markcross mark
    + +

    Added in Windows 10, version 1607. Enables or Disable Windows license reactivation on managed devices. @@ -10348,26 +11301,34 @@ ADMX Info: - 0 – Disable Windows license reactivation on managed devices. - 1 (default) – Enable Windows license reactivation on managed devices. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Licensing/DisallowKMSClientOnlineAVSValidation** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark1check mark1check mark1cross markcross mark
    + +

    Added in Windows 10, version 1607. Enabling this setting prevents this computer from sending data to Microsoft regarding its activation state. @@ -10376,26 +11337,34 @@ SKU Support: - 0 (default) – Disabled. - 1 – Enabled. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Location/EnableLocation** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark2check mark2check mark2check mark2check mark2check mark2check mark2
    + +

    Added in Windows 10, version 1703. Optional policy that allows for IT admin to preconfigure whether or not Location Service's Device Switch is enabled or disabled for the device. Setting this policy is not required for Location Services to function. This policy controls a device wide state that affects all users, apps, and services ability to find the device's latitude and longitude on a map. There is a separate user switch that defines whether the location service is allowed to retrieve a position for the current user. In order to retrieve a position for a specific user, both the Device Switch and the User Switch must be enabled. If either is disabled, positions cannot be retrieved for the user. The user can later change both the User Switch and the Device Switch through the user interface on the Settings -> Privacy -> Location page. @@ -10412,26 +11381,34 @@ SKU Support: 1. Verify that Settings -> Privacy -> Location -> Location for this device is On/Off as expected. 2. Use Windows Maps Application (or similar) to see if a location can or cannot be obtained. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Business: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: Yes - - **LockDown/AllowEdgeSwipe** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark1check mark1check mark1cross markcross mark
    + +

    Added in Windows 10, version 1607. Allows the user to invoke any system user interface by swiping in from any screen edge using touch. @@ -10442,26 +11419,34 @@ SKU Support:

    The easiest way to verify the policy is to restart the explorer process or to reboot after the policy is applied. And then try to swipe from the right edge of the screen. The desired result is for Action Center to not be invoked by the swipe. You can also enter tablet mode and attempt to swipe from the top of the screen to rearrange. That will also be disabled. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Maps/AllowOfflineMapsDownloadOverMeteredConnection** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. Allows the download and update of map data over metered connections. @@ -10473,26 +11458,34 @@ SKU Support:

    After the policy is applied, you can verify the settings in the user interface in **System** > **Offline Maps**. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Maps/EnableOfflineMapsAutoUpdate** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. Disables the automatic download and update of map data. @@ -10504,26 +11497,34 @@ SKU Support:

    After the policy is applied, you can verify the settings in the user interface in **System** > **Offline Maps**. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Messaging/AllowMMS** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcross markcross markcross markcross markcheck mark2check mark2
    + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. @@ -10535,14 +11536,34 @@ SKU Support: - 0 - Disabled. - 1 (default) - Enabled. - - - **Messaging/AllowMessageSync** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcross markcross markcross markcheck mark1check mark1
    + +

    Added in Windows 10, version 1607. Enables text message back up and restore and Messaging Everywhere. This policy allows an organization to disable these features to avoid information being stored on servers outside of their control. @@ -10551,26 +11572,34 @@ SKU Support: - 0 - message sync is not allowed and cannot be changed by the user. - 1 - message sync is allowed. The user can change this setting. - - - - -SKU Support: -- Home: No -- Pro: No -- Enterprise: No -- Education: No -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Messaging/AllowRCS** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcross markcross markcross markcross markcheck mark2check mark2
    + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. @@ -10582,37 +11611,65 @@ SKU Support: - 0 - Disabled. - 1 (default) - Enabled. - - - **NetworkIsolation/EnterpriseCloudResources** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Contains a list of Enterprise resource domains hosted in the cloud that need to be protected. Connections to these resources are considered enterprise data. If a proxy is paired with a cloud resource, traffic to the cloud resource will be routed through the enterprise network via the denoted proxy server (on Port 80). A proxy server used for this purpose must also be configured using the **EnterpriseInternalProxyServers** policy. This domain list is a pipe-separated list of cloud resources. Each cloud resource can also be paired optionally with an internal proxy server by using a trailing comma followed by the proxy address. For example, **<*cloudresource*>|<*cloudresource*>|<*cloudresource*>,<*proxy*>|<*cloudresource*>|<*cloudresource*>,<*proxy*>|**. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **NetworkIsolation/EnterpriseIPRange** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Sets the enterprise IP ranges that define the computers in the enterprise network. Data that comes from those computers will be considered part of the enterprise and protected. These locations will be considered a safe destination for enterprise data to be shared to. This is a comma-separated list of IPv4 and IPv6 ranges. For example: @@ -10625,72 +11682,96 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff ``` - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **NetworkIsolation/EnterpriseIPRangesAreAuthoritative** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Boolean value that tells the client to accept the configured list and not to use heuristics to attempt to find other subnets. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **NetworkIsolation/EnterpriseInternalProxyServers** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    This is the comma-separated list of internal proxy servers. For example "157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59". These proxies have been configured by the admin to connect to specific resources on the Internet. They are considered to be enterprise network locations. The proxies are only leveraged in configuring the **EnterpriseCloudResources** policy to force traffic to the matched cloud resources through these proxies. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **NetworkIsolation/EnterpriseNetworkDomainNames** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    This is the list of domains that comprise the boundaries of the enterprise. Data from one of these domains that is sent to a device will be considered enterprise data and protected These locations will be considered a safe destination for enterprise data to be shared to. This is a comma-separated list of domains, for example "contoso.sharepoint.com, Fabrikam.com". @@ -10704,98 +11785,137 @@ SKU Support: 2. Call [IdnToAscii](https://msdn.microsoft.com/library/windows/desktop/dd318149.aspx) with IDN\_USE\_STD3\_ASCII\_RULES as the flags. 3. Call [IdnToUnicode](https://msdn.microsoft.com/library/windows/desktop/dd318151.aspx) with no flags set (dwFlags = 0). - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **NetworkIsolation/EnterpriseProxyServers** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    This is a comma-separated list of proxy servers. Any server on this list is considered non-enterprise. For example "157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59". - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **NetworkIsolation/EnterpriseProxyServersAreAuthoritative** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Boolean value that tells the client to accept the configured list of proxies and not try to detect other work proxies. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **NetworkIsolation/NeutralResources** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    List of domain names that can used for work or personal resource. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Notifications/DisallowNotificationMirroring** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. Boolean value that turns off notification mirroring. +> [!IMPORTANT] +> This node must be accessed using the following paths: +> +> - **./User/Vendor/MSFT/Policy/Config/Notifications/DisallowNotificationMirroring** to set the policy. +> - **./User/Vendor/MSFT/Policy/Result/Notifications/DisallowNotificationMirroring** to get the result. + +

    For each user logged into the device, if you enable this policy (set value to 1) the app and system notifications received by this user on this device will not get mirrored to other devices of the same logged in user. If you disable or do not configure this policy (set value to 0) the notifications received by this user on this device will be mirrored to other devices of the same logged in user. This feature can be turned off by apps that do not want to participate in Notification Mirroring. This feature can also be turned off by the user in the Cortana setting page.

    No reboot or service restart is required for this policy to take effect. @@ -10805,22 +11925,7 @@ SKU Support: - 0 (default)– enable notification mirroring. - 1 – disable notification mirroring. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Power/AllowStandbyWhenSleepingPluggedIn** @@ -10832,8 +11937,6 @@ If you enable or do not configure this policy setting, Windows uses standby stat If you disable this policy setting, standby states (S1-S3) are not allowed. - - ADMX Info: @@ -10854,8 +11957,6 @@ If you enable or do not configure this policy setting, the user is prompted for If you disable this policy setting, the user is not prompted for a password when the system resumes from sleep. - - ADMX Info: @@ -10876,8 +11977,6 @@ If you enable or do not configure this policy setting, the user is prompted for If you disable this policy setting, the user is not prompted for a password when the system resumes from sleep. - - ADMX Info: @@ -10911,8 +12010,6 @@ If you disable this policy setting: -Windows Server 2003 and Windows XP client computers can create a printer connection to any server using Point and Print. -The "Users can only point and print to computers in their forest" setting applies only to Windows Server 2003 and Windows XP SP1 (and later service packs). - - ADMX Info: @@ -10946,8 +12043,6 @@ If you disable this policy setting: -Windows Server 2003 and Windows XP client computers can create a printer connection to any server using Point and Print. -The "Users can only point and print to computers in their forest" setting applies only to Windows Server 2003 and Windows XP SP1 (and later service packs). - - ADMX Info: @@ -10969,8 +12064,6 @@ If you disable this setting, this computer's shared printers cannot be published Note: This settings takes priority over the setting "Automatically publish new printers in the Active Directory". - - ADMX Info: @@ -10984,6 +12077,29 @@ ADMX Info: **Privacy/AllowAutoAcceptPairingAndPrivacyConsentPrompts** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check markcheck mark
    + +

    Allows or disallows the automatic acceptance of the pairing and privacy user consent dialog when launching apps. @@ -10994,26 +12110,34 @@ ADMX Info:

    Most restricted value is 0. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/AllowInputPersonalization** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Updated in the next major update of Windows 10. Allows the usage of cloud based speech services for Cortana, dictation, or Store applications. Setting this policy to 1, lets Microsoft use the user's voice data to improve cloud speech services for all users. @@ -11025,25 +12149,34 @@ SKU Support:

    Most restricted value is 0.   - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/DisableAdvertisingId** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. Enables or disables the Advertising ID. @@ -11055,26 +12188,34 @@ SKU Support:

    Most restricted value is 0. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessAccountInfo** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. Specifies whether Windows apps can access account information. @@ -11086,95 +12227,127 @@ SKU Support:

    Most restricted value is 2. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessAccountInfo_ForceAllowTheseApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to account information. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessAccountInfo_ForceDenyTheseApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to account information. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessAccountInfo_UserInControlOfTheseApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the account information privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessCalendar** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. Specifies whether Windows apps can access the calendar. @@ -11186,95 +12359,127 @@ SKU Support:

    Most restricted value is 2. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessCalendar_ForceAllowTheseApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to the calendar. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessCalendar_ForceDenyTheseApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to the calendar. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessCalendar_UserInControlOfTheseApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the calendar privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessCallHistory** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. Specifies whether Windows apps can access call history. @@ -11286,95 +12491,127 @@ SKU Support:

    Most restricted value is 2. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessCallHistory_ForceAllowTheseApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to call history. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessCallHistory_ForceDenyTheseApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to call history. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessCallHistory_UserInControlOfTheseApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the call history privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessCamera** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. Specifies whether Windows apps can access the camera. @@ -11386,95 +12623,127 @@ SKU Support:

    Most restricted value is 2. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessCamera_ForceAllowTheseApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessCamera_ForceDenyTheseApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessCamera_UserInControlOfTheseApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the camera privacy setting for the listed apps. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessContacts** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. Specifies whether Windows apps can access contacts. @@ -11486,95 +12755,127 @@ SKU Support:

    Most restricted value is 2. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessContacts_ForceAllowTheseApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessContacts_ForceDenyTheseApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessContacts_UserInControlOfTheseApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the contacts privacy setting for the listed apps. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessEmail** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. Specifies whether Windows apps can access email. @@ -11586,95 +12887,127 @@ SKU Support:

    Most restricted value is 2. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessEmail_ForceAllowTheseApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessEmail_ForceDenyTheseApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessEmail_UserInControlOfTheseApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the email privacy setting for the listed apps. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessLocation** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. Specifies whether Windows apps can access location. @@ -11686,95 +13019,127 @@ SKU Support:

    Most restricted value is 2. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessLocation_ForceAllowTheseApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessLocation_ForceDenyTheseApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessLocation_UserInControlOfTheseApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the location privacy setting for the listed apps. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessMessaging** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. Specifies whether Windows apps can read or send messages (text or MMS). @@ -11786,95 +13151,127 @@ SKU Support:

    Most restricted value is 2. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessMessaging_ForceAllowTheseApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessMessaging_ForceDenyTheseApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are not allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessMessaging_UserInControlOfTheseApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the messaging privacy setting for the listed apps. This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessMicrophone** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. Specifies whether Windows apps can access the microphone. @@ -11886,95 +13283,127 @@ SKU Support:

    Most restricted value is 2. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessMicrophone_ForceAllowTheseApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessMicrophone_ForceDenyTheseApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessMicrophone_UserInControlOfTheseApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the microphone privacy setting for the listed apps. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessMotion** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. Specifies whether Windows apps can access motion data. @@ -11986,95 +13415,127 @@ SKU Support:

    Most restricted value is 2. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessMotion_ForceAllowTheseApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessMotion_ForceDenyTheseApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessMotion_UserInControlOfTheseApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the motion privacy setting for the listed apps. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessNotifications** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. Specifies whether Windows apps can access notifications. @@ -12086,95 +13547,127 @@ SKU Support:

    Most restricted value is 2. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessNotifications_ForceAllowTheseApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessNotifications_ForceDenyTheseApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessNotifications_UserInControlOfTheseApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the notifications privacy setting for the listed apps. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessPhone** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. Specifies whether Windows apps can make phone calls. @@ -12186,95 +13679,127 @@ SKU Support:

    Most restricted value is 2. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessPhone_ForceAllowTheseApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessPhone_ForceDenyTheseApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are not allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessPhone_UserInControlOfTheseApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the phone call privacy setting for the listed apps. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessRadios** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. Specifies whether Windows apps have access to control radios. @@ -12286,187 +13811,251 @@ SKU Support:

    Most restricted value is 2. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessRadios_ForceAllowTheseApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessRadios_ForceDenyTheseApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will not have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessRadios_UserInControlOfTheseApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the radios privacy setting for the listed apps. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessTasks** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1703. Specifies whether Windows apps can access tasks. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessTasks_ForceAllowTheseApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessTasks_ForceDenyTheseApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessTasks_UserInControlOfTheseApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the tasks privacy setting for the listed apps. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessTrustedDevices** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. Specifies whether Windows apps can access trusted devices. @@ -12478,95 +14067,127 @@ SKU Support:

    Most restricted value is 2. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessTrustedDevices_ForceAllowTheseApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessTrustedDevices_ForceDenyTheseApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will not have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsAccessTrustedDevices_UserInControlOfTheseApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the 'trusted devices' privacy setting for the listed apps. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsGetDiagnosticInfo** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark2check mark2check mark2check mark2check mark2check mark2
    + +

    Added in Windows 10, version 1703. Force allow, force deny or give user control of apps that can get diagnostic information about other running apps. @@ -12578,95 +14199,127 @@ SKU Support:

    Most restricted value is 2. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark2check mark2check mark2check mark2check mark2check mark2
    + +

    Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will have access to diagnostic information about other running apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified apps. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark2check mark2check mark2check mark2check mark2check mark2
    + +

    Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will not have access to diagnostic information about other running apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified apps. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsGetDiagnosticInfo_UserInControlOfTheseApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark2check mark2check mark2check mark2check mark2check mark2
    + +

    Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the 'get diagnostic info' privacy setting for the listed apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified apps. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsRunInBackground** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark2check mark2check mark2check mark2check mark2check mark2
    + +

    Added in Windows 10, version 1703. Specifies whether Windows apps can run in the background. @@ -12680,95 +14333,127 @@ SKU Support: > [!WARNING] > Be careful when determining which apps should have their background activity disabled. Communication apps normally update tiles and notifications through background processes. Turning off background activity for these types of apps could cause text message, email, and voicemail notifications to not function. This could also cause background email syncing to not function properly. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsRunInBackground_ForceAllowTheseApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark2check mark2check mark2check mark2check mark2check mark2
    + +

    Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are able to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsRunInBackground_ForceDenyTheseApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark2check mark2check mark2check mark2check mark2check mark2
    + +

    Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied the ability to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsRunInBackground_UserInControlOfTheseApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark2check mark2check mark2check mark2check mark2check mark2
    + +

    Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the background apps privacy setting for the listed apps. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsSyncWithDevices** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. Specifies whether Windows apps can sync with devices. @@ -12780,91 +14465,100 @@ SKU Support:

    Most restricted value is 2. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsSyncWithDevices_ForceAllowTheseApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will have access to sync with devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsSyncWithDevices_ForceDenyTheseApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will not have access to sync with devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Privacy/LetAppsSyncWithDevices_UserInControlOfTheseApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the 'sync with devices' privacy setting for the listed apps. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **RemoteAssistance/CustomizeWarningMessages** @@ -12882,8 +14576,6 @@ If you disable this policy setting, the user sees the default warning message. If you do not configure this policy setting, the user sees the default warning message. - - ADMX Info: @@ -12906,8 +14598,6 @@ If you disable this policy setting, log files are not generated. If you do not configure this setting, application-based settings are used. - - ADMX Info: @@ -12938,8 +14628,6 @@ The "Select the method for sending email invitations" setting specifies which em If you enable this policy setting you should also enable appropriate firewall exceptions to allow Remote Assistance communications. - - ADMX Info: @@ -12993,8 +14681,6 @@ Port 135:TCP %WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe Allow Remote Desktop Exception - - ADMX Info: @@ -13020,9 +14706,6 @@ Note: You can limit which clients are able to connect remotely by using Remote D You can limit the number of users who can connect simultaneously by configuring the policy setting at Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections\Limit number of connections, or by configuring the policy setting Maximum Connections by using the Remote Desktop Session Host WMI Provider. - - - ADMX Info: @@ -13053,9 +14736,6 @@ Important FIPS compliance can be configured through the System cryptography. Use FIPS compliant algorithms for encryption, hashing, and signing settings in Group Policy (under Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options.) The FIPS compliant setting encrypts and decrypts data sent from the client to the server and from the server to the client, with the Federal Information Processing Standard (FIPS) 140 encryption algorithms, by using Microsoft cryptographic modules. Use this encryption level when communications between clients and RD Session Host servers requires the highest level of encryption. - - - ADMX Info: @@ -13080,9 +14760,6 @@ If you disable this policy setting, client drive redirection is always allowed. If you do not configure this policy setting, client drive redirection and Clipboard file copy redirection are not specified at the Group Policy level. - - - ADMX Info: @@ -13103,8 +14780,6 @@ If you enable this setting the password saving checkbox in Remote Desktop Connec If you disable this setting or leave it not configured, the user will be able to save passwords using Remote Desktop Connection. - - ADMX Info: @@ -13131,9 +14806,6 @@ If you disable this policy setting, users can always log on to Remote Desktop Se If you do not configure this policy setting, automatic logon is not specified at the Group Policy level. - - - ADMX Info: @@ -13160,8 +14832,6 @@ If the status is set to Not Configured, unsecured communication is allowed. Note: The RPC interface is used for administering and configuring Remote Desktop Services. - - ADMX Info: @@ -13186,8 +14856,6 @@ If you do not configure this policy setting, it remains disabled. RPC clients w Note: This policy will not be applied until the system is rebooted. - - ADMX Info: @@ -13220,8 +14888,6 @@ If you enable this policy setting, it directs the RPC server runtime to restrict Note: This policy setting will not be applied until the system is rebooted. - - ADMX Info: @@ -13235,6 +14901,29 @@ ADMX Info: **Search/AllowIndexingEncryptedStoresOrItems** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Allows or disallows the indexing of items. This switch is for the Windows Search Indexer, which controls whether it will index items that are encrypted, such as the Windows Information Protection (WIP) protected files. @@ -13249,26 +14938,34 @@ ADMX Info:

    Most restricted value is 0. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Search/AllowSearchToUseLocation** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Specifies whether search can leverage location information. @@ -13279,26 +14976,34 @@ SKU Support:

    Most restricted value is 0. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): Yes - - **Search/AllowUsingDiacritics** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Allows the use of diacritics. @@ -13309,26 +15014,34 @@ SKU Support:

    Most restricted value is 0. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Search/AlwaysUseAutoLangDetection** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Specifies whether to always use automatic language detection when indexing content and properties. @@ -13339,26 +15052,34 @@ SKU Support:

    Most restricted value is 0. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Search/DisableBackoff** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    If enabled, the search indexer backoff feature will be disabled. Indexing will continue at full speed even when system activity is high. If disabled, backoff logic will be used to throttle back indexing activity when system activity is high. Default is disabled. @@ -13367,26 +15088,34 @@ SKU Support: - 0 (default) – Disable. - 1 – Enable. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Search/DisableRemovableDriveIndexing** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    This policy setting configures whether or not locations on removable drives can be added to libraries. @@ -13399,26 +15128,34 @@ SKU Support: - 0 (default) – Disable. - 1 – Enable. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Search/PreventIndexingLowDiskSpaceMB** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Enabling this policy prevents indexing from continuing after less than the specified amount of hard drive space is left on the same drive as the index location. Select between 0 and 2147483647 MB. @@ -13431,26 +15168,34 @@ SKU Support: - 0 – Disable. - 1 (default) – Enable. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Search/PreventRemoteQueries** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    If enabled, clients will be unable to query this computer's index remotely. Thus, when they are browsing network shares that are stored on this computer, they will not search them using the index. If disabled, client search requests will use this computer's index.. @@ -13459,26 +15204,34 @@ SKU Support: - 0 – Disable. - 1 (default) – Enable. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Search/SafeSearchPermissions** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcross markcross markcross markcheck markcheck mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. @@ -13493,26 +15246,34 @@ SKU Support:

    Most restricted value is 0. - - - - -SKU Support: -- Home: No -- Pro: No -- Enterprise: No -- Education: No -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Security/AllowAddProvisioningPackage** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Specifies whether to allow the runtime configuration agent to install provisioning packages. @@ -13521,26 +15282,34 @@ SKU Support: - 0 – Not allowed. - 1 (default) – Allowed. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): No - - **Security/AllowAutomaticDeviceEncryptionForAzureADJoinedDevices** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > This policy has been deprecated in Windows 10, version 1607 @@ -13558,26 +15327,34 @@ SKU Support: - 0 – Not allowed. - 1 (default) – Allowed. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Security/AllowManualRootCertificateInstallation** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcross markcross markcross markcheck markcheck mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. @@ -13592,26 +15369,34 @@ SKU Support:

    Most restricted value is 0. - - - - -SKU Support: -- Home: No -- Pro: No -- Enterprise: No -- Education: No -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Security/AllowRemoveProvisioningPackage** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Specifies whether to allow the runtime configuration agent to remove provisioning packages. @@ -13620,26 +15405,34 @@ SKU Support: - 0 – Not allowed. - 1 (default) – Allowed. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): No - - **Security/AntiTheftMode** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcross markcross markcross markcheck markcheck mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. @@ -13652,26 +15445,34 @@ SKU Support: - 0 – Don't allow Anti Theft Mode. - 1 (default) – Anti Theft Mode will follow the default device configuration (region-dependent). - - - - -SKU Support: -- Home: No -- Pro: No -- Enterprise: No -- Education: No -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Security/PreventAutomaticDeviceEncryptionForAzureADJoinedDevices** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark1check mark1check mark1cross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. @@ -13686,26 +15487,34 @@ SKU Support: - 0 (default) – Encryption enabled. - 1 – Encryption disabled. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Security/RequireDeviceEncryption** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcross markcross markcross markcheck markcheck mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile. In Windows 10 for desktop, you can query encryption status by using the [DeviceStatus CSP](devicestatus-csp.md) node **DeviceStatus/Compliance/EncryptionCompliance**. @@ -13722,27 +15531,34 @@ SKU Support: > [!IMPORTANT] > If encryption has been enabled, it cannot be turned off by using this policy. - - - - - -SKU Support: -- Home: No -- Pro: No -- Enterprise: No -- Education: No -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): Yes - - **Security/RequireProvisioningPackageSignature** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Specifies whether provisioning packages must have a certificate signed by a device trusted authority. @@ -13751,26 +15567,34 @@ SKU Support: - 0 (default) – Not required. - 1 – Required. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): No - - **Security/RequireRetrieveHealthCertificateOnBoot** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check markcheck markcheck markcheck markcheck markcheck mark
    + +

    Specifies whether to retrieve and post TCG Boot logs, and get or cache an encrypted or signed Health Attestation Report from the Microsoft Health Attestation Service (HAS) when a device boots or reboots. @@ -13790,26 +15614,34 @@ SKU Support:

    Most restricted value is 1. - - - - -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Settings/AllowAutoPlay** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. @@ -13825,27 +15657,34 @@ SKU Support: > [!NOTE] > Setting this policy to 0 (Not allowed) does not affect the autoplay dialog box that appears when a device is connected. - - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Settings/AllowDataSense** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Allows the user to change Data Sense settings. @@ -13854,26 +15693,34 @@ SKU Support: - 0 – Not allowed. - 1 (default) – Allowed. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Settings/AllowDateTime** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Allows the user to change date and time settings. @@ -13882,26 +15729,34 @@ SKU Support: - 0 – Not allowed. - 1 (default) – Allowed. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Settings/AllowEditDeviceName** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcross markcross markcross markcheck mark1check mark1
    + +

    Allows editing of the device name. @@ -13910,26 +15765,34 @@ SKU Support: - 0 – Not allowed. - 1 (default) – Allowed. - - - - -SKU Support: -- Home: No -- Pro: No -- Enterprise: No -- Education: No -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Settings/AllowLanguage** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. @@ -13942,26 +15805,34 @@ SKU Support: - 0 – Not allowed. - 1 (default) – Allowed. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Settings/AllowPowerSleep** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. @@ -13974,26 +15845,34 @@ SKU Support: - 0 – Not allowed. - 1 (default) – Allowed. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Settings/AllowRegion** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. @@ -14006,26 +15885,34 @@ SKU Support: - 0 – Not allowed. - 1 (default) – Allowed. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Settings/AllowSignInOptions** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. @@ -14038,26 +15925,34 @@ SKU Support: - 0 – Not allowed. - 1 (default) – Allowed. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Settings/AllowVPN** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Allows the user to change VPN settings. @@ -14066,26 +15961,34 @@ SKU Support: - 0 – Not allowed. - 1 (default) – Allowed. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Settings/AllowWorkplace** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. @@ -14098,26 +16001,34 @@ SKU Support: - 0 – Not allowed. - 1 (default) – Allowed. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Settings/AllowYourAccount** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Allows user to change account settings. @@ -14126,26 +16037,34 @@ SKU Support: - 0 – Not allowed. - 1 (default) – Allowed. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Settings/ConfigureTaskbarCalendar** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2cross markcross mark
    + +

    Added in Windows 10, version 1703. Allows IT Admins to configure the default setting for showing additional calendars (besides the default calendar for the locale) in the taskbar clock and calendar flyout. In this version of Windows 10, supported additional calendars are: Simplified or Traditional Chinese lunar calendar. Turning on one of these calendars will display Chinese lunar dates below the default calendar for the locale. Select "Don't show additional calendars" to prevent showing other calendars besides the default calendar for the locale. @@ -14156,27 +16075,34 @@ SKU Support: - 2 - Simplified Chinese (Lunar). - 3 - Traditional Chinese (Lunar). - - - - -SKU Support: -- Home: No -- Pro: Yes -- Business: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Settings/PageVisibilityList** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2check mark2check mark2
    + +

    Added in Windows 10, version 1703. Allows IT Admins to either prevent specific pages in the System Settings app from being visible or accessible, or to do so for all pages except those specified. The mode will be specified by the policy string beginning with either the string "showonly:" or "hide:".  Pages are identified by a shortened version of their already published URIs, which is the URI minus the "ms-settings:" prefix. For example, if the URI for a settings page is "ms-settings:foo", the page identifier used in the policy will be just "foo". Multiple page identifiers are separated by semicolons. @@ -14210,27 +16136,34 @@ SKU Support: 2. Configure the policy with the following string: "hide:about". 3. Open System Settings again and verify that the About page is no longer accessible. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Business: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **SmartScreen/EnableAppInstallControl** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2cross markcross mark
    + +

    Added in Windows 10, version 1703. Allows IT Admins to control whether users are allowed to install apps from places other than the Store. @@ -14239,27 +16172,34 @@ SKU Support: - 0 – Turns off Application Installation Control, allowing users to download and install files from anywhere on the web. - 1 – Turns on Application Installation Control, allowing users to only install apps from the Store. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Business: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **SmartScreen/EnableSmartScreenInShell** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2cross markcross mark
    + +

    Added in Windows 10, version 1703. Allows IT Admins to configure SmartScreen for Windows. @@ -14268,27 +16208,34 @@ SKU Support: - 0 – Turns off SmartScreen in Windows. - 1 – Turns on SmartScreen in Windows. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Business: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **SmartScreen/PreventOverrideForFilesInShell** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2cross markcross mark
    + +

    Added in Windows 10, version 1703. Allows IT Admins to control whether users can can ignore SmartScreen warnings and run malicious files. @@ -14297,27 +16244,34 @@ SKU Support: - 0 – Employees can ignore SmartScreen warnings and run malicious files. - 1 – Employees cannot ignore SmartScreen warnings and run malicious files. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Business: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Speech/AllowSpeechModelUpdate** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    check mark1check mark1check mark1check mark1check mark1check mark1
    + +

    Added in Windows 10, version 1607. Specifies whether the device will receive updates to the speech recognition and speech synthesis models. A speech model contains data used by the speech engine to convert audio to text (or vice-versa). The models are periodically updated to improve accuracy and performance. Models are non-executable data files. If enabled, the device will periodically check for updated speech models and then download them from a Microsoft service using the Background Internet Transfer Service (BITS). @@ -14326,26 +16280,404 @@ SKU Support: - 0 – Not allowed. - 1 (default) – Allowed. - - - + + +**Start/AllowPinnedFolderDocuments** + -SKU Support: -- Home: Yes -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2cross markcross mark
    + +

    Added in Windows 10, version 1703. This policy controls the visibility of the Documents shortcut on the Start menu. + +

    The following list shows the supported values: + +- 0 – The shortcut is hidden and disables the setting in the Settings app. +- 1 – The shortcut is visible and disables the setting in the Settings app. +- 65535 (default) - There is no enforced configuration and the setting can be changed by the user. + + + + +**Start/AllowPinnedFolderDownloads** + + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2cross markcross mark
    + + + +

    Added in Windows 10, version 1703. This policy controls the visibility of the Downloads shortcut on the Start menu. + +

    The following list shows the supported values: + +- 0 – The shortcut is hidden and disables the setting in the Settings app. +- 1 – The shortcut is visible and disables the setting in the Settings app. +- 65535 (default) - There is no enforced configuration and the setting can be changed by the user. + + + + +**Start/AllowPinnedFolderFileExplorer** + + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2cross markcross mark
    + + + +

    Added in Windows 10, version 1703. This policy controls the visibility of the File Explorer shortcut on the Start menu. + +

    The following list shows the supported values: + +- 0 – The shortcut is hidden and disables the setting in the Settings app. +- 1 – The shortcut is visible and disables the setting in the Settings app. +- 65535 (default) - There is no enforced configuration and the setting can be changed by the user. + + + + +**Start/AllowPinnedFolderHomeGroup** + + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2cross markcross mark
    + + + +

    Added in Windows 10, version 1703. This policy controls the visibility of the HomeGroup shortcut on the Start menu. + +

    The following list shows the supported values: + +- 0 – The shortcut is hidden and disables the setting in the Settings app. +- 1 – The shortcut is visible and disables the setting in the Settings app. +- 65535 (default) - There is no enforced configuration and the setting can be changed by the user. + + + + +**Start/AllowPinnedFolderMusic** + + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2cross markcross mark
    + + + +

    Added in Windows 10, version 1703. This policy controls the visibility of the Music shortcut on the Start menu. + +

    The following list shows the supported values: + +- 0 – The shortcut is hidden and disables the setting in the Settings app. +- 1 – The shortcut is visible and disables the setting in the Settings app. +- 65535 (default) - There is no enforced configuration and the setting can be changed by the user. + + + + +**Start/AllowPinnedFolderNetwork** + + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2cross markcross mark
    + + + +

    Added in Windows 10, version 1703. This policy controls the visibility of the Network shortcut on the Start menu. + +

    The following list shows the supported values: + +- 0 – The shortcut is hidden and disables the setting in the Settings app. +- 1 – The shortcut is visible and disables the setting in the Settings app. +- 65535 (default) - There is no enforced configuration and the setting can be changed by the user. + + + + +**Start/AllowPinnedFolderPersonalFolder** + + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2cross markcross mark
    + + + +

    Added in Windows 10, version 1703. This policy controls the visibility of the PersonalFolder shortcut on the Start menu. + +

    The following list shows the supported values: + +- 0 – The shortcut is hidden and disables the setting in the Settings app. +- 1 – The shortcut is visible and disables the setting in the Settings app. +- 65535 (default) - There is no enforced configuration and the setting can be changed by the user. + + + + +**Start/AllowPinnedFolderPictures** + + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2cross markcross mark
    + + + +

    Added in Windows 10, version 1703. This policy controls the visibility of the Pictures shortcut on the Start menu. + +

    The following list shows the supported values: + +- 0 – The shortcut is hidden and disables the setting in the Settings app. +- 1 – The shortcut is visible and disables the setting in the Settings app. +- 65535 (default) - There is no enforced configuration and the setting can be changed by the user. + + + + +**Start/AllowPinnedFolderSettings** + + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2cross markcross mark
    + + + +

    Added in Windows 10, version 1703. This policy controls the visibility of the Settings shortcut on the Start menu. + +

    The following list shows the supported values: + +- 0 – The shortcut is hidden and disables the setting in the Settings app. +- 1 – The shortcut is visible and disables the setting in the Settings app. +- 65535 (default) - There is no enforced configuration and the setting can be changed by the user. + + + + +**Start/AllowPinnedFolderVideos** + + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2cross markcross mark
    + + + +

    Added in Windows 10, version 1703. This policy controls the visibility of the Videos shortcut on the Start menu. + +

    The following list shows the supported values: + +- 0 – The shortcut is hidden and disables the setting in the Settings app. +- 1 – The shortcut is visible and disables the setting in the Settings app. +- 65535 (default) - There is no enforced configuration and the setting can be changed by the user. + + **Start/ForceStartSize** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcross markcheck markcheck markcross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. @@ -14361,26 +16693,34 @@ SKU Support:

    If there is policy configuration conflict, the latest configuration request is applied to the device. - - - - -SKU Support: -- Home: No -- Pro: No -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Start/HideAppList** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2cross markcross mark
    + + > [!NOTE] > This policy requires reboot to take effect. @@ -14401,14 +16741,34 @@ SKU Support: - 2b - If set to '2': Verify that the all apps list is collapsed, and that the Settings toggle is grayed out. - 2c - If set to '3': Verify that there is no way of opening the all apps list from Start, and that the Settings toggle is grayed out. - - - **Start/HideChangeAccountSettings** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2cross markcross mark
    + +

    Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Change account settings" from appearing in the user tile. @@ -14422,14 +16782,34 @@ SKU Support: 1. Enable policy. 2. Open Start, click on the user tile, and verify that "Change account settings" is not available. - - - **Start/HideFrequentlyUsedApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2cross markcross mark
    + + > [!NOTE] > This policy requires reboot to take effect. @@ -14450,14 +16830,34 @@ SKU Support: 5. Check that "Show most used apps" Settings toggle is grayed out. 6. Check that most used apps do not appear in Start. - - - **Start/HideHibernate** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2cross markcross mark
    + +

    Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Hibernate" from appearing in the Power button. @@ -14474,14 +16874,34 @@ SKU Support: > [!NOTE] > This policy can only be verified on laptops as "Hibernate" does not appear on regular PC's. - - - **Start/HideLock** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2cross markcross mark
    + +

    Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Lock" from appearing in the user tile. @@ -14495,14 +16915,34 @@ SKU Support: 1. Enable policy. 2. Open Start, click on the user tile, and verify "Lock" is not available. - - - **Start/HidePowerButton** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2cross markcross mark
    + + > [!NOTE] > This policy requires reboot to take effect. @@ -14519,14 +16959,34 @@ SKU Support: 1. Enable policy. 2. Open Start, and verify the power button is not available. - - - **Start/HideRecentJumplists** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2cross markcross mark
    + + > [!NOTE] > This policy requires reboot to take effect. @@ -14550,14 +17010,34 @@ SKU Support: 8. Repeat Step 2. 9. Right Click pinned photos app and verify that there is no jumplist of recent items. - - - **Start/HideRecentlyAddedApps** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2cross markcross mark
    + + > [!NOTE] > This policy requires reboot to take effect. @@ -14578,14 +17058,34 @@ SKU Support: 5. Check that "Show recently added apps" Settings toggle is grayed out. 6. Check that recently added apps do not appear in Start. - - - **Start/HideRestart** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2cross markcross mark
    + +

    Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Restart" and "Update and restart" from appearing in the Power button. @@ -14599,14 +17099,34 @@ SKU Support: 1. Enable policy. 2. Open Start, click on the Power button, and verify "Restart" and "Update and restart" are not available. - - - **Start/HideShutDown** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2cross markcross mark
    + +

    Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Shut down" and "Update and shut down" from appearing in the Power button. @@ -14620,14 +17140,34 @@ SKU Support: 1. Enable policy. 2. Open Start, click on the Power button, and verify "Shut down" and "Update and shut down" are not available. - - - **Start/HideSignOut** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2cross markcross mark
    + +

    Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Sign out" from appearing in the user tile. @@ -14641,14 +17181,34 @@ SKU Support: 1. Enable policy. 2. Open Start, click on the user tile, and verify "Sign out" is not available. - - - **Start/HideSleep** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2cross markcross mark
    + +

    Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Sleep" from appearing in the Power button. @@ -14662,14 +17222,34 @@ SKU Support: 1. Enable policy. 2. Open Start, click on the Power button, and verify that "Sleep" is not available. - - - **Start/HideSwitchAccount** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2cross markcross mark
    + +

    Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Switch account" from appearing in the user tile. @@ -14683,14 +17263,34 @@ SKU Support: 1. Enable policy. 2. Open Start, click on the user tile, and verify that "Switch account" is not available. - - - **Start/HideUserTile** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2cross markcross mark
    + + > [!NOTE] > This policy requires reboot to take effect. @@ -14708,14 +17308,34 @@ SKU Support: 2. Log off. 3. Log in, and verify that the user tile is gone from Start. - - - **Start/ImportEdgeAssets** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2cross markcross mark
    + + > [!NOTE] > This policy requires reboot to take effect. @@ -14734,14 +17354,34 @@ SKU Support: 3. Sign out/in. 4. Verify that all Edge assets defined in XML show up in %LOCALAPPDATA%\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState path. - - - **Start/NoPinningToTaskbar** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2cross markcross mark
    + +

    Added in Windows 10, version 1703. Allows IT Admins to configure the taskbar by disabling pinning and unpinning apps on the taskbar. @@ -14758,14 +17398,34 @@ SKU Support: 4. Open Start and right click on one of the app list icons. 5. Verify that More->Pin to taskbar menu does not show. - - - **Start/StartLayout** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcross markcheck markcheck markcross markcross mark
    + + > [!IMPORTANT] > This node is set on a per-user basis and must be accessed using the following paths: @@ -14782,22 +17442,7 @@ SKU Support:

    This policy is described in [Start/StartLayout Examples](#startlayout-examples) later in this topic. - - - - -SKU Support: -- Home: No -- Pro: No -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Storage/EnhancedStorageDevices** @@ -14809,8 +17454,6 @@ If you enable this policy setting, Windows will not activate unactivated Enhance If you disable or do not configure this policy setting, Windows will activate unactivated Enhanced Storage devices. - - ADMX Info: @@ -14824,6 +17467,29 @@ ADMX Info: **System/AllowBuildPreview** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + + > [!NOTE] > This policy setting applies only to devices running Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education, Windows 10 Mobile, and Windows 10 Mobile Enterprise. @@ -14839,26 +17505,34 @@ ADMX Info: - 1 – Allowed. Users can make their devices available for downloading and installing preview software. - 2 (default) – Not configured. Users can make their devices available for downloading and installing preview software. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **System/AllowEmbeddedMode** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Specifies whether set general purpose device to be in embedded mode. @@ -14869,25 +17543,34 @@ SKU Support:

    Most restricted value is 0. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: Yes - - **System/AllowExperimentation** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + + > [!NOTE] > This policy is not supported in Windows 10, version 1607. @@ -14902,26 +17585,34 @@ SKU Support:

    Most restricted value is 0. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **System/AllowFontProviders** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2check mark2check mark2
    + +

    Added in Windows 10, version 1703. Boolean policy setting that determines whether Windows is allowed to download fonts and font catalog data from an online font provider. If you enable this setting, Windows periodically queries an online font provider to determine whether a new font catalog is available. Windows may also download font data if needed to format or render text. If you disable this policy setting, Windows does not connect to an online font provider and only enumerates locally-installed fonts. @@ -14941,26 +17632,34 @@ SKU Support: - After a client machine is rebooted, check whether there is any network traffic from client machine to fs.microsoft.com. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Business: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: Yes - - **System/AllowLocation** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Specifies whether to allow app access to the Location service. @@ -14978,26 +17677,34 @@ SKU Support:

    For example, an app's original Location setting is Off. The administrator then sets the **AllowLocation** policy to 2 (Force Location On.) The Location service starts working for that app, overriding the original setting. Later, if the administrator switches the **AllowLocation** policy back to 1 (User Control), the app will revert to using its original setting of Off. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **System/AllowStorageCard** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Controls whether the user is allowed to use the storage card for device storage. This setting prevents programmatic access to the storage card. @@ -15008,26 +17715,34 @@ SKU Support:

    Most restricted value is 0. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): Yes - - **System/AllowTelemetry** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Allow the device to send diagnostic and usage telemetry data, such as Watson. @@ -15093,26 +17808,34 @@ SKU Support:

    Most restricted value is 0. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **System/AllowUserToResetPhone** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Specifies whether to allow the user to factory reset the phone by using control panel and hardware key combination. @@ -15123,22 +17846,7 @@ SKU Support:

    Most restricted value is 0. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **System/BootStartDriverInitialization** @@ -15146,8 +17854,6 @@ SKU Support: N/A - - ADMX Info: @@ -15161,6 +17867,29 @@ ADMX Info: **System/DisableOneDriveFileSync** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2cross markcross mark
    + +

    Added in Windows 10, version 1703. Allows IT Admins to prevent apps and features from working with files on OneDrive. If you enable this policy setting: @@ -15183,23 +17912,7 @@ ADMX Info: 2. Restart machine. 3. Verify that OneDrive.exe is not running in Task Manager. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Business: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **System/DisableSystemRestore** @@ -15217,8 +17930,6 @@ If you disable or do not configure this policy setting, users can perform System Also, see the "Turn off System Restore configuration" policy setting. If the "Turn off System Restore" policy setting is disabled or not configured, the "Turn off System Restore configuration" policy setting is used to determine whether the option to configure System Restore is available. - - ADMX Info: @@ -15232,31 +17943,62 @@ ADMX Info: **System/TelemetryProxy** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Allows you to specify the fully qualified domain name (FQDN) or IP address of a proxy server to forward Connected User Experiences and Telemetry requests. The format for this setting is *<server>:<port>*. The connection is made over a Secure Sockets Layer (SSL) connection. If the named proxy fails, or if there is no proxy specified when this policy is enabled, the Connected User Experiences and Telemetry data will not be transmitted and will remain on the local device.

    If you disable or do not configure this policy setting, Connected User Experiences and Telemetry will go to Microsoft using the default proxy configuration. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): Yes - - **TextInput/AllowIMELogging** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > The policy is only enforced in Windows 10 for desktop. @@ -15271,26 +18013,34 @@ SKU Support:

    Most restricted value is 0. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **TextInput/AllowIMENetworkAccess** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > The policy is only enforced in Windows 10 for desktop. @@ -15305,26 +18055,34 @@ SKU Support:

    Most restricted value is 0. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **TextInput/AllowInputPanel** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > The policy is only enforced in Windows 10 for desktop. @@ -15339,26 +18097,34 @@ SKU Support:

    Most restricted value is 0. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **TextInput/AllowJapaneseIMESurrogatePairCharacters** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > The policy is only enforced in Windows 10 for desktop. @@ -15373,26 +18139,34 @@ SKU Support:

    Most restricted value is 0. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **TextInput/AllowJapaneseIVSCharacters** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > The policy is only enforced in Windows 10 for desktop. @@ -15407,26 +18181,34 @@ SKU Support:

    Most restricted value is 0. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **TextInput/AllowJapaneseNonPublishingStandardGlyph** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > The policy is only enforced in Windows 10 for desktop. @@ -15441,26 +18223,34 @@ SKU Support:

    Most restricted value is 0. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **TextInput/AllowJapaneseUserDictionary** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > The policy is only enforced in Windows 10 for desktop. @@ -15475,26 +18265,34 @@ SKU Support:

    Most restricted value is 0. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **TextInput/AllowKeyboardTextSuggestions** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2cross markcross mark
    + + > [!NOTE] > The policy is only enforced in Windows 10 for desktop. @@ -15514,23 +18312,7 @@ SKU Support: 2. Launch the input panel/touch keyboard by touching a text input field or launching it from the taskbar. Verify that text prediction is disabled by typing some text. Text prediction on the keyboard will be disabled even if the “Show text suggestions as I type” setting is enabled in the Settings app. 3. Launch the handwriting tool from the touch keyboard. Verify that text prediction is disabled when you write using the tool. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Business: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **TextInput/AllowKoreanExtendedHanja** @@ -15538,14 +18320,34 @@ SKU Support:

    This policy has been deprecated. - - - **TextInput/AllowLanguageFeaturesUninstall** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > The policy is only enforced in Windows 10 for desktop. @@ -15560,26 +18362,34 @@ SKU Support:

    Most restricted value is 0. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **TextInput/ExcludeJapaneseIMEExceptJIS0208** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > The policy is only enforced in Windows 10 for desktop. @@ -15592,26 +18402,34 @@ SKU Support: - 0 (default) – No characters are filtered. - 1 – All characters except JIS0208 are filtered. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **TextInput/ExcludeJapaneseIMEExceptJIS0208andEUDC** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > The policy is only enforced in Windows 10 for desktop. @@ -15624,26 +18442,34 @@ SKU Support: - 0 (default) – No characters are filtered. - 1 – All characters except JIS0208 and EUDC are filtered. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **TextInput/ExcludeJapaneseIMEExceptShiftJIS** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > The policy is only enforced in Windows 10 for desktop. @@ -15656,26 +18482,34 @@ SKU Support: - 0 (default) – No characters are filtered. - 1 – All characters except ShiftJIS are filtered. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **TimeLanguageSettings/AllowSet24HourClock** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcross markcross markcross markcross markcheck mark2check mark2
    + +

    Allows for the configuration of the default clock setting to be the 24 hour format. Selecting 'Set 24 hour Clock' enables this setting. Selecting 'Locale default setting' uses the default clock as prescribed by the current locale setting. @@ -15684,14 +18518,34 @@ SKU Support: - 0 – Locale default setting. - 1 (default) – Set 24 hour clock. - - - **Update/ActiveHoursEnd** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark1check mark1check mark1cross markcheck mark1
    + + > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -15706,26 +18560,34 @@ SKU Support:

    The default is 17 (5 PM). - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Update/ActiveHoursMaxRange** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2cross markcheck mark2
    + + > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -15737,14 +18599,34 @@ SKU Support:

    The default value is 18 (hours). - - - **Update/ActiveHoursStart** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark1check mark1check mark1cross markcheck mark1
    + + > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -15759,26 +18641,69 @@ SKU Support:

    The default value is 8 (8 AM). - - - + + +**Update/AutoRestartDeadlinePeriodInDays** + -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2cross markcheck mark2
    + +

    Added in Windows 10, version 1703. This policy defines the deadline in days after which a reboot for updates will become mandatory. + +

    Supported values are 2-30 days. + +

    The default value is 7 days. + + **Update/AllowAutoUpdate** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcross markcheck mark
    + + > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -15803,26 +18728,34 @@ SKU Support:

    If the policy is not configured, end-users get the default behavior (Auto install and restart). - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Update/AllowMUUpdateService** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark1check mark1check mark1cross markcross mark
    + + > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education @@ -15835,26 +18768,34 @@ SKU Support: - 0 – Not allowed or not configured. - 1 – Allowed. Accepts updates received through Microsoft Update. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Update/AllowNonMicrosoftSignedUpdate** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcross markcheck mark
    + + > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -15871,26 +18812,34 @@ SKU Support:

    This policy is specific to desktop and local publishing via WSUS for 3rd party updates (binaries and updates not hosted on Microsoft Update) and allows IT to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found on an intranet Microsoft update service location. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: Yes -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): No - - **Update/AllowUpdateService** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcross markcheck mark
    + + > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -15910,27 +18859,34 @@ SKU Support: > [!NOTE] > This policy applies only when the desktop or device is configured to connect to an intranet update service using the "Specify intranet Microsoft update service location" policy. - - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: Yes -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): No - - **Update/AutoRestartNotificationSchedule** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2cross markcheck mark2
    + + > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -15942,14 +18898,34 @@ SKU Support:

    The default value is 15 (minutes). - - - **Update/AutoRestartRequiredNotificationDismissal** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2cross markcheck mark2
    + + > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -15962,14 +18938,34 @@ SKU Support: - 1 (default) – Auto Dismissal. - 2 – User Dismissal. - - - **Update/BranchReadinessLevel** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark1check mark1check mark1cross markcheck mark1
    + + > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -15982,26 +18978,34 @@ SKU Support: - 16 (default) – User gets all applicable upgrades from Current Branch (CB). - 32 – User gets upgrades from Current Branch for Business (CBB). - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: Yes -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): No - - **Update/DeferFeatureUpdatesPeriodInDays** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark1check mark1check mark1cross markcross mark
    + + > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education. @@ -16014,26 +19018,34 @@ SKU Support: > [!IMPORTANT] > The default maximum number of days to defer an update has been increased from 180 (Windows 10, version 1607) to 365 in Windows 10, version 1703. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): No - - **Update/DeferQualityUpdatesPeriodInDays** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark1check mark1check mark1cross markcheck mark1
    + + > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -16043,26 +19055,34 @@ SKU Support:

    Supported values are 0-30. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: Yes -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): No - - **Update/DeferUpdatePeriod** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcross markcheck mark
    + + > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -16134,27 +19154,34 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego - - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Update/DeferUpgradePeriod** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcross markcross mark
    + + > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education. @@ -16172,50 +19199,65 @@ SKU Support:

    If the "Allow Telemetry" policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Update/DetectionFrequency** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2cross markcheck mark2
    + +

    Added in Windows 10, version 1703. Specifies the scan frequency from every 1 - 22 hours. Default is 22 hours. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Business: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Update/EngagedRestartDeadline** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2cross markcheck mark2
    + + > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -16227,14 +19269,34 @@ SKU Support:

    The default value is 0 days (not specified). - - - **Update/EngagedRestartSnoozeSchedule** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2cross markcheck mark2
    + + > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -16246,14 +19308,34 @@ SKU Support:

    The default value is 3 days. - - - **Update/EngagedRestartTransitionSchedule** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2cross markcheck mark2
    + + > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -16265,14 +19347,34 @@ SKU Support:

    The default value is 7 days. - - - **Update/ExcludeWUDriversInQualityUpdate** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark1check mark1check mark1cross markcross mark
    + + > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education. @@ -16285,27 +19387,34 @@ SKU Support: - 0 (default) – Allow Windows Update drivers. - 1 – Exclude Windows Update drivers. - - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): No - - **Update/FillEmptyContentUrls** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2cross markcheck mark2check mark2cross markcross mark
    + +

    Added in the April service release of Windows 10, version 1607. Allows Windows Update Agent to determine the download URL when it is missing from the metadata. This scenario will occur when intranet update service stores the metadata files but the download contents are stored in the ISV file cache (specified as the alternate download URL). @@ -16317,27 +19426,34 @@ SKU Support: - 0 (default) – Disabled. - 1 – Enabled. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Business: No -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Update/IgnoreMOAppDownloadLimit** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2cross markcheck mark2
    + +

    Added in Windows 10, version 1703. Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for apps and their updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies. @@ -16359,28 +19475,34 @@ SKU Support: 3. Verify that any downloads that are above the download size limit will complete without being paused. - - - - - -SKU Support: -- Home: No -- Pro: Yes -- Business: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Update/IgnoreMOUpdateDownloadLimit** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2cross markcheck mark2
    + +

    Added in Windows 10, version 1703. Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for OS updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies. @@ -16400,28 +19522,34 @@ SKU Support: 3. Verify that any downloads that are above the download size limit will complete without being paused. - - - - - -SKU Support: -- Home: No -- Pro: Yes -- Business: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Update/PauseDeferrals** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcross markcheck mark
    + + > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -16440,26 +19568,34 @@ SKU Support:

    If the "Allow Telemetry" policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: Yes -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): No - - **Update/PauseFeatureUpdates** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark1check mark1check mark1cross markcross mark
    + + > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education. @@ -16473,51 +19609,67 @@ SKU Support: - 0 (default) – Feature Updates are not paused. - 1 – Feature Updates are paused for 60 days or until value set to back to 0, whichever is sooner. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): No - - **Update/PauseFeatureUpdatesStartTime** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2cross markcheck mark2
    + +

    Added in Windows 10, version 1703. Specifies the date and time when the IT admin wants to start pausing the Feature Updates.

    Value type is string. Supported operations are Add, Get, Delete, and Replace. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: Yes -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): No - - **Update/PauseQualityUpdates** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark1check mark1check mark1cross markcheck mark1
    + + > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -16529,51 +19681,67 @@ SKU Support: - 0 (default) – Quality Updates are not paused. - 1 – Quality Updates are paused for 35 days or until value set back to 0, whichever is sooner. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: Yes -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): No - - **Update/PauseQualityUpdatesStartTime** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2cross markcheck mark2
    + +

    Added in Windows 10, version 1703. Specifies the date and time when the IT admin wants to start pausing the Quality Updates.

    Value type is string. Supported operations are Add, Get, Delete, and Replace. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: Yes -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): No - - **Update/RequireDeferUpgrade** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcross markcheck mark
    + + > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -16588,26 +19756,34 @@ SKU Support: - 0 (default) – User gets upgrades from Current Branch. - 1 – User gets upgrades from Current Branch for Business. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: Yes -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): No - - **Update/RequireUpdateApproval** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcross markcheck mark
    + + > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -16627,26 +19803,34 @@ SKU Support: - 0 – Not configured. The device installs all applicable updates. - 1 – The device only installs updates that are both applicable and on the Approved Updates list. Set this policy to 1 if IT wants to control the deployment of updates on devices, such as when testing is required prior to deployment. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: Yes -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): No - - **Update/ScheduleImminentRestartWarning** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2cross markcheck mark2
    + + > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -16658,14 +19842,34 @@ SKU Support:

    The default value is 15 (minutes). - - - **Update/ScheduleRestartWarning** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2cross markcheck mark2
    + + > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -16677,14 +19881,34 @@ SKU Support:

    The default value is 4 (hours). - - - **Update/ScheduledInstallDay** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcross markcheck mark
    + + > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -16707,26 +19931,34 @@ SKU Support: - 6 – Friday - 7 – Saturday - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: Yes -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): No - - **Update/ScheduledInstallTime** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcross markcheck mark
    + + > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -16742,26 +19974,34 @@ SKU Support:

    The default value is 3. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: Yes -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): No - - **Update/SetAutoRestartNotificationDisable** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2cross markcheck mark2
    + + > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -16774,14 +20014,34 @@ SKU Support: - 0 (default) – Enabled - 1 – Disabled - - - **Update/SetEDURestart** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2cross markcheck mark2
    + +

    Added in Windows 10, version 1703. For devices in a cart, this policy skips the check for battery level to ensure that the reboot will happen at ScheduledInstallTime. @@ -16790,27 +20050,34 @@ SKU Support: - 0 - not configured - 1 - configured - - - - -SKU Support: -- Home: No -- Pro: Yes -- Business: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Update/UpdateServiceUrl** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcross markcheck mark
    + + > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -16845,26 +20112,34 @@ Example ``` - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: Yes -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): No - - **Update/UpdateServiceUrlAlternate** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark1check mark1check mark1cross markcross mark
    + + > **Note**  This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education. @@ -16881,22 +20156,7 @@ SKU Support: > If the "Alternate Download Server" Group Policy is not set, it will use the WSUS server by default to download updates. > This policy is not supported on Windows RT. Setting this policy will not have any effect on Windows RT PCs. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **WiFi/AllowWiFiHotSpotReporting** @@ -16904,14 +20164,34 @@ SKU Support:

    This policy has been deprecated. - - - **Wifi/AllowAutoConnectToWiFiSenseHotspots** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Allow or disallow the device to automatically connect to Wi-Fi hotspots. @@ -16922,26 +20202,34 @@ SKU Support:

    Most restricted value is 0. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): No - - **Wifi/AllowInternetSharing** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Allow or disallow internet sharing. @@ -16952,26 +20240,34 @@ SKU Support:

    Most restricted value is 0. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): Yes - - **Wifi/AllowManualWiFiConfiguration** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark1check mark1check mark1check markcheck mark
    + +

    Allow or disallow connecting to Wi-Fi outside of MDM server-installed networks. @@ -16985,27 +20281,34 @@ SKU Support: > [!NOTE] > Setting this policy deletes any previously installed user-configured and Wi-Fi sense Wi-Fi profiles from the device. Certain Wi-Fi profiles that are not user configured nor Wi-Fi sense might not be deleted. In addition, not all non-MDM profiles are completely deleted. - - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **Wifi/AllowWiFi** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark1check mark1check mark1check markcheck mark
    + +

    Allow or disallow WiFi connection. @@ -17016,53 +20319,68 @@ SKU Support:

    Most restricted value is 0. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): Yes - - **Wifi/AllowWiFiDirect** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2check mark2check mark2
    + +

    Added in Windows 10, version 1703. Allow WiFi Direct connection.. - 0 - WiFi Direct connection is not allowed. - 1 - WiFi Direct connection is allowed. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Business: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): No - - **Wifi/WLANScanMode** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck markcheck markcheck markcheck markcheck mark
    + +

    Allow an enterprise to control the WLAN scanning behavior and how aggressively devices should be actively scanning for Wi-Fi networks to get devices connected. @@ -17072,26 +20390,34 @@ SKU Support:

    Supported operations are Add, Delete, Get, and Replace. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): No - - **WindowsInkWorkspace/AllowSuggestedAppsInWindowsInkWorkspace** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark1check mark1check mark1cross markcross mark
    + +

    Added in Windows 10, version 1607. Show recommended app suggestions in the ink workspace. @@ -17100,26 +20426,34 @@ SKU Support: - 0 - app suggestions are not allowed. - 1 (default) -allow app suggestions. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **WindowsInkWorkspace/AllowWindowsInkWorkspace** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark1check mark1check mark1cross markcross mark
    + +

    Added in Windows 10, version 1607. Specifies whether to allow the user to access the ink workspace. @@ -17129,22 +20463,7 @@ SKU Support: - 1 - ink workspace is enabled (feature is turned on), but the user cannot access it above the lock screen. - 2 (default) - ink workspace is enabled (feature is turned on), and the user is allowed to use it above the lock screen. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **WindowsLogon/DisableLockScreenAppNotifications** @@ -17156,8 +20475,6 @@ If you enable this policy setting, no app notifications are displayed on the loc If you disable or do not configure this policy setting, users can choose which apps display notifications on the lock screen. - - ADMX Info: @@ -17178,8 +20495,6 @@ If you enable this policy setting, the PC's network connectivity state cannot be If you disable or don't configure this policy setting, any user can disconnect the PC from the network or can connect the PC to other available networks without signing into Windows. - - ADMX Info: @@ -17193,6 +20508,29 @@ ADMX Info: **WindowsLogon/HideFastUserSwitching** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2cross markcross mark
    + +

    Added in Windows 10, version 1703. This policy setting allows you to hide the Switch account button on the sign-in screen, Start, and the Task Manager. If you enable this policy setting, the Switch account button is hidden from the user who is attempting to sign-in or is signed in to the computer that has this policy applied. If you disable or do not configure this policy setting, the Switch account button is accessible to the user in the three locations. @@ -17206,80 +20544,102 @@ ADMX Info: 1. Enable policy. 2. Verify that the Switch account button in Start is hidden. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **WirelessDisplay/AllowProjectionFromPC** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2check mark2check mark2
    + +

    Added in Windows 10, version 1703. This policy allows you to turn off projection from a PC. - 0 - your PC cannot discover or project to other devices. - 1 - your PC can discover and project to other devices - - - - -SKU Support: -- Home: No -- Pro: Yes -- Business: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): No - - **WirelessDisplay/AllowProjectionFromPCOverInfrastructure** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2check mark2check mark2
    + +

    Added in Windows 10, version 1703. This policy allows you to turn off projection from a PC over infrastructure. - 0 - your PC cannot discover or project to other infrastructure devices, although it is possible to discover and project over WiFi Direct. - 1 - your PC can discover and project to other devices over infrastructure. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Business: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): No - - **WirelessDisplay/AllowProjectionToPC** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark1check mark1check mark1cross markcross mark
    + +

    Added in Windows 10, version 1607. Allow or disallow turning off the projection to a PC. @@ -17290,49 +20650,41 @@ SKU Support: - 0 - projection to PC is not allowed. Always off and the user cannot enable it. - 1 (default) - projection to PC is allowed. Enabled only above the lock screen. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - - **WirelessDisplay/AllowProjectionToPCOverInfrastructure** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2check mark2check mark2
    + +

    Added in Windows 10, version 1703. This policy setting allows you to turn off projection to a PC over infrastructure. - 0 - your PC is not discoverable and other devices cannot project to it over infrastructure, although it is possible to project to it over WiFi Direct. - 1 - your PC is discoverable and other devices can project to it over infrastructure. - - - - -SKU Support: -- Home: No -- Pro: Yes -- Business: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: Yes -- Mobile Enterprise: Yes -- IoT Core: Yes -- Can be set using Exchange Active Sync (EAS): No - - **WirelessDisplay/AllowUserInputFromWirelessDisplayReceiver** @@ -17340,19 +20692,34 @@ SKU Support:

    Added in Windows 10, version 1703. - - - - -SKU Support: -- Can be set using Exchange Active Sync (EAS): No - - **WirelessDisplay/RequirePinForPairing** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark1check mark1check mark1cross markcross mark
    + +

    Added in Windows 10, version 1607. Allow or disallow requirement for a PIN for pairing. @@ -17363,26 +20730,262 @@ SKU Support: - 0 (default) - PIN is not required. - 1 - PIN is required. - - - -SKU Support: -- Home: No -- Pro: Yes -- Enterprise: Yes -- Education: Yes -- Mobile: No -- Mobile Enterprise: No -- IoT Core: No -- Can be set using Exchange Active Sync (EAS): No - -

    + +Footnote: + +- 1 - Added in Windows 10, version 1607. +- 2 - Added in Windows 10, version 1703. + + +## Policies Supported by IoT Core +- [ApplicationManagement/AllowDeveloperUnlock](#applicationmanagement-allowdeveloperunlock) +- [Authentication/AllowFastReconnect](#authentication-allowfastreconnect) +- [Bluetooth/AllowAdvertising](#bluetooth-allowadvertising) +- [Bluetooth/AllowDiscoverableMode](#bluetooth-allowdiscoverablemode) +- [Bluetooth/LocalDeviceName](#bluetooth-localdevicename) +- [Bluetooth/ServicesAllowedList](#bluetooth-servicesallowedlist) +- [Browser/AllowAutofill](#browser-allowautofill) +- [Browser/AllowBrowser](#browser-allowbrowser) +- [Browser/AllowCookies](#browser-allowcookies) +- [Browser/AllowDoNotTrack](#browser-allowdonottrack) +- [Browser/AllowInPrivate](#browser-allowinprivate) +- [Browser/AllowPasswordManager](#browser-allowpasswordmanager) +- [Browser/AllowPopups](#browser-allowpopups) +- [Browser/AllowSearchSuggestionsinAddressBar](#browser-allowsearchsuggestionsinaddressbar) +- [Browser/EnterpriseModeSiteList](#browser-enterprisemodesitelist) +- [Browser/EnterpriseSiteListServiceUrl](#browser-enterprisesitelistserviceurl) +- [Browser/SendIntranetTraffictoInternetExplorer](#browser-sendintranettraffictointernetexplorer) +- [Camera/AllowCamera](#camera-allowcamera) +- [Connectivity/AllowBluetooth](#connectivity-allowbluetooth) +- [Connectivity/AllowCellularDataRoaming](#connectivity-allowcellulardataroaming) +- [Connectivity/AllowNFC](#connectivity-allownfc) +- [Connectivity/AllowUSBConnection](#connectivity-allowusbconnection) +- [Connectivity/AllowVPNOverCellular](#connectivity-allowvpnovercellular) +- [Connectivity/AllowVPNRoamingOverCellular](#connectivity-allowvpnroamingovercellular) +- [DataProtection/AllowDirectMemoryAccess](#dataprotection-allowdirectmemoryaccess) +- [Privacy/LetAppsGetDiagnosticInfo](#privacy-letappsgetdiagnosticinfo) +- [Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps](#privacy-letappsgetdiagnosticinfo-forceallowtheseapps) +- [Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps](#privacy-letappsgetdiagnosticinfo-forcedenytheseapps) +- [Privacy/LetAppsGetDiagnosticInfo_UserInControlOfTheseApps](#privacy-letappsgetdiagnosticinfo-userincontroloftheseapps) +- [Privacy/LetAppsRunInBackground](#privacy-letappsruninbackground) +- [Privacy/LetAppsRunInBackground_ForceAllowTheseApps](#privacy-letappsruninbackground-forceallowtheseapps) +- [Privacy/LetAppsRunInBackground_ForceDenyTheseApps](#privacy-letappsruninbackground-forcedenytheseapps) +- [Privacy/LetAppsRunInBackground_UserInControlOfTheseApps](#privacy-letappsruninbackground-userincontroloftheseapps) +- [Security/AllowAddProvisioningPackage](#security-allowaddprovisioningpackage) +- [Security/AllowRemoveProvisioningPackage](#security-allowremoveprovisioningpackage) +- [Security/RequireDeviceEncryption](#security-requiredeviceencryption) +- [Security/RequireProvisioningPackageSignature](#security-requireprovisioningpackagesignature) +- [System/AllowEmbeddedMode](#system-allowembeddedmode) +- [System/AllowFontProviders](#system-allowfontproviders) +- [System/AllowStorageCard](#system-allowstoragecard) +- [System/TelemetryProxy](#system-telemetryproxy) +- [Update/AllowNonMicrosoftSignedUpdate](#update-allownonmicrosoftsignedupdate) +- [Update/AllowUpdateService](#update-allowupdateservice) +- [Update/PauseDeferrals](#update-pausedeferrals) +- [Update/RequireDeferUpgrade](#update-requiredeferupgrade) +- [Update/RequireUpdateApproval](#update-requireupdateapproval) +- [Update/ScheduledInstallDay](#update-scheduledinstallday) +- [Update/ScheduledInstallTime](#update-scheduledinstalltime) +- [Update/UpdateServiceUrl](#update-updateserviceurl) +- [Wifi/AllowAutoConnectToWiFiSenseHotspots](#wifi-allowautoconnecttowifisensehotspots) +- [Wifi/AllowInternetSharing](#wifi-allowinternetsharing) +- [Wifi/AllowWiFi](#wifi-allowwifi) +- [Wifi/WLANScanMode](#wifi-wlanscanmode) + + + +## Policies supported by Windows Holographic for Business + +- [Accounts/AllowMicrosoftAccountConnection](#accounts-allowmicrosoftaccountconnection) +- [ApplicationManagement/AllowAllTrustedApps](#applicationmanagement-allowalltrustedapps) +- [ApplicationManagement/AllowAppStoreAutoUpdate](#applicationmanagement-allowappstoreautoupdate) +- [ApplicationManagement/AllowDeveloperUnlock](#applicationmanagement-allowdeveloperunlock) +- [Authentication/AllowFastReconnect](#authentication-allowfastreconnect) +- [Bluetooth/AllowAdvertising](#bluetooth-allowadvertising) +- [Bluetooth/AllowDiscoverableMode](#bluetooth-allowdiscoverablemode) +- [Bluetooth/LocalDeviceName](#bluetooth-localdevicename) +- [Browser/AllowCookies](#browser-allowcookies) +- [Browser/AllowDoNotTrack](#browser-allowdonottrack) +- [Browser/AllowPasswordManager](#browser-allowpasswordmanager) +- [Browser/AllowPopups](#browser-allowpopups) +- [Browser/AllowSearchSuggestionsinAddressBar](#browser-allowsearchsuggestionsinaddressbar) +- [Browser/AllowSmartScreen](#browser-allowsmartscreen) +- [Connectivity/AllowBluetooth](#connectivity-allowbluetooth) +- [DeviceLock/AllowIdleReturnWithoutPassword](#devicelock-allowidlereturnwithoutpassword) +- [DeviceLock/DevicePasswordEnabled](#devicelock-devicepasswordenabled) +- [Experience/AllowCortana](#experience-allowcortana) +- [Experience/AllowManualMDMUnenrollment](#experience-allowmanualmdmunenrollment) +- [Privacy/AllowInputPersonalization](#privacy-allowinputpersonalization) +- [Privacy/LetAppsGetDiagnosticInfo](#privacy-letappsgetdiagnosticinfo) +- [Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps](#privacy-letappsgetdiagnosticinfo-forceallowtheseapps) +- [Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps](#privacy-letappsgetdiagnosticinfo-forcedenytheseapps) +- [Privacy/LetAppsGetDiagnosticInfo_UserInControlOfTheseApps](#privacy-letappsgetdiagnosticinfo-userincontroloftheseapps) +- [Privacy/LetAppsRunInBackground](#privacy-letappsruninbackground) +- [Privacy/LetAppsRunInBackground_ForceAllowTheseApps](#privacy-letappsruninbackground-forceallowtheseapps) +- [Privacy/LetAppsRunInBackground_ForceDenyTheseApps](#privacy-letappsruninbackground-forcedenytheseapps) +- [Privacy/LetAppsRunInBackground_UserInControlOfTheseApps](#privacy-letappsruninbackground-userincontroloftheseapps) +- [System/AllowFontProviders](#system-allowfontproviders) +- [Search/AllowSearchToUseLocation](#search-allowsearchtouselocation) +- [Security/RequireDeviceEncryption](#security-requiredeviceencryption) +- [Settings/AllowDateTime](#settings-allowdatetime) +- [Settings/AllowVPN](#settings-allowvpn) +- [System/AllowLocation](#system-allowlocation) +- [System/AllowTelemetry](#system-allowtelemetry) +- [Update/AllowAutoUpdate](#update-allowautoupdate) +- [Update/AllowUpdateService](#update-allowupdateservice) +- [Update/RequireDeferUpgrade](#update-requiredeferupgrade) +- [Update/RequireUpdateApproval](#update-requireupdateapproval) +- [Update/UpdateServiceUrl](#update-updateserviceurl) + + + +## Policies supported by Microsoft Surface Hub + +- [ApplicationDefaults/DefaultAssociationsConfiguration](#applicationdefaults-defaultassociationsconfiguration) +- [Bluetooth/AllowAdvertising](#bluetooth-allowadvertising) +- [Bluetooth/AllowDiscoverableMode](#bluetooth-allowdiscoverablemode) +- [Bluetooth/AllowPrepairing](#bluetooth-allowprepairing) +- [Bluetooth/LocalDeviceName](#bluetooth-localdevicename) +- [Bluetooth/ServicesAllowedList](#bluetooth-servicesallowedlist) +- [Browser/AllowAddressBarDropdown](#browser-allowaddressbardropdown) +- [Browser/AllowCookies](#browser-allowcookies) +- [Browser/AllowDeveloperTools](#browser-allowdevelopertools) +- [Browser/AllowDoNotTrack](#browser-allowdonottrack) +- [Browser/AllowMicrosoftCompatibilityList](#browser-allowmicrosoftcompatibilitylist) +- [Browser/AllowPopups](#browser-allowpopups) +- [Browser/AllowSearchSuggestionsinAddressBar](#browser-allowsearchsuggestionsinaddressbar) +- [Browser/AllowSmartScreen](#browser-allowsmartscreen) +- [Browser/ClearBrowsingDataOnExit](#browser-clearbrowsingdataonexit) +- [Browser/ConfigureAdditionalSearchEngines](#browser-configureadditionalsearchengines) +- [Browser/DisableLockdownOfStartPages](#browser-disablelockdownofstartpages) +- [Browser/HomePages](#browser-homepages) +- [Browser/PreventLiveTileDataCollection](#browser-preventlivetiledatacollection) +- [Browser/PreventSmartScreenPromptOverride](#browser-preventsmartscreenpromptoverride) +- [Browser/PreventSmartScreenPromptOverrideForFiles](#browser-preventsmartscreenpromptoverrideforfiles) +- [Browser/SetDefaultSearchEngine](#browser-setdefaultsearchengine) +- [Camera/AllowCamera](#camera-allowcamera) +- [ConfigOperations/ADMXInstall](#configoperations-admxinstall) +- [Connectivity/AllowBluetooth](#connectivity-allowbluetooth) +- [Connectivity/AllowConnectedDevices](#connectivity-allowconnecteddevices) +- [Cryptography/AllowFipsAlgorithmPolicy](#cryptography-allowfipsalgorithmpolicy) +- [Cryptography/TLSCipherSuites](#cryptography-tlsciphersuites) +- [Defender/AllowArchiveScanning](#defender-allowarchivescanning) +- [Defender/AllowBehaviorMonitoring](#defender-allowbehaviormonitoring) +- [Defender/AllowCloudProtection](#defender-allowcloudprotection) +- [Defender/AllowEmailScanning](#defender-allowemailscanning) +- [Defender/AllowFullScanOnMappedNetworkDrives](#defender-allowfullscanonmappednetworkdrives) +- [Defender/AllowFullScanRemovableDriveScanning](#defender-allowfullscanremovabledrivescanning) +- [Defender/AllowIntrusionPreventionSystem](#defender-allowintrusionpreventionsystem) +- [Defender/AllowIOAVProtection](#defender-allowioavprotection) +- [Defender/AllowOnAccessProtection](#defender-allowonaccessprotection) +- [Defender/AllowRealtimeMonitoring](#defender-allowrealtimemonitoring) +- [Defender/AllowScanningNetworkFiles](#defender-allowscanningnetworkfiles) +- [Defender/AllowScriptScanning](#defender-allowscriptscanning) +- [Defender/AllowUserUIAccess](#defender-allowuseruiaccess) +- [Defender/AvgCPULoadFactor](#defender-avgcpuloadfactor) +- [Defender/DaysToRetainCleanedMalware](#defender-daystoretaincleanedmalware) +- [Defender/ExcludedExtensions](#defender-excludedextensions) +- [Defender/ExcludedPaths](#defender-excludedpaths) +- [Defender/ExcludedProcesses](#defender-excludedprocesses) +- [Defender/PUAProtection](#defender-puaprotection) +- [Defender/RealTimeScanDirection](#defender-realtimescandirection) +- [Defender/ScanParameter](#defender-scanparameter) +- [Defender/ScheduleQuickScanTime](#defender-schedulequickscantime) +- [Defender/ScheduleScanDay](#defender-schedulescanday) +- [Defender/ScheduleScanTime](#defender-schedulescantime) +- [Defender/SignatureUpdateInterval](#defender-signatureupdateinterval) +- [Defender/SubmitSamplesConsent](#defender-submitsamplesconsent) +- [Defender/ThreatSeverityDefaultAction](#defender-threatseveritydefaultaction) +- [DeliveryOptimization/DOAbsoluteMaxCacheSize](#deliveryoptimization-doabsolutemaxcachesize) +- [DeliveryOptimization/DOAllowVPNPeerCaching](#deliveryoptimization-doallowvpnpeercaching) +- [DeliveryOptimization/DODownloadMode](#deliveryoptimization-dodownloadmode) +- [DeliveryOptimization/DOGroupId](#deliveryoptimization-dogroupid) +- [DeliveryOptimization/DOMaxCacheAge](#deliveryoptimization-domaxcacheage) +- [DeliveryOptimization/DOMaxCacheSize](#deliveryoptimization-domaxcachesize) +- [DeliveryOptimization/DOMaxDownloadBandwidth](#deliveryoptimization-domaxdownloadbandwidth) +- [DeliveryOptimization/DOMaxUploadBandwidth](#deliveryoptimization-domaxuploadbandwidth) +- [DeliveryOptimization/DOMinBackgroundQos](#deliveryoptimization-dominbackgroundqos) +- [DeliveryOptimization/DOMinDiskSizeAllowedToPeer](#deliveryoptimization-domindisksizeallowedtopeer) +- [DeliveryOptimization/DOMinFileSizeToCache](#deliveryoptimization-dominfilesizetocache) +- [DeliveryOptimization/DOMinRAMAllowedToPeer](#deliveryoptimization-dominramallowedtopeer) +- [DeliveryOptimization/DOModifyCacheDrive](#deliveryoptimization-domodifycachedrive) +- [DeliveryOptimization/DOMonthlyUploadDataCap](#deliveryoptimization-domonthlyuploaddatacap) +- [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](#deliveryoptimization-dopercentagemaxdownloadbandwidth) +- [DeviceGuard/AllowKernelControlFlowGuard](#deviceguard-allowkernelcontrolflowguard) +- [Privacy/LetAppsGetDiagnosticInfo](#privacy-letappsgetdiagnosticinfo) +- [Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps](#privacy-letappsgetdiagnosticinfo-forceallowtheseapps) +- [Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps](#privacy-letappsgetdiagnosticinfo-forcedenytheseapps) +- [Privacy/LetAppsGetDiagnosticInfo_UserInControlOfTheseApps](#privacy-letappsgetdiagnosticinfo-userincontroloftheseapps) +- [Privacy/LetAppsRunInBackground](#privacy-letappsruninbackground) +- [Privacy/LetAppsRunInBackground_ForceAllowTheseApps](#privacy-letappsruninbackground-forceallowtheseapps) +- [Privacy/LetAppsRunInBackground_ForceDenyTheseApps](#privacy-letappsruninbackground-forcedenytheseapps) +- [Privacy/LetAppsRunInBackground_UserInControlOfTheseApps](#privacy-letappsruninbackground-userincontroloftheseapps) +- [Security/RequireProvisioningPackageSignature](#security-requireprovisioningpackagesignature) +- [Security/RequireRetrieveHealthCertificateOnBoot](#security-requireretrievehealthcertificateonboot) +- [System/AllowFontProviders](#system-allowfontproviders) +- [System/AllowLocation](#system-allowlocation) +- [System/AllowTelemetry](#system-allowtelemetry) +- [TextInput/AllowIMELogging](#textinput-allowimelogging) +- [TextInput/AllowIMENetworkAccess](#textinput-allowimenetworkaccess) +- [TextInput/AllowInputPanel](#textinput-allowinputpanel) +- [TextInput/AllowJapaneseIMESurrogatePairCharacters](#textinput-allowjapaneseimesurrogatepaircharacters) +- [TextInput/AllowJapaneseIVSCharacters](#textinput-allowjapaneseivscharacters) +- [TextInput/AllowJapaneseNonPublishingStandardGlyph](#textinput-allowjapanesenonpublishingstandardglyph) +- [TextInput/AllowJapaneseUserDictionary](#textinput-allowjapaneseuserdictionary) +- [TextInput/AllowLanguageFeaturesUninstall](#textinput-allowlanguagefeaturesuninstall) +- [TextInput/ExcludeJapaneseIMEExceptJIS0208](#textinput-excludejapaneseimeexceptjis0208) +- [TextInput/ExcludeJapaneseIMEExceptJIS0208andEUDC](#textinput-excludejapaneseimeexceptjis0208andeudc) +- [TextInput/ExcludeJapaneseIMEExceptShiftJIS](#textinput-excludejapaneseimeexceptshiftjis) +- [TimeLanguageSettings/Set24HourClock](#timelanguagesettings-set24hourclock) +- [TimeLanguageSettings/SetCountry](#timelanguagesettings-setcountry) +- [TimeLanguageSettings/SetLanguage](#timelanguagesettings-setlanguage) +- [Update/AllowAutoUpdate](#update-allowautoupdate) +- [Update/AllowUpdateService](#update-allowupdateservice) +- [Update/AutoRestartNotificationSchedule](#update-autorestartnotificationschedule) +- [Update/AutoRestartRequiredNotificationDismissal](#update-autorestartrequirednotificationdismissal) +- [Update/BranchReadinessLevel](#update-branchreadinesslevel) +- [Update/DeferFeatureUpdatesPeriodInDays](#update-deferfeatureupdatesperiodindays) +- [Update/DeferQualityUpdatesPeriodInDays](#update-deferqualityupdatesperiodindays) +- [Update/DetectionFrequency](#update-detectionfrequency) +- [Update/PauseFeatureUpdates](#update-pausefeatureupdates) +- [Update/PauseQualityUpdates](#update-pausequalityupdates) +- [Update/ScheduleImminentRestartWarning](#update-scheduleimminentrestartwarning) +- [Update/ScheduleRestartWarning](#update-schedulerestartwarning) +- [Update/SetAutoRestartNotificationDisable](#update-setautorestartnotificationdisable) +- [Update/UpdateServiceUrl](#update-updateserviceurl) +- [Update/UpdateServiceUrlAlternate](#update-updateserviceurlalternate) + + + +## Policies that can be set using Exchange Active Sync (EAS) + +- [Browser/AllowBrowser](#browser-allowbrowser) +- [Camera/AllowCamera](#camera-allowcamera) +- [Connectivity/AllowBluetooth](#connectivity-allowbluetooth) +- [Connectivity/AllowCellularDataRoaming](#connectivity-allowcellulardataroaming) +- [Connectivity/AllowUSBConnection](#connectivity-allowusbconnection) +- [DeviceLock/AllowSimpleDevicePassword](#devicelock-allowsimpledevicepassword) +- [DeviceLock/AlphanumericDevicePasswordRequired](#devicelock-alphanumericdevicepasswordrequired) +- [DeviceLock/DevicePasswordEnabled](#devicelock-devicepasswordenabled) +- [DeviceLock/DevicePasswordExpiration](#devicelock-devicepasswordexpiration) +- [DeviceLock/DevicePasswordHistory](#devicelock-devicepasswordhistory) +- [DeviceLock/MaxDevicePasswordFailedAttempts](#devicelock-maxdevicepasswordfailedattempts) +- [DeviceLock/MaxInactivityTimeDeviceLock](#devicelock-maxinactivitytimedevicelock) +- [DeviceLock/MinDevicePasswordComplexCharacters](#devicelock-mindevicepasswordcomplexcharacters) +- [DeviceLock/MinDevicePasswordLength](#devicelock-mindevicepasswordlength) +- [Search/AllowSearchToUseLocation](#search-allowsearchtouselocation) +- [Security/RequireDeviceEncryption](#security-requiredeviceencryption) +- [System/AllowStorageCard](#system-allowstoragecard) +- [System/TelemetryProxy](#system-telemetryproxy) +- [Wifi/AllowInternetSharing](#wifi-allowinternetsharing) +- [Wifi/AllowWiFi](#wifi-allowwifi) + ## Examples diff --git a/windows/client-management/mdm/policy-ddf-file.md b/windows/client-management/mdm/policy-ddf-file.md index 6a264c5bd0..3a2d11e3db 100644 --- a/windows/client-management/mdm/policy-ddf-file.md +++ b/windows/client-management/mdm/policy-ddf-file.md @@ -1,19 +1,14 @@ --- title: Policy DDF file description: Policy DDF file -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: D90791B5-A772-4AF8-B058-5D566865AF8D -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Policy DDF file This topic shows the OMA DM device description framework (DDF) for the **Policy** configuration service provider. DDF files are used only with OMA DM provisioning XML. diff --git a/windows/client-management/mdm/policymanager-csp.md b/windows/client-management/mdm/policymanager-csp.md index b2d7289982..8124940a17 100644 --- a/windows/client-management/mdm/policymanager-csp.md +++ b/windows/client-management/mdm/policymanager-csp.md @@ -1,19 +1,14 @@ --- title: PolicyManager CSP description: PolicyManager CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 048427b1-6024-4660-8660-bd91c583f7f9 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # PolicyManager CSP @@ -52,21 +47,28 @@ The area group that can be configured by a single technology for a single provid Supported operations are Add, Get, and Delete. -**Device/_<AreaName>_/****_<PolicyName>_** +**My/_<AreaName>_/****_<PolicyName>_** +Specifies the name/value pair used in the policy. The following list shows some tips to help you when configuring policies: + +- Separate multistring values by the Unicode &\#xF000; in the XML file. + +- End multistrings with &\#xF000; For example, One string&\#xF000;two string&\#xF000;red string&\#xF000;blue string&\#xF000;&\#xF000;. Note that a query from different caller could provide a different value as each caller could have different values for a named policy. + +- In Syncml, wrap this policy with the Atomic command so that the policy settings are treated as a single transaction. + +- Supported operations are Add, Get, Delete, and Replace. + +- Value type is string. + +For possible area and policy names, see [Supported company policies](#bkmk-supportedpolicies) below. + +**Device** +Groups the evaluated policies from all providers that can be configured. Supported operations is Get. + +**Device/****_<AreaName>_** +The area group that can be configured by a single technology independent of the providers. Supported operation is Get. + +**Device/_<AreaName>_/****_<PolicyName>_** Specifies the name/value pair used in the policy. Supported operation is Get. ## List of *<AreaName>*/*<PolicyName>* diff --git a/windows/client-management/mdm/provisioning-csp.md b/windows/client-management/mdm/provisioning-csp.md index c41f755776..9ae10f0f2c 100644 --- a/windows/client-management/mdm/provisioning-csp.md +++ b/windows/client-management/mdm/provisioning-csp.md @@ -1,19 +1,14 @@ --- title: Provisioning CSP description: The Provisioning configuration service provider is used for bulk user enrollment to an MDM service. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 5D6C17BE-727A-4AFA-9F30-B34C1EA1D2AE -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Provisioning CSP diff --git a/windows/client-management/mdm/proxy-csp.md b/windows/client-management/mdm/proxy-csp.md index ede502e7bb..65e4ceb727 100644 --- a/windows/client-management/mdm/proxy-csp.md +++ b/windows/client-management/mdm/proxy-csp.md @@ -1,19 +1,14 @@ --- title: PROXY CSP description: PROXY CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 9904d44c-4a1e-4ae7-a6c7-5dba06cb16ce -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # PROXY CSP diff --git a/windows/client-management/mdm/push-notification-windows-mdm.md b/windows/client-management/mdm/push-notification-windows-mdm.md index 38628ee41b..e34d5f94f2 100644 --- a/windows/client-management/mdm/push-notification-windows-mdm.md +++ b/windows/client-management/mdm/push-notification-windows-mdm.md @@ -4,20 +4,15 @@ description: The DMClient CSP supports the ability to configure push-initiated d MS-HAID: - 'p\_phdevicemgmt.push\_notification\_support\_for\_device\_management' - 'p\_phDeviceMgmt.push\_notification\_windows\_mdm' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 9031C4FE-212A-4481-A1B0-4C3190B388AE -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Push notification support for device management The [DMClient CSP](dmclient-csp.md) supports the ability to configure push-initiated device management sessions. Using the [Windows Notification Services (WNS)](http://go.microsoft.com/fwlink/p/?linkid=528800), a management server can request a device to establish a management session with the server through a push notification. A device is configured to support push by the management server by providing the device with a PFN for an application. Once the device is configured, it registers a persistent connection with the WNS cloud (Battery Sense and Data Sense conditions permitting). diff --git a/windows/client-management/mdm/pxlogical-csp.md b/windows/client-management/mdm/pxlogical-csp.md index a521714fc1..d3391b6066 100644 --- a/windows/client-management/mdm/pxlogical-csp.md +++ b/windows/client-management/mdm/pxlogical-csp.md @@ -1,19 +1,14 @@ --- title: PXLOGICAL configuration service provider description: PXLOGICAL configuration service provider -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: b5fc84d4-aa32-4edd-95f1-a6a9c0feb459 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # PXLOGICAL configuration service provider diff --git a/windows/client-management/mdm/reboot-csp.md b/windows/client-management/mdm/reboot-csp.md index 76904c6cef..6180829e89 100644 --- a/windows/client-management/mdm/reboot-csp.md +++ b/windows/client-management/mdm/reboot-csp.md @@ -1,19 +1,14 @@ --- title: Reboot CSP description: Reboot CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 4E3F1225-BBAD-40F5-A1AB-FF221B6BAF48 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Reboot CSP diff --git a/windows/client-management/mdm/reboot-ddf-file.md b/windows/client-management/mdm/reboot-ddf-file.md index 17456d9f50..714d7255ec 100644 --- a/windows/client-management/mdm/reboot-ddf-file.md +++ b/windows/client-management/mdm/reboot-ddf-file.md @@ -1,19 +1,14 @@ --- title: Reboot DDF file description: This topic shows the OMA DM device description framework (DDF) for the Reboot configuration service provider. DDF files are used only with OMA DM provisioning XML. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: ABBD850C-E744-462C-88E7-CA3F43D80DB1 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Reboot DDF file diff --git a/windows/client-management/mdm/reclaim-seat-from-user.md b/windows/client-management/mdm/reclaim-seat-from-user.md index 32832856eb..ee5bc80e60 100644 --- a/windows/client-management/mdm/reclaim-seat-from-user.md +++ b/windows/client-management/mdm/reclaim-seat-from-user.md @@ -1,19 +1,14 @@ --- title: Reclaim seat from user description: The Reclaim seat from user operation returns reclaimed seats for a user in the Windows Store for Business. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: E2C3C899-D0AD-469A-A319-31A420472A4C -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Reclaim seat from user The **Reclaim seat from user** operation returns reclaimed seats for a user in the Windows Store for Business. diff --git a/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md b/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md index bc91ed5cfe..344a2176e6 100644 --- a/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md +++ b/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md @@ -1,19 +1,14 @@ --- title: Register your free Azure Active Directory subscription description: If you have paid subscriptions to Office 365, Microsoft Dynamics CRM Online, Enterprise Mobility Suite, or other Microsoft services, you have a free subscription to Azure AD. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 97DCD303-BB11-4AFF-84FE-B7F14CDF64F7 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Register your free Azure Active Directory subscription If you have paid subscriptions to Office 365, Microsoft Dynamics CRM Online, Enterprise Mobility Suite, or other Microsoft services, you have a free subscription to Azure AD. Here's a step-by-step guide to register your free Azure AD subscription using an Office 365 Premium Business subscription. diff --git a/windows/client-management/mdm/registry-csp.md b/windows/client-management/mdm/registry-csp.md index 7140a8708a..3874d0f2d7 100644 --- a/windows/client-management/mdm/registry-csp.md +++ b/windows/client-management/mdm/registry-csp.md @@ -1,19 +1,14 @@ --- title: Registry CSP description: Registry CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 2307e3fd-7b61-4f00-94e1-a639571f2c9d -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Registry CSP diff --git a/windows/client-management/mdm/registry-ddf-file.md b/windows/client-management/mdm/registry-ddf-file.md index 99b39640a3..5ee429e5ca 100644 --- a/windows/client-management/mdm/registry-ddf-file.md +++ b/windows/client-management/mdm/registry-ddf-file.md @@ -1,19 +1,14 @@ --- title: Registry DDF file description: Registry DDF file -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 29b5cc07-f349-4567-8a77-387d816a9d15 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Registry DDF file diff --git a/windows/client-management/mdm/remotefind-csp.md b/windows/client-management/mdm/remotefind-csp.md index 54a300d0a7..29447d3ed2 100644 --- a/windows/client-management/mdm/remotefind-csp.md +++ b/windows/client-management/mdm/remotefind-csp.md @@ -1,19 +1,14 @@ --- title: RemoteFind CSP description: The RemoteFind configuration service provider retrieves the location information for a particular device. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 2EB02824-65BF-4B40-A338-672D219AF5A0 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # RemoteFind CSP diff --git a/windows/client-management/mdm/remotefind-ddf-file.md b/windows/client-management/mdm/remotefind-ddf-file.md index bcb9ed620f..c30856f87d 100644 --- a/windows/client-management/mdm/remotefind-ddf-file.md +++ b/windows/client-management/mdm/remotefind-ddf-file.md @@ -1,19 +1,14 @@ --- title: RemoteFind DDF file description: This topic shows the OMA DM device description framework (DDF) for the RemoteFind configuration service provider. DDF files are used only with OMA DM provisioning XML. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 5864CBB8-2030-459E-BCF6-9ACB69206FEA -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # RemoteFind DDF file diff --git a/windows/client-management/mdm/remotelock-csp.md b/windows/client-management/mdm/remotelock-csp.md index 5feb339a6f..1ac58b24af 100644 --- a/windows/client-management/mdm/remotelock-csp.md +++ b/windows/client-management/mdm/remotelock-csp.md @@ -1,19 +1,14 @@ --- title: RemoteLock CSP description: RemoteLock CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: c7889331-5aa3-4efe-9a7e-20d3f433659b -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # RemoteLock CSP diff --git a/windows/client-management/mdm/remotelock-ddf-file.md b/windows/client-management/mdm/remotelock-ddf-file.md index a9acecc7af..1f09e6508c 100644 --- a/windows/client-management/mdm/remotelock-ddf-file.md +++ b/windows/client-management/mdm/remotelock-ddf-file.md @@ -1,19 +1,14 @@ --- title: RemoteLock DDF file description: RemoteLock DDF file -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: A301AE26-1BF1-4328-99AB-1ABBA4960797 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # RemoteLock DDF file diff --git a/windows/client-management/mdm/remotering-csp.md b/windows/client-management/mdm/remotering-csp.md index be716388ce..4f16070cb7 100644 --- a/windows/client-management/mdm/remotering-csp.md +++ b/windows/client-management/mdm/remotering-csp.md @@ -1,19 +1,14 @@ --- title: RemoteRing CSP description: RemoteRing CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 70015243-c07f-46cb-a0f9-4b4ad13a5609 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # RemoteRing CSP diff --git a/windows/client-management/mdm/remotering-ddf-file.md b/windows/client-management/mdm/remotering-ddf-file.md index 8594e80fdd..8d690e645e 100644 --- a/windows/client-management/mdm/remotering-ddf-file.md +++ b/windows/client-management/mdm/remotering-ddf-file.md @@ -1,19 +1,14 @@ --- title: RemoteRing DDF file description: This topic shows the OMA DM device description framework (DDF) for the RemoteRing configuration service provider. DDF files are used only with OMA DM provisioning XML. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 6815267F-212B-4370-8B72-A457E8000F7B -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # RemoteRing DDF file diff --git a/windows/client-management/mdm/remotewipe-csp.md b/windows/client-management/mdm/remotewipe-csp.md index 7aaa38af33..81a742eab8 100644 --- a/windows/client-management/mdm/remotewipe-csp.md +++ b/windows/client-management/mdm/remotewipe-csp.md @@ -1,19 +1,14 @@ --- title: RemoteWipe CSP description: RemoteWipe CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 6e89bd37-7680-4940-8a67-11ed062ffb70 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # RemoteWipe CSP diff --git a/windows/client-management/mdm/remotewipe-ddf-file.md b/windows/client-management/mdm/remotewipe-ddf-file.md index f4a460d19c..fa91cdb835 100644 --- a/windows/client-management/mdm/remotewipe-ddf-file.md +++ b/windows/client-management/mdm/remotewipe-ddf-file.md @@ -1,19 +1,14 @@ --- title: RemoteWipe DDF file description: RemoteWipe DDF file -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 10ec4fb7-f911-4d0c-9a8f-e96bf5faea0c -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # RemoteWipe DDF file diff --git a/windows/client-management/mdm/reporting-csp.md b/windows/client-management/mdm/reporting-csp.md index 1bac2e87cc..83d3d3f5b5 100644 --- a/windows/client-management/mdm/reporting-csp.md +++ b/windows/client-management/mdm/reporting-csp.md @@ -1,19 +1,14 @@ --- title: Reporting CSP description: The Reporting configuration service provider is used to retrieve Windows Information Protection (formerly known as Enterprise Data Protection) and security auditing logs. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 148441A6-D9E1-43D8-ADEE-FB62E85A39F7 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Reporting CSP diff --git a/windows/client-management/mdm/reporting-ddf-file.md b/windows/client-management/mdm/reporting-ddf-file.md index 1b638b256d..ff3de3aab3 100644 --- a/windows/client-management/mdm/reporting-ddf-file.md +++ b/windows/client-management/mdm/reporting-ddf-file.md @@ -1,19 +1,14 @@ --- title: Reporting DDF file description: This topic shows the OMA DM device description framework (DDF) for the Reporting configuration service provider. This CSP was added in Windows 10, version 1511. Support for desktop security auditing was added for the desktop in Windows 10, version 1607. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 7A5B79DB-9571-4F7C-ABED-D79CD08C1E35 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Reporting DDF file diff --git a/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md b/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md index e082517265..87ad349555 100644 --- a/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md +++ b/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md @@ -4,19 +4,14 @@ description: REST API reference for Windows Store for Business MS-HAID: - 'p\_phdevicemgmt.business\_store\_portal\_management\_rest\_api\_reference' - 'p\_phDeviceMgmt.rest\_api\_reference\_windows\_store\_for\_Business' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 8C48A879-525A-471F-B0FD-506E743A7D2F -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # REST API reference for Windows Store for Business Here's the list of available operations: diff --git a/windows/client-management/mdm/rootcacertificates-csp.md b/windows/client-management/mdm/rootcacertificates-csp.md index 7544783ff9..ae0852dd78 100644 --- a/windows/client-management/mdm/rootcacertificates-csp.md +++ b/windows/client-management/mdm/rootcacertificates-csp.md @@ -1,19 +1,14 @@ --- title: RootCATrustedCertificates CSP description: RootCATrustedCertificates CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: F2F25DEB-9DB3-40FB-BC3C-B816CE470D61 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # RootCATrustedCertificates CSP The RootCATrustedCertificates configuration service provider enables the enterprise to set the Root Certificate Authority (CA) certificates. diff --git a/windows/client-management/mdm/rootcacertificates-ddf-file.md b/windows/client-management/mdm/rootcacertificates-ddf-file.md index d779f4b333..e825e38ead 100644 --- a/windows/client-management/mdm/rootcacertificates-ddf-file.md +++ b/windows/client-management/mdm/rootcacertificates-ddf-file.md @@ -1,19 +1,14 @@ --- title: RootCATrustedCertificates DDF file description: RootCATrustedCertificates DDF file -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 06D8787B-D3E1-4D4B-8A21-8045A8F85C1C -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # RootCATrustedCertificates DDF file diff --git a/windows/client-management/mdm/samples-for-writing-a-custom-configuration-service-provider.md b/windows/client-management/mdm/samples-for-writing-a-custom-configuration-service-provider.md index d9c2331bd5..8ab213e4cf 100644 --- a/windows/client-management/mdm/samples-for-writing-a-custom-configuration-service-provider.md +++ b/windows/client-management/mdm/samples-for-writing-a-custom-configuration-service-provider.md @@ -1,19 +1,14 @@ --- title: Samples for writing a custom configuration service provider description: Samples for writing a custom configuration service provider -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: ccda4d62-7ce1-483b-912f-25d50c974270 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Samples for writing a custom configuration service provider The following example shows how to retrieve Integrated Circuit Card Identifier (ICCID) and International Mobile Subscriber Identity (IMSI) for a dual SIM phone. diff --git a/windows/client-management/mdm/secureassessment-csp.md b/windows/client-management/mdm/secureassessment-csp.md index 4433341d0b..8f671e0d21 100644 --- a/windows/client-management/mdm/secureassessment-csp.md +++ b/windows/client-management/mdm/secureassessment-csp.md @@ -1,19 +1,14 @@ --- title: SecureAssessment CSP description: SecureAssessment CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 6808BE4B-961E-4638-BF15-FD7841D1C00A -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # SecureAssessment CSP The SecureAssessment configuration service provider is used to provide configuration information for the secure assessment browser. diff --git a/windows/client-management/mdm/secureassessment-ddf-file.md b/windows/client-management/mdm/secureassessment-ddf-file.md index adf2968fcd..57601f53e0 100644 --- a/windows/client-management/mdm/secureassessment-ddf-file.md +++ b/windows/client-management/mdm/secureassessment-ddf-file.md @@ -1,19 +1,14 @@ --- title: SecureAssessment DDF file description: This topic shows the OMA DM device description framework (DDF) for the SecureAssessment configuration service provider. DDF files are used only with OMA DM provisioning XML. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 68D17F2A-FAEA-4608-8727-DBEC1D7BE48A -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # SecureAssessment DDF file This topic shows the OMA DM device description framework (DDF) for the **SecureAssessment** configuration service provider. DDF files are used only with OMA DM provisioning XML. diff --git a/windows/client-management/mdm/securitypolicy-csp.md b/windows/client-management/mdm/securitypolicy-csp.md index 6fbed99d59..28e87b7c43 100644 --- a/windows/client-management/mdm/securitypolicy-csp.md +++ b/windows/client-management/mdm/securitypolicy-csp.md @@ -1,19 +1,14 @@ --- title: SecurityPolicy CSP description: SecurityPolicy CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 6014f8fe-f91b-49f3-a357-bdf625545bc9 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # SecurityPolicy CSP diff --git a/windows/client-management/mdm/server-requirements-windows-mdm.md b/windows/client-management/mdm/server-requirements-windows-mdm.md index 40cab025eb..0ced05ef07 100644 --- a/windows/client-management/mdm/server-requirements-windows-mdm.md +++ b/windows/client-management/mdm/server-requirements-windows-mdm.md @@ -4,19 +4,14 @@ description: Server requirements for using OMA DM to manage Windows devices MS-HAID: - 'p\_phDeviceMgmt.server\_requirements\_for\_oma\_dm' - 'p\_phDeviceMgmt.server\_requirements\_windows\_mdm' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 5b90b631-62a6-4949-b53a-01275fd304b2 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Server requirements for using OMA DM to manage Windows devices The following list shows the general server requirements for using OMA DM to manage Windows devices: diff --git a/windows/client-management/mdm/sharedpc-csp.md b/windows/client-management/mdm/sharedpc-csp.md index 588696715a..e8b16b4a18 100644 --- a/windows/client-management/mdm/sharedpc-csp.md +++ b/windows/client-management/mdm/sharedpc-csp.md @@ -1,19 +1,14 @@ --- title: SharedPC CSP description: SharedPC CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 31273166-1A1E-4F96-B176-CB42ECB80957 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # SharedPC CSP diff --git a/windows/client-management/mdm/sharedpc-ddf-file.md b/windows/client-management/mdm/sharedpc-ddf-file.md index c14945ca34..e666ac45e9 100644 --- a/windows/client-management/mdm/sharedpc-ddf-file.md +++ b/windows/client-management/mdm/sharedpc-ddf-file.md @@ -1,19 +1,14 @@ --- title: SharedPC DDF file description: SharedPC DDF file -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 70234197-07D4-478E-97BB-F6C651C0B970 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # SharedPC DDF file diff --git a/windows/client-management/mdm/storage-csp.md b/windows/client-management/mdm/storage-csp.md index 93990e7ec7..e383685013 100644 --- a/windows/client-management/mdm/storage-csp.md +++ b/windows/client-management/mdm/storage-csp.md @@ -1,19 +1,14 @@ --- title: Storage CSP description: Storage CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: b19bdb54-53ed-42ce-a5a1-269379013f57 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Storage CSP diff --git a/windows/client-management/mdm/storage-ddf-file.md b/windows/client-management/mdm/storage-ddf-file.md index 4d3d025220..2cf0a17551 100644 --- a/windows/client-management/mdm/storage-ddf-file.md +++ b/windows/client-management/mdm/storage-ddf-file.md @@ -1,19 +1,14 @@ --- title: Storage DDF file description: Storage DDF file -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 247062A3-4DFB-4B14-A3D1-68D02C27703C -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Storage DDF file diff --git a/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md b/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md index 6ee56e90a0..031e69f53b 100644 --- a/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md +++ b/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md @@ -1,19 +1,14 @@ --- title: Structure of OMA DM provisioning files description: Structure of OMA DM provisioning files -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 7bd3ef57-c76c-459b-b63f-c5a333ddc2bc -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Structure of OMA DM provisioning files OMA DM commands are transmitted between the server and the client device in messages. A message can contain one or more commands. For a list of commands supported, see the table in [OMA DM protocol support](oma-dm-protocol-support.md). diff --git a/windows/client-management/mdm/supl-csp.md b/windows/client-management/mdm/supl-csp.md index 199bcc80de..150ca95701 100644 --- a/windows/client-management/mdm/supl-csp.md +++ b/windows/client-management/mdm/supl-csp.md @@ -1,19 +1,14 @@ --- title: SUPL CSP description: SUPL CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: afad0120-1126-4fc5-8e7a-64b9f2a5eae1 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # SUPL CSP diff --git a/windows/client-management/mdm/supl-ddf-file.md b/windows/client-management/mdm/supl-ddf-file.md index 0cae640e75..266c2dcaf6 100644 --- a/windows/client-management/mdm/supl-ddf-file.md +++ b/windows/client-management/mdm/supl-ddf-file.md @@ -1,19 +1,14 @@ --- title: SUPL DDF file description: This topic shows the OMA DM device description framework (DDF) for the SUPL configuration service provider. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 514B7854-80DC-4ED9-9805-F5276BF38034 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # SUPL DDF file diff --git a/windows/client-management/mdm/surfacehub-csp.md b/windows/client-management/mdm/surfacehub-csp.md index bd873645b8..f751e53b34 100644 --- a/windows/client-management/mdm/surfacehub-csp.md +++ b/windows/client-management/mdm/surfacehub-csp.md @@ -1,19 +1,14 @@ --- title: SurfaceHub CSP description: The SurfaceHub configuration service provider (CSP) is used to configure Microsoft Surface Hub settings. This CSP was added in Windows 10, version 1511. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 36FBBC32-AD6A-41F1-86BF-B384891AA693 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # SurfaceHub CSP The SurfaceHub configuration service provider (CSP) is used to configure Microsoft Surface Hub settings. This CSP was added in Windows 10, version 1511. diff --git a/windows/client-management/mdm/surfacehub-ddf-file.md b/windows/client-management/mdm/surfacehub-ddf-file.md index da239d46ac..590539f3bb 100644 --- a/windows/client-management/mdm/surfacehub-ddf-file.md +++ b/windows/client-management/mdm/surfacehub-ddf-file.md @@ -1,19 +1,14 @@ --- title: SurfaceHub DDF file description: This topic shows the OMA DM device description framework (DDF) for the SurfaceHub configuration service provider. This CSP was added in Windows 10, version 1511. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: D34DA1C2-09A2-4BA3-BE99-AC483C278436 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # SurfaceHub DDF file This topic shows the OMA DM device description framework (DDF) for the SurfaceHub configuration service provider. This CSP was added in Windows 10, version 1511. diff --git a/windows/client-management/mdm/tpmpolicy-csp.md b/windows/client-management/mdm/tpmpolicy-csp.md new file mode 100644 index 0000000000..239e679672 --- /dev/null +++ b/windows/client-management/mdm/tpmpolicy-csp.md @@ -0,0 +1,55 @@ +--- +title: TPMPolicy CSP +description: TPMPolicy CSP +ms.author: maricia +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: nickbrower +--- + +# TPMPolicy CSP + +> [!WARNING] +> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. + +The TPMPolicy configuration service provider (CSP) provides a mechanism to enable zero exhaust configuration on a Windows device for TPM software components. Zero exhaust is defined as no network traffic (telemetry or otherwise, such as downloading background images, Windows Updates, etc.) from Windows and inbox applications to public IP addresses unless directly intended by the user. This allows the enterprise admin to configure devices where no network communication is initiated by the system without explicit approval. + +The TPMPolicy CSP was added in Windows 10, version 1703. + +The following diagram shows the TPMPolicy configuration service provider in tree format. + +![tpmpolicy csp](images/provisioning-csp-tpmpolicy.png) + +**./Device/Vendor/MSFT/TPMPolicy** +

    Defines the root node.

    + +**IsActiveZeroExhaust** +

    Boolean value that indicates whether network traffic from the device to public IP addresses are not allowed unless directly intended by the user (zero exhaust). Default value is false. Some examples when zero exhaust is configured:

    + +
      +
    • There should be no traffic when machine is on idle. When the user is not interacting with the system/device, no traffic is expected.
      • +
    • There should be no traffic during installation of Windows and first logon when local ID is used.
      • +
    • Launching and using a local app (Notepad, Paint, etc.) should not send any traffic. Similarly, performing common tasks (clicking on start menu, browsing folders, etc.) should not send any traffic.
      • +
    • Launching and using Internet enabled apps should not send any unexpected traffic (for maintenance, diagnostic, telemetry, etc.) to Microsoft.
      • +
    + +Here is an example: + +``` syntax +                +                    101 +                    +                        +                            +                                ./Vendor/MSFT/TpmPolicy/IsActiveZeroExhaust +                            +                        +                         + bool +               text/plain +        +        true +                     +                 +``` \ No newline at end of file diff --git a/windows/client-management/mdm/tpmpolicy-ddf-file.md b/windows/client-management/mdm/tpmpolicy-ddf-file.md new file mode 100644 index 0000000000..35a90ff87b --- /dev/null +++ b/windows/client-management/mdm/tpmpolicy-ddf-file.md @@ -0,0 +1,71 @@ +--- +title: TPMPolicy DDF file +description: TPMPolicy DDF file +ms.author: maricia +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: nickbrower +--- + +# TPMPolicy DDF file + +> [!WARNING] +> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. + +This topic shows the OMA DM device description framework (DDF) for the **TPMPolicy** configuration service provider. The TPMPolicy CSP was added in Windows 10, version 1703. + +The XML below is the current version for this CSP. + +``` syntax + +]> + + 1.2 + + TPMPolicy + ./Vendor/MSFT + + + + + + + + + + + + + + + com.microsoft/1.0/MDM/TPMPolicy + + + + IsActiveZeroExhaust + + + + + + False + + + + + + + + + + + text/plain + + + + + +``` \ No newline at end of file diff --git a/windows/client-management/mdm/understanding-admx-backed-policies.md b/windows/client-management/mdm/understanding-admx-backed-policies.md index 795d5e6e43..5f3d54fbb1 100644 --- a/windows/client-management/mdm/understanding-admx-backed-policies.md +++ b/windows/client-management/mdm/understanding-admx-backed-policies.md @@ -1,15 +1,13 @@ --- title: Understanding ADMX-backed policies description: Starting in Windows 10, version 1703, you can use ADMX-backed policies for Windows 10 mobile device management (MDM) across Windows 10 devices. -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Understanding ADMX-backed policies Due to increased simplicity and the ease with which devices can be targeted, enterprise businesses are finding it increasingly advantageous to move their PC management to a cloud-based device management solution. Unfortunately, current Windows PC device-management solutions lack the critical policy and app settings configuration capabilities that are supported in a traditional PC management solution. @@ -242,17 +240,13 @@ This section describes sample SyncML for the various ADMX elements like Text, Mu ### How a Group Policy policy category path and name are mapped to a MDM area and policy name -Below is the internal OS mapping of a Group Policy to a MDM area and name. This is part of a set of Windows manifests (extension **wm.xml**) that when compiled parses out the associated ADMX file, finds the specified Group Policy policy and stores that definition (metadata) in the MDM Policy CSP client store.  ADMX backed policies are organized hierarchically. Their scope can be **machine**, **user**, or have a scope of **both**. When the MDM policy is referred to through a SyncML command and the Policy CSP URI, as shown below, this metadata is referenced and determines what registry keys are set or removed. Machine-scope policies are referenced via .\Device and the user scope policies via .\User. +Below is the internal OS mapping of a Group Policy to a MDM area and name. This is part of a set of Windows manifest that when compiled parses out the associated ADMX file, finds the specified Group Policy policy and stores that definition (metadata) in the MDM Policy CSP client store.  ADMX backed policies are organized hierarchically. Their scope can be **machine**, **user**, or have a scope of **both**. When the MDM policy is referred to through a SyncML command and the Policy CSP URI, as shown below, this metadata is referenced and determines what registry keys are set or removed. Machine-scope policies are referenced via .\Device and the user scope policies via .\User. `./[Device|User]/Vendor/MSFT/Policy/Config/[config|result]//` -The **wm.xml** for each mapped area can be found in its own directory under: - -`\\SDXROOT\onecoreuap\admin\enterprisemgmt\policymanager\policydefinition\` - Note that the data payload of the SyncML needs to be encoded so that it does not conflict with the boilerplate SyncML XML tags. Use this online tool for encoding and encoding the policy data [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) -**Snippet of wm.xml for AppVirtualization area:** +**Snippet of manifest for AppVirtualization area:** ```XML diff --git a/windows/client-management/mdm/unifiedwritefilter-csp.md b/windows/client-management/mdm/unifiedwritefilter-csp.md index 445cb20e77..8ef347d5c5 100644 --- a/windows/client-management/mdm/unifiedwritefilter-csp.md +++ b/windows/client-management/mdm/unifiedwritefilter-csp.md @@ -1,19 +1,14 @@ --- title: UnifiedWriteFilter CSP description: The UnifiedWriteFilter (UWF) configuration service provider enables the IT administrator to remotely manage the UWF to help protect physical storage media including any writable storage type. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: F4716AC6-0AA5-4A67-AECE-E0F200BA95EB -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # UnifiedWriteFilter CSP diff --git a/windows/client-management/mdm/unifiedwritefilter-ddf.md b/windows/client-management/mdm/unifiedwritefilter-ddf.md index 745016235e..ae3e8f02e5 100644 --- a/windows/client-management/mdm/unifiedwritefilter-ddf.md +++ b/windows/client-management/mdm/unifiedwritefilter-ddf.md @@ -1,19 +1,14 @@ --- title: UnifiedWriteFilter DDF File description: UnifiedWriteFilter DDF File -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 23A7316E-A298-43F7-9407-A65155C8CEA6 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # UnifiedWriteFilter DDF File diff --git a/windows/client-management/mdm/update-csp.md b/windows/client-management/mdm/update-csp.md index eda59cccf6..61923798e2 100644 --- a/windows/client-management/mdm/update-csp.md +++ b/windows/client-management/mdm/update-csp.md @@ -1,19 +1,14 @@ --- title: Update CSP description: Update CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: F1627B57-0749-47F6-A066-677FDD3D7359 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Update CSP The Update configuration service provider enables IT administrators to manage and control the rollout of new updates. diff --git a/windows/client-management/mdm/update-ddf-file.md b/windows/client-management/mdm/update-ddf-file.md index b28fd98f04..a7617b44d2 100644 --- a/windows/client-management/mdm/update-ddf-file.md +++ b/windows/client-management/mdm/update-ddf-file.md @@ -1,19 +1,14 @@ --- title: Update DDF file description: Update DDF file -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: E236E468-88F3-402A-BA7A-834ED38DD388 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Update DDF file This topic shows the OMA DM device description framework (DDF) for the **Update** configuration service provider. DDF files are used only with OMA DM provisioning XML. diff --git a/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider.md b/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider.md index 549574d382..8eda2844e1 100644 --- a/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider.md +++ b/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider.md @@ -1,19 +1,14 @@ --- title: Using PowerShell scripting with the WMI Bridge Provider description: This topic covers using PowerShell Cmdlet scripts to configure per-user and per-device policy settings, as well as how to invoke methods through the WMI Bridge Provider. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 238D45AD-3FD8-46F9-B7FB-6AEE42BE4C08 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Using PowerShell scripting with the WMI Bridge Provider This topic covers using PowerShell Cmdlet scripts to configure per-user and per-device policy settings, as well as how to invoke methods through the [WMI Bridge Provider](https://msdn.microsoft.com/library/windows/desktop/dn905224.aspx). diff --git a/windows/client-management/mdm/vpn-csp.md b/windows/client-management/mdm/vpn-csp.md index 0fdd3b1884..7310156f21 100644 --- a/windows/client-management/mdm/vpn-csp.md +++ b/windows/client-management/mdm/vpn-csp.md @@ -1,19 +1,14 @@ --- title: VPN CSP description: VPN CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 05ca946a-1c0b-4e11-8d7e-854e14740707 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # VPN CSP diff --git a/windows/client-management/mdm/vpn-ddf-file.md b/windows/client-management/mdm/vpn-ddf-file.md index 02d37b2baf..d5e1303442 100644 --- a/windows/client-management/mdm/vpn-ddf-file.md +++ b/windows/client-management/mdm/vpn-ddf-file.md @@ -1,19 +1,14 @@ --- title: VPN DDF file description: VPN DDF file -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 728FCD9C-0B8E-413B-B54A-CD72C9F2B9EE -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # VPN DDF file diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md index 8d41b21c95..5b48d34a09 100644 --- a/windows/client-management/mdm/vpnv2-csp.md +++ b/windows/client-management/mdm/vpnv2-csp.md @@ -1,19 +1,14 @@ --- title: VPNv2 CSP description: VPNv2 CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 51ADA62E-1EE5-4F15-B2AD-52867F5B2AD2 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # VPNv2 CSP diff --git a/windows/client-management/mdm/vpnv2-ddf-file.md b/windows/client-management/mdm/vpnv2-ddf-file.md index ddb7288050..b91f59555f 100644 --- a/windows/client-management/mdm/vpnv2-ddf-file.md +++ b/windows/client-management/mdm/vpnv2-ddf-file.md @@ -1,19 +1,14 @@ --- title: VPNv2 DDF file description: This topic shows the OMA DM device description framework (DDF) for the VPNv2 configuration service provider. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 4E2F36B7-D2EE-4F48-AD1A-6BDE7E72CC94 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # VPNv2 DDF file diff --git a/windows/client-management/mdm/vpnv2-profile-xsd.md b/windows/client-management/mdm/vpnv2-profile-xsd.md index ac16dd7652..8099da7143 100644 --- a/windows/client-management/mdm/vpnv2-profile-xsd.md +++ b/windows/client-management/mdm/vpnv2-profile-xsd.md @@ -1,19 +1,14 @@ --- title: ProfileXML XSD description: Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some profile examples. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 2F32E14B-F9B9-4760-AE94-E57F1D4DFDB3 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # ProfileXML XSD diff --git a/windows/client-management/mdm/w4-application-csp.md b/windows/client-management/mdm/w4-application-csp.md index b7349749a4..1559b6350d 100644 --- a/windows/client-management/mdm/w4-application-csp.md +++ b/windows/client-management/mdm/w4-application-csp.md @@ -1,19 +1,14 @@ --- title: w4 APPLICATION CSP description: w4 APPLICATION CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: ef42b82a-1f04-49e4-8a48-bd4e439fc43a -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # w4 APPLICATION CSP diff --git a/windows/client-management/mdm/w7-application-csp.md b/windows/client-management/mdm/w7-application-csp.md index 6c2e5c39f2..cc931c7f9a 100644 --- a/windows/client-management/mdm/w7-application-csp.md +++ b/windows/client-management/mdm/w7-application-csp.md @@ -1,19 +1,14 @@ --- title: w7 APPLICATION CSP description: w7 APPLICATION CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 10f8aa16-5c89-455d-adcd-d7fb45d4e768 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # w7 APPLICATION CSP diff --git a/windows/client-management/mdm/wifi-csp.md b/windows/client-management/mdm/wifi-csp.md index c44f62a2bb..d1ed9593eb 100644 --- a/windows/client-management/mdm/wifi-csp.md +++ b/windows/client-management/mdm/wifi-csp.md @@ -1,19 +1,14 @@ --- title: WiFi CSP description: WiFi CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: f927cb5f-9555-4029-838b-03fb68937f06 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # WiFi CSP diff --git a/windows/client-management/mdm/wifi-ddf-file.md b/windows/client-management/mdm/wifi-ddf-file.md index 2a27fb59dc..4443fab25f 100644 --- a/windows/client-management/mdm/wifi-ddf-file.md +++ b/windows/client-management/mdm/wifi-ddf-file.md @@ -1,19 +1,14 @@ --- title: WiFi DDF file description: WiFi DDF file -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 00DE1DA7-23DE-4871-B3F0-28EB29A62D61 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # WiFi DDF file diff --git a/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md b/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md index 4136333a3d..3cfa5fbda0 100644 --- a/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md +++ b/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md @@ -1,15 +1,13 @@ --- title: Win32 and Desktop Bridge app policy configuration description: Starting in Windows 10, version 1703, you can import ADMX files and set those ADMX-backed policies for Win32 and Desktop Bridge apps. -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Win32 and Desktop Bridge app policy configuration ## In this section @@ -26,8 +24,27 @@ author: nibr Starting in Windows 10, version 1703, you can import ADMX files (also called ADMX ingestion) and set those ADMX-backed policies for Win32 and Desktop Bridge apps by using Windows 10 Mobile Device Management (MDM) on desktop SKUs. The ADMX files that define policy information can be ingested to your device by using the Policy CSP URI, `./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall`. The ingested ADMX file is then processed into MDM policies. -When the ADMX policies are imported, the registry keys to which each policy is written are checked so that known system registry keys, or registry keys that are used by existing inbox policies or system components, are not overwritten. This precaution helps to avoid security concerns over opening the entire registry. Currently, the ingested policies are not allowed to write to locations within the **System**, **Software\Microsoft**, and **Software\Policies\Microsoft** keys. +When the ADMX policies are imported, the registry keys to which each policy is written are checked so that known system registry keys, or registry keys that are used by existing inbox policies or system components, are not overwritten. This precaution helps to avoid security concerns over opening the entire registry. Currently, the ingested policies are not allowed to write to locations within the **System**, **Software\Microsoft**, and **Software\Policies\Microsoft** keys, except for the following locations: +- Software\Policies\Microsoft\Office\ +- Software\Microsoft\Office\ +- Software\Microsoft\Windows\CurrentVersion\Explorer\ +- Software\Microsoft\Internet Explorer\ +- software\policies\microsoft\shared tools\proofing tools\ +- software\policies\microsoft\imejp\ +- software\policies\microsoft\ime\shared\ +- software\policies\microsoft\shared tools\graphics filters\ +- software\policies\microsoft\windows\currentversion\explorer\ +- software\policies\microsoft\softwareprotectionplatform\ +- software\policies\microsoft\officesoftwareprotectionplatform\ +- software\policies\microsoft\windows\windows search\preferences\ +- software\policies\microsoft\exchange\ +- software\microsoft\shared tools\proofing tools\ +- software\microsoft\shared tools\graphics filters\ +- software\microsoft\windows\windows search\preferences\ +- software\microsoft\exchange\ +- software\policies\microsoft\vba\security\ +- software\microsoft\onedrive ## Ingesting an app ADMX file diff --git a/windows/client-management/mdm/win32appinventory-csp.md b/windows/client-management/mdm/win32appinventory-csp.md index 5f9770bf98..935df946c0 100644 --- a/windows/client-management/mdm/win32appinventory-csp.md +++ b/windows/client-management/mdm/win32appinventory-csp.md @@ -1,19 +1,14 @@ --- title: Win32AppInventory CSP description: Win32AppInventory CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: C0DEDD51-4EAD-4F8E-AEE2-CBE9658BCA22 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Win32AppInventory CSP diff --git a/windows/client-management/mdm/win32appinventory-ddf-file.md b/windows/client-management/mdm/win32appinventory-ddf-file.md index 543d3e7e7a..97eafeb66c 100644 --- a/windows/client-management/mdm/win32appinventory-ddf-file.md +++ b/windows/client-management/mdm/win32appinventory-ddf-file.md @@ -1,19 +1,14 @@ --- title: Win32AppInventory DDF file description: Win32AppInventory DDF file -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: F6BCC10B-BFE4-40AB-AEEE-34679A4E15B0 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Win32AppInventory DDF file diff --git a/windows/client-management/mdm/windows-mdm-enterprise-settings.md b/windows/client-management/mdm/windows-mdm-enterprise-settings.md index 6b984f9d20..51943be64f 100644 --- a/windows/client-management/mdm/windows-mdm-enterprise-settings.md +++ b/windows/client-management/mdm/windows-mdm-enterprise-settings.md @@ -4,19 +4,14 @@ description: The actual management interaction between the device and server is MS-HAID: - 'p\_phdevicemgmt.enterprise\_settings\_\_policies\_\_and\_app\_management' - 'p\_phDeviceMgmt.windows\_mdm\_enterprise\_settings' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 92711D65-3022-4789-924B-602BE3187E23 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # Enterprise settings, policies, and app management The actual management interaction between the device and server is done via the DM client. The DM client communicates with the enterprise management server via DM v1.2 SyncML syntax. The full description of the OMA DM protocol v1.2 can be found at the [OMA website](http://go.microsoft.com/fwlink/p/?LinkId=267526). diff --git a/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md b/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md index 02258e3127..bced249094 100644 --- a/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md +++ b/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md @@ -1,19 +1,14 @@ --- title: WindowsAdvancedThreatProtection CSP description: WindowsAdvancedThreatProtection CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 6C3054CA-9890-4C08-9DB6-FBEEB74699A8 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # WindowsAdvancedThreatProtection CSP The Windows Defender Advanced Threat Protection (WDATP) configuration service provider (CSP) allows IT Admins to onboard, determine configuration and health status, and offboard endpoints for WDATP. diff --git a/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md b/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md index ee85d764da..135648a616 100644 --- a/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md +++ b/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md @@ -1,19 +1,14 @@ --- title: WindowsAdvancedThreatProtection DDF file description: WindowsAdvancedThreatProtection DDF file -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 0C62A790-4351-48AF-89FD-7D46C42D13E0 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # WindowsAdvancedThreatProtection DDF file This topic shows the OMA DM device description framework (DDF) for the **WindowsAdvancedThreatProtection** configuration service provider. DDF files are used only with OMA DM provisioning XML. diff --git a/windows/client-management/mdm/windowslicensing-csp.md b/windows/client-management/mdm/windowslicensing-csp.md index 46074b68da..bdc1b02533 100644 --- a/windows/client-management/mdm/windowslicensing-csp.md +++ b/windows/client-management/mdm/windowslicensing-csp.md @@ -1,19 +1,14 @@ --- title: WindowsLicensing CSP description: WindowsLicensing CSP -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: E6BC6B0D-1F16-48A5-9AC4-76D69A7EDDA6 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # WindowsLicensing CSP The WindowsLicensing configuration service provider is designed for licensing related management scenarios. Currently the scope is limited to edition upgrades of Windows 10 desktop and mobile devices, such as Windows 10 Pro to Windows 10 Enterprise. In addition, this CSP provides the capability to activate or change the product key of Windows 10 desktop devices. diff --git a/windows/client-management/mdm/windowslicensing-ddf-file.md b/windows/client-management/mdm/windowslicensing-ddf-file.md index c4c5e5f558..5ac78fc98d 100644 --- a/windows/client-management/mdm/windowslicensing-ddf-file.md +++ b/windows/client-management/mdm/windowslicensing-ddf-file.md @@ -1,19 +1,14 @@ --- title: WindowsLicensing DDF file description: WindowsLicensing DDF file -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 2A24C922-A167-4CEE-8F74-08E7453800D2 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # WindowsLicensing DDF file This topic shows the OMA DM device description framework (DDF) for the **WindowsLicensing** configuration service provider. DDF files are used only with OMA DM provisioning XML. diff --git a/windows/client-management/mdm/windowssecurityauditing-csp.md b/windows/client-management/mdm/windowssecurityauditing-csp.md index bda151a494..686a058d93 100644 --- a/windows/client-management/mdm/windowssecurityauditing-csp.md +++ b/windows/client-management/mdm/windowssecurityauditing-csp.md @@ -1,19 +1,14 @@ --- title: WindowsSecurityAuditing CSP description: The WindowsSecurityAuditing configuration service provider (CSP) is used to enable logging of security audit events. This CSP was added in Windows 10, version 1511. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 611DF7FF-21CE-476C-AAB5-3D09C1CDF08A -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # WindowsSecurityAuditing CSP diff --git a/windows/client-management/mdm/windowssecurityauditing-ddf-file.md b/windows/client-management/mdm/windowssecurityauditing-ddf-file.md index 33d5a0ad56..cd9ef72d61 100644 --- a/windows/client-management/mdm/windowssecurityauditing-ddf-file.md +++ b/windows/client-management/mdm/windowssecurityauditing-ddf-file.md @@ -1,19 +1,14 @@ --- title: WindowsSecurityAuditing DDF file description: This topic shows the OMA DM device description framework (DDF) for the WindowsSecurityAuditing configuration service provider. This CSP was added in Windows 10, version 1511. -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: B1F9A5FA-185B-48C6-A7F4-0F0F23B971F0 -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # WindowsSecurityAuditing DDF file diff --git a/windows/client-management/mdm/wmi-providers-supported-in-windows.md b/windows/client-management/mdm/wmi-providers-supported-in-windows.md index 09d072f689..ade8ecd858 100644 --- a/windows/client-management/mdm/wmi-providers-supported-in-windows.md +++ b/windows/client-management/mdm/wmi-providers-supported-in-windows.md @@ -4,19 +4,14 @@ description: WMI providers supported in Windows 10 MS-HAID: - 'p\_phdevicemgmt.wmi\_providers\_supported\_in\_windows\_10\_technical\_preview' - 'p\_phDeviceMgmt.wmi\_providers\_supported\_in\_windows' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' ms.assetid: 7D533044-AAD7-4B8F-B71B-9D52C15A168A -ms.author: exists -ms.date: 05/02/2017 +ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: nibr +author: nickbrower --- - # WMI providers supported in Windows 10 Windows Management Infrastructure (WMI) providers (and the classes they support) are used to manage settings and applications on devices that subscribe to the Mobile Device Management (MDM) service. The following subsections show the list WMI MDM classes that are supported in Windows 10. @@ -214,330 +209,7 @@ For links to these classes, see [**MDM Bridge WMI Provider**](https://msdn.micro ### Parental control WMI classes | Class | Test completed in Windows 10 for desktop | -|--- -title: WMI providers supported in Windows 10 -description: WMI providers supported in Windows 10 -MS-HAID: -- 'p\_phdevicemgmt.wmi\_providers\_supported\_in\_windows\_10\_technical\_preview' -- 'p\_phDeviceMgmt.wmi\_providers\_supported\_in\_windows' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 7D533044-AAD7-4B8F-B71B-9D52C15A168A -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: WMI providers supported in Windows 10 -description: WMI providers supported in Windows 10 -MS-HAID: -- 'p\_phdevicemgmt.wmi\_providers\_supported\_in\_windows\_10\_technical\_preview' -- 'p\_phDeviceMgmt.wmi\_providers\_supported\_in\_windows' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 7D533044-AAD7-4B8F-B71B-9D52C15A168A -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: WMI providers supported in Windows 10 -description: WMI providers supported in Windows 10 -MS-HAID: -- 'p\_phdevicemgmt.wmi\_providers\_supported\_in\_windows\_10\_technical\_preview' -- 'p\_phDeviceMgmt.wmi\_providers\_supported\_in\_windows' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 7D533044-AAD7-4B8F-B71B-9D52C15A168A -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: WMI providers supported in Windows 10 -description: WMI providers supported in Windows 10 -MS-HAID: -- 'p\_phdevicemgmt.wmi\_providers\_supported\_in\_windows\_10\_technical\_preview' -- 'p\_phDeviceMgmt.wmi\_providers\_supported\_in\_windows' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 7D533044-AAD7-4B8F-B71B-9D52C15A168A -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: WMI providers supported in Windows 10 -description: WMI providers supported in Windows 10 -MS-HAID: -- 'p\_phdevicemgmt.wmi\_providers\_supported\_in\_windows\_10\_technical\_preview' -- 'p\_phDeviceMgmt.wmi\_providers\_supported\_in\_windows' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 7D533044-AAD7-4B8F-B71B-9D52C15A168A -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: WMI providers supported in Windows 10 -description: WMI providers supported in Windows 10 -MS-HAID: -- 'p\_phdevicemgmt.wmi\_providers\_supported\_in\_windows\_10\_technical\_preview' -- 'p\_phDeviceMgmt.wmi\_providers\_supported\_in\_windows' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 7D533044-AAD7-4B8F-B71B-9D52C15A168A -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: WMI providers supported in Windows 10 -description: WMI providers supported in Windows 10 -MS-HAID: -- 'p\_phdevicemgmt.wmi\_providers\_supported\_in\_windows\_10\_technical\_preview' -- 'p\_phDeviceMgmt.wmi\_providers\_supported\_in\_windows' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 7D533044-AAD7-4B8F-B71B-9D52C15A168A -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: WMI providers supported in Windows 10 -description: WMI providers supported in Windows 10 -MS-HAID: -- 'p\_phdevicemgmt.wmi\_providers\_supported\_in\_windows\_10\_technical\_preview' -- 'p\_phDeviceMgmt.wmi\_providers\_supported\_in\_windows' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 7D533044-AAD7-4B8F-B71B-9D52C15A168A -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: WMI providers supported in Windows 10 -description: WMI providers supported in Windows 10 -MS-HAID: -- 'p\_phdevicemgmt.wmi\_providers\_supported\_in\_windows\_10\_technical\_preview' -- 'p\_phDeviceMgmt.wmi\_providers\_supported\_in\_windows' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 7D533044-AAD7-4B8F-B71B-9D52C15A168A -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: WMI providers supported in Windows 10 -description: WMI providers supported in Windows 10 -MS-HAID: -- 'p\_phdevicemgmt.wmi\_providers\_supported\_in\_windows\_10\_technical\_preview' -- 'p\_phDeviceMgmt.wmi\_providers\_supported\_in\_windows' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 7D533044-AAD7-4B8F-B71B-9D52C15A168A -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: WMI providers supported in Windows 10 -description: WMI providers supported in Windows 10 -MS-HAID: -- 'p\_phdevicemgmt.wmi\_providers\_supported\_in\_windows\_10\_technical\_preview' -- 'p\_phDeviceMgmt.wmi\_providers\_supported\_in\_windows' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 7D533044-AAD7-4B8F-B71B-9D52C15A168A -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: WMI providers supported in Windows 10 -description: WMI providers supported in Windows 10 -MS-HAID: -- 'p\_phdevicemgmt.wmi\_providers\_supported\_in\_windows\_10\_technical\_preview' -- 'p\_phDeviceMgmt.wmi\_providers\_supported\_in\_windows' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 7D533044-AAD7-4B8F-B71B-9D52C15A168A -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---|--- -title: WMI providers supported in Windows 10 -description: WMI providers supported in Windows 10 -MS-HAID: -- 'p\_phdevicemgmt.wmi\_providers\_supported\_in\_windows\_10\_technical\_preview' -- 'p\_phDeviceMgmt.wmi\_providers\_supported\_in\_windows' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 7D533044-AAD7-4B8F-B71B-9D52C15A168A -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: WMI providers supported in Windows 10 -description: WMI providers supported in Windows 10 -MS-HAID: -- 'p\_phdevicemgmt.wmi\_providers\_supported\_in\_windows\_10\_technical\_preview' -- 'p\_phDeviceMgmt.wmi\_providers\_supported\_in\_windows' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 7D533044-AAD7-4B8F-B71B-9D52C15A168A -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: WMI providers supported in Windows 10 -description: WMI providers supported in Windows 10 -MS-HAID: -- 'p\_phdevicemgmt.wmi\_providers\_supported\_in\_windows\_10\_technical\_preview' -- 'p\_phDeviceMgmt.wmi\_providers\_supported\_in\_windows' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 7D533044-AAD7-4B8F-B71B-9D52C15A168A -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: WMI providers supported in Windows 10 -description: WMI providers supported in Windows 10 -MS-HAID: -- 'p\_phdevicemgmt.wmi\_providers\_supported\_in\_windows\_10\_technical\_preview' -- 'p\_phDeviceMgmt.wmi\_providers\_supported\_in\_windows' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 7D533044-AAD7-4B8F-B71B-9D52C15A168A -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: WMI providers supported in Windows 10 -description: WMI providers supported in Windows 10 -MS-HAID: -- 'p\_phdevicemgmt.wmi\_providers\_supported\_in\_windows\_10\_technical\_preview' -- 'p\_phDeviceMgmt.wmi\_providers\_supported\_in\_windows' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 7D533044-AAD7-4B8F-B71B-9D52C15A168A -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: WMI providers supported in Windows 10 -description: WMI providers supported in Windows 10 -MS-HAID: -- 'p\_phdevicemgmt.wmi\_providers\_supported\_in\_windows\_10\_technical\_preview' -- 'p\_phDeviceMgmt.wmi\_providers\_supported\_in\_windows' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 7D533044-AAD7-4B8F-B71B-9D52C15A168A -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: WMI providers supported in Windows 10 -description: WMI providers supported in Windows 10 -MS-HAID: -- 'p\_phdevicemgmt.wmi\_providers\_supported\_in\_windows\_10\_technical\_preview' -- 'p\_phDeviceMgmt.wmi\_providers\_supported\_in\_windows' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 7D533044-AAD7-4B8F-B71B-9D52C15A168A -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- -| +|--------------------------------------------------------------------------|------------------------------------------| | [**wpcappoverride**](https://msdn.microsoft.com/library/windows/hardware/ms711334) | ![cross mark](images/checkmark.png) | | [**wpcgameoverride**](https://msdn.microsoft.com/library/windows/hardware/ms711334) | ![cross mark](images/checkmark.png) | | [**wpcgamessettings**](https://msdn.microsoft.com/library/windows/hardware/ms711334) | ![cross mark](images/checkmark.png) | @@ -554,330 +226,7 @@ author: nibr ### Win32 WMI classes | Class | Test completed in Windows 10 for desktop | -|--- -title: WMI providers supported in Windows 10 -description: WMI providers supported in Windows 10 -MS-HAID: -- 'p\_phdevicemgmt.wmi\_providers\_supported\_in\_windows\_10\_technical\_preview' -- 'p\_phDeviceMgmt.wmi\_providers\_supported\_in\_windows' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 7D533044-AAD7-4B8F-B71B-9D52C15A168A -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: WMI providers supported in Windows 10 -description: WMI providers supported in Windows 10 -MS-HAID: -- 'p\_phdevicemgmt.wmi\_providers\_supported\_in\_windows\_10\_technical\_preview' -- 'p\_phDeviceMgmt.wmi\_providers\_supported\_in\_windows' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 7D533044-AAD7-4B8F-B71B-9D52C15A168A -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: WMI providers supported in Windows 10 -description: WMI providers supported in Windows 10 -MS-HAID: -- 'p\_phdevicemgmt.wmi\_providers\_supported\_in\_windows\_10\_technical\_preview' -- 'p\_phDeviceMgmt.wmi\_providers\_supported\_in\_windows' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 7D533044-AAD7-4B8F-B71B-9D52C15A168A -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: WMI providers supported in Windows 10 -description: WMI providers supported in Windows 10 -MS-HAID: -- 'p\_phdevicemgmt.wmi\_providers\_supported\_in\_windows\_10\_technical\_preview' -- 'p\_phDeviceMgmt.wmi\_providers\_supported\_in\_windows' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 7D533044-AAD7-4B8F-B71B-9D52C15A168A -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: WMI providers supported in Windows 10 -description: WMI providers supported in Windows 10 -MS-HAID: -- 'p\_phdevicemgmt.wmi\_providers\_supported\_in\_windows\_10\_technical\_preview' -- 'p\_phDeviceMgmt.wmi\_providers\_supported\_in\_windows' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 7D533044-AAD7-4B8F-B71B-9D52C15A168A -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: WMI providers supported in Windows 10 -description: WMI providers supported in Windows 10 -MS-HAID: -- 'p\_phdevicemgmt.wmi\_providers\_supported\_in\_windows\_10\_technical\_preview' -- 'p\_phDeviceMgmt.wmi\_providers\_supported\_in\_windows' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 7D533044-AAD7-4B8F-B71B-9D52C15A168A -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: WMI providers supported in Windows 10 -description: WMI providers supported in Windows 10 -MS-HAID: -- 'p\_phdevicemgmt.wmi\_providers\_supported\_in\_windows\_10\_technical\_preview' -- 'p\_phDeviceMgmt.wmi\_providers\_supported\_in\_windows' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 7D533044-AAD7-4B8F-B71B-9D52C15A168A -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: WMI providers supported in Windows 10 -description: WMI providers supported in Windows 10 -MS-HAID: -- 'p\_phdevicemgmt.wmi\_providers\_supported\_in\_windows\_10\_technical\_preview' -- 'p\_phDeviceMgmt.wmi\_providers\_supported\_in\_windows' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 7D533044-AAD7-4B8F-B71B-9D52C15A168A -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: WMI providers supported in Windows 10 -description: WMI providers supported in Windows 10 -MS-HAID: -- 'p\_phdevicemgmt.wmi\_providers\_supported\_in\_windows\_10\_technical\_preview' -- 'p\_phDeviceMgmt.wmi\_providers\_supported\_in\_windows' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 7D533044-AAD7-4B8F-B71B-9D52C15A168A -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: WMI providers supported in Windows 10 -description: WMI providers supported in Windows 10 -MS-HAID: -- 'p\_phdevicemgmt.wmi\_providers\_supported\_in\_windows\_10\_technical\_preview' -- 'p\_phDeviceMgmt.wmi\_providers\_supported\_in\_windows' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 7D533044-AAD7-4B8F-B71B-9D52C15A168A -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: WMI providers supported in Windows 10 -description: WMI providers supported in Windows 10 -MS-HAID: -- 'p\_phdevicemgmt.wmi\_providers\_supported\_in\_windows\_10\_technical\_preview' -- 'p\_phDeviceMgmt.wmi\_providers\_supported\_in\_windows' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 7D533044-AAD7-4B8F-B71B-9D52C15A168A -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: WMI providers supported in Windows 10 -description: WMI providers supported in Windows 10 -MS-HAID: -- 'p\_phdevicemgmt.wmi\_providers\_supported\_in\_windows\_10\_technical\_preview' -- 'p\_phDeviceMgmt.wmi\_providers\_supported\_in\_windows' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 7D533044-AAD7-4B8F-B71B-9D52C15A168A -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---|--- -title: WMI providers supported in Windows 10 -description: WMI providers supported in Windows 10 -MS-HAID: -- 'p\_phdevicemgmt.wmi\_providers\_supported\_in\_windows\_10\_technical\_preview' -- 'p\_phDeviceMgmt.wmi\_providers\_supported\_in\_windows' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 7D533044-AAD7-4B8F-B71B-9D52C15A168A -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: WMI providers supported in Windows 10 -description: WMI providers supported in Windows 10 -MS-HAID: -- 'p\_phdevicemgmt.wmi\_providers\_supported\_in\_windows\_10\_technical\_preview' -- 'p\_phDeviceMgmt.wmi\_providers\_supported\_in\_windows' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 7D533044-AAD7-4B8F-B71B-9D52C15A168A -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: WMI providers supported in Windows 10 -description: WMI providers supported in Windows 10 -MS-HAID: -- 'p\_phdevicemgmt.wmi\_providers\_supported\_in\_windows\_10\_technical\_preview' -- 'p\_phDeviceMgmt.wmi\_providers\_supported\_in\_windows' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 7D533044-AAD7-4B8F-B71B-9D52C15A168A -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: WMI providers supported in Windows 10 -description: WMI providers supported in Windows 10 -MS-HAID: -- 'p\_phdevicemgmt.wmi\_providers\_supported\_in\_windows\_10\_technical\_preview' -- 'p\_phDeviceMgmt.wmi\_providers\_supported\_in\_windows' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 7D533044-AAD7-4B8F-B71B-9D52C15A168A -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: WMI providers supported in Windows 10 -description: WMI providers supported in Windows 10 -MS-HAID: -- 'p\_phdevicemgmt.wmi\_providers\_supported\_in\_windows\_10\_technical\_preview' -- 'p\_phDeviceMgmt.wmi\_providers\_supported\_in\_windows' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 7D533044-AAD7-4B8F-B71B-9D52C15A168A -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: WMI providers supported in Windows 10 -description: WMI providers supported in Windows 10 -MS-HAID: -- 'p\_phdevicemgmt.wmi\_providers\_supported\_in\_windows\_10\_technical\_preview' -- 'p\_phDeviceMgmt.wmi\_providers\_supported\_in\_windows' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 7D533044-AAD7-4B8F-B71B-9D52C15A168A -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- ---- -title: WMI providers supported in Windows 10 -description: WMI providers supported in Windows 10 -MS-HAID: -- 'p\_phdevicemgmt.wmi\_providers\_supported\_in\_windows\_10\_technical\_preview' -- 'p\_phDeviceMgmt.wmi\_providers\_supported\_in\_windows' -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 7D533044-AAD7-4B8F-B71B-9D52C15A168A -ms.author: exists -ms.date: 05/02/2017 -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: nibr ---- -| +|--------------------------------------------------------------------------|------------------------------------------| [**Win32\_1394Controller**](https://msdn.microsoft.com/library/windows/hardware/aa394059) | [**Win32\_BaseBoard**](https://msdn.microsoft.com/library/windows/hardware/aa394072) | [**Win32\_Battery**](https://msdn.microsoft.com/library/windows/hardware/aa394074) | ![cross mark](images/checkmark.png) diff --git a/windows/configuration/customize-and-export-start-layout.md b/windows/configuration/customize-and-export-start-layout.md index adf99d68fe..8a06655003 100644 --- a/windows/configuration/customize-and-export-start-layout.md +++ b/windows/configuration/customize-and-export-start-layout.md @@ -122,6 +122,9 @@ When you have the Start layout that you want your users to see, use the [Export- +>[!IMPORTANT] +>If the Start layout that you export contains tiles for desktop (Win32) apps or .url links, **Export-StartLayout** will use **DesktopApplicationLinkPath** in the resulting file. Use a text or XML editor to change **DesktopApplicationLinkPath** to **DesktopApplicationID**. See [Specify Start tiles](start-layout-xml-desktop.md#specify-start-tiles) for details on using the app ID in place of the link path. + ## Configure a partial Start layout diff --git a/windows/configuration/mobile-devices/mobile-lockdown-designer.md b/windows/configuration/mobile-devices/mobile-lockdown-designer.md index 33a512ae37..4c7a24ae08 100644 --- a/windows/configuration/mobile-devices/mobile-lockdown-designer.md +++ b/windows/configuration/mobile-devices/mobile-lockdown-designer.md @@ -15,7 +15,7 @@ author: jdeckerms Windows 10 Mobile allows enterprises to lock down a device, define multiple user roles, and configure custom layouts on a device. For example, the enterprise can lock down a device so that only applications and settings in an allow list are available. This is accomplished using Lockdown XML, an XML file that contains settings for Windows 10 Mobile. -When you deploy the lockdown XML file to a device, it is saved on the device as **wehlockdown.xml**. When the device boots, it looks for wehlockdown.xml and applies any settings configured in the file. +When you deploy the lockdown XML file to a device, it is saved on the device as **wehlockdown.xml**. When the device boots, it looks for wehlockdown.xml and applies any settings configured in the file. You can deploy the lockdown XML file by [adding it to a provisioning package](lockdown-xml.md#add-lockdown-xml-to-a-provisioning-package) or [by using mobile device management (MDM)](lockdown-xml.md#push-lockdown-xml-using-mdm). The Lockdown Designer app helps you configure and create a lockdown XML file that you can apply to devices running Windows 10 Mobile, version 1703, and includes a remote simulation to help you determine the layout for tiles on the Start screen. Lockdown Designer also validates the XML. Using Lockdown Designer is easier than [manually creating a lockdown XML file](lockdown-xml.md). diff --git a/windows/configuration/start-layout-xml-desktop.md b/windows/configuration/start-layout-xml-desktop.md index c103eb3576..40ccf85845 100644 --- a/windows/configuration/start-layout-xml-desktop.md +++ b/windows/configuration/start-layout-xml-desktop.md @@ -160,35 +160,40 @@ You can use the **start:DesktopApplicationTile** tag to pin a Windows desktop ap - By using a path to a shortcut link (.lnk file) to a Windows desktop application. - To pin a Windows desktop application through this method, you must first add the .lnk file in the specified location when the device first boots. + >[!NOTE] + >In Start layouts for Windows 10, version 1703, you should use **DesktopApplicationID** rather than **DesktopApplicationLinkPath** if you are using Group Policy or MDM to apply the start layout and the application was installed after the user's first sign-in. - The following example shows how to pin the Command Prompt: + To pin a Windows desktop application through this method, you must first add the .lnk file in the specified location when the device first boots. - ```XML - - ``` + ``` - You must set the **DesktopApplicationLinkPath** attribute to the .lnk file that points to the Windows desktop application. The path also supports environment variables. + You must set the **DesktopApplicationLinkPath** attribute to the .lnk file that points to the Windows desktop application. The path also supports environment variables. - If you are pointing to a third-party Windows desktop application, you must put the .lnk file in a legacy Start Menu directory before first boot; for example, "%APPDATA%\Microsoft\Windows\Start Menu\Programs\" or the all users profile "%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\". + If you are pointing to a third-party Windows desktop application and the layout is being applied before the first boot, you must put the .lnk file in a legacy Start Menu directory before first boot; for example, "%APPDATA%\Microsoft\Windows\Start Menu\Programs\" or the all users profile "%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\". - By using the application's application user model ID, if this is known. If the Windows desktop application doesn't have one, use the shortcut link option. - To pin a Windows desktop application through this method, you must set the **DesktopApplicationID** attribute to the application user model ID that's associated with the corresponding app. + You can use the [Get-StartApps cmdlet](https://technet.microsoft.com/library/dn283402.aspx) on a PC that has the application pinned to Start to obtain the app ID. - The following example shows how to pin the Internet Explorer Windows desktop application: + To pin a Windows desktop application through this method, you must set the **DesktopApplicationID** attribute to the application user model ID that's associated with the corresponding app. - ```XML + The following example shows how to pin the Internet Explorer Windows desktop application: + + ```XML - ``` + ``` You can also use the **start:DesktopApplicationTile** tag as one of the methods for pinning a Web link to Start. The other method is to use a Microsoft Edge secondary tile. @@ -205,6 +210,9 @@ The following example shows how to create a tile of the Web site's URL, which yo Column="2"/> ``` +>[!NOTE] +>In Windows 10, version 1703, **Export-StartLayout** will use **DesktopApplicationLinkPath** for the .url shortcut. You must change **DesktopApplicationLinkPath** to **DesktopApplicationID** and provide the URL. + #### start:SecondaryTile You can use the **start:SecondaryTile** tag to pin a Web link through a Microsoft Edge secondary tile. This method doesn't require any additional action compared to the method of using legacy .url shortcuts (through the start:DesktopApplicationTile tag). @@ -273,6 +281,9 @@ The following example shows how to modify your LayoutModification.xml file to ad You can use the **AppendOfficeSuite** tag to add the in-box installed Office suite of apps to Start. +>[!NOTE] +>The OEM must have installed Office for this tag to work. + The following example shows how to add the **AppendOfficeSuite** tag to your LayoutModification.xml file to append the full Universal Office suite to Start: ```XML @@ -289,6 +300,9 @@ The following example shows how to add the **AppendOfficeSuite** tag to your Lay You can use the **AppendDownloadOfficeTile** tag to append the Office trial installer to Start. This tag adds the Download Office tile to Start and the download tile will appear at the bottom right-hand side of the second group. +>[!NOTE] +>The OEM must have installed the Office trial installer for this tag to work. + The following example shows how to add the **AppendDownloadOfficeTile** tag to your LayoutModification.xml file: ```XML diff --git a/windows/configuration/windows-10-start-layout-options-and-policies.md b/windows/configuration/windows-10-start-layout-options-and-policies.md index d8b003ff30..5fc6d0a993 100644 --- a/windows/configuration/windows-10-start-layout-options-and-policies.md +++ b/windows/configuration/windows-10-start-layout-options-and-policies.md @@ -64,7 +64,7 @@ There are three categories of apps that might be pinned to a taskbar: * Apps pinned by the enterprise, such as in an unattended Windows setup >[!NOTE] - >The earlier method of using [TaskbarLinks](https://go.microsoft.com/fwlink/p/?LinkId=761230) in an unattended Windows setup file is deprecated in Windows 10, version 1607. + >We recommend using [the layoutmodification.xml method](configure-windows-10-taskbar.md) to configure taskbar options, rather than the earlier method of using [TaskbarLinks](https://go.microsoft.com/fwlink/p/?LinkId=761230) in an unattended Windows setup file. The following example shows how apps will be pinned - Windows default apps to the left (blue circle), apps pinned by the user in the center (orange triangle), and apps that you pin using XML to the right (green square). diff --git a/windows/deployment/mbr-to-gpt.md b/windows/deployment/mbr-to-gpt.md index b01537fa06..87134c472f 100644 --- a/windows/deployment/mbr-to-gpt.md +++ b/windows/deployment/mbr-to-gpt.md @@ -73,16 +73,23 @@ MBR2GPT: Validation completed successfully In the following example: -1. The current disk partition layout is displayed prior to conversion - three partitions are present on the MBR disk (disk 0): a system reserved partition, a Windows partition, and a recovery partition. A DVD-ROM is also present as volume 0. +1. Using DiskPart, the current disk partition layout is displayed prior to conversion - three partitions are present on the MBR disk (disk 0): a system reserved partition, a Windows partition, and a recovery partition. A DVD-ROM is also present as volume 0. 2. The OS volume is selected, partitions are listed, and partition details are displayed for the OS partition. The [MBR partition type](https://msdn.microsoft.com/library/windows/desktop/aa363990.aspx) is **07** corresponding to the installable file system (IFS) type. 2. The MBR2GPT tool is used to convert disk 0. -3. The DISKPART tool displays that disk 0 is now using the GPT format. +3. The DiskPart tool displays that disk 0 is now using the GPT format. 4. The new disk layout is displayed - four partitions are present on the GPT disk: three are identical to the previous partitions and one is the new EFI system partition (volume 3). 5. The OS volume is selected again, and detail displays that it has been converted to the [GPT partition type](https://msdn.microsoft.com/library/windows/desktop/aa365449.aspx) of **ebd0a0a2-b9e5-4433-87c0-68b6b72699c7** corresponding to the **PARTITION_BASIC_DATA_GUID** type. >As noted in the output from the MBR2GPT tool, you must make changes to the computer firmware so that the new EFI system partition will boot properly. ``` +X:\>DiskPart + +Microsoft DiskPart version 10.0.15048.0 + +Copyright (C) Microsoft Corporation. +On computer: MININT-K71F13N + DISKPART> list volume Volume ### Ltr Label Fs Type Size Status Info @@ -140,7 +147,7 @@ MBR2GPT: Fixing drive letter mapping MBR2GPT: Conversion completed successfully MBR2GPT: Before the new system can boot properly you need to switch the firmware to boot to UEFI mode! -X:\>diskpart +X:\>DiskPart Microsoft DiskPart version 10.0.15048.0 @@ -364,9 +371,16 @@ You can also view the partition type of a disk by opening the Disk Management to ![Volumes](images/mbr2gpt-volume.PNG) -If Windows PowerShell and Disk Management are not available, such as when you are using Windows PE, you can determine the partition type at a command prompt with the diskpart tool. To determine the partition style, type **diskpart** and then type **list disk**. See the following example: +If Windows PowerShell and Disk Management are not available, such as when you are using Windows PE, you can determine the partition type at a command prompt with the DiskPart tool. To determine the partition style from a command line, type **diskpart** and then type **list disk**. See the following example: ``` +X:\>DiskPart + +Microsoft DiskPart version 10.0.15048.0 + +Copyright (C) Microsoft Corporation. +On computer: MININT-K71F13N + DISKPART> list disk Disk ### Status Size Free Dyn Gpt diff --git a/windows/deployment/update/images/uc-01-wdav.png b/windows/deployment/update/images/uc-01-wdav.png new file mode 100644 index 0000000000..c0ef37ebc6 Binary files /dev/null and b/windows/deployment/update/images/uc-01-wdav.png differ diff --git a/windows/deployment/update/images/update-compliance-wdav-assessment.png b/windows/deployment/update/images/update-compliance-wdav-assessment.png new file mode 100644 index 0000000000..266c5b7210 Binary files /dev/null and b/windows/deployment/update/images/update-compliance-wdav-assessment.png differ diff --git a/windows/deployment/update/images/update-compliance-wdav-overview.png b/windows/deployment/update/images/update-compliance-wdav-overview.png new file mode 100644 index 0000000000..977478fb74 Binary files /dev/null and b/windows/deployment/update/images/update-compliance-wdav-overview.png differ diff --git a/windows/deployment/update/images/update-compliance-wdav-prot-status.png b/windows/deployment/update/images/update-compliance-wdav-prot-status.png new file mode 100644 index 0000000000..2c6c355ca4 Binary files /dev/null and b/windows/deployment/update/images/update-compliance-wdav-prot-status.png differ diff --git a/windows/deployment/update/images/update-compliance-wdav-query-not-assessed.png b/windows/deployment/update/images/update-compliance-wdav-query-not-assessed.png new file mode 100644 index 0000000000..733bfb6ae7 Binary files /dev/null and b/windows/deployment/update/images/update-compliance-wdav-query-not-assessed.png differ diff --git a/windows/deployment/update/images/update-compliance-wdav-status-add-filter.png b/windows/deployment/update/images/update-compliance-wdav-status-add-filter.png new file mode 100644 index 0000000000..d914960a7a Binary files /dev/null and b/windows/deployment/update/images/update-compliance-wdav-status-add-filter.png differ diff --git a/windows/deployment/update/images/update-compliance-wdav-status-filter-apply.png b/windows/deployment/update/images/update-compliance-wdav-status-filter-apply.png new file mode 100644 index 0000000000..7d8021b02e Binary files /dev/null and b/windows/deployment/update/images/update-compliance-wdav-status-filter-apply.png differ diff --git a/windows/deployment/update/images/update-compliance-wdav-status-filter.png b/windows/deployment/update/images/update-compliance-wdav-status-filter.png new file mode 100644 index 0000000000..cd500c2cb3 Binary files /dev/null and b/windows/deployment/update/images/update-compliance-wdav-status-filter.png differ diff --git a/windows/deployment/update/images/update-compliance-wdav-status-log.png b/windows/deployment/update/images/update-compliance-wdav-status-log.png new file mode 100644 index 0000000000..30e2e2352f Binary files /dev/null and b/windows/deployment/update/images/update-compliance-wdav-status-log.png differ diff --git a/windows/deployment/update/images/update-compliance-wdav-status-query.png b/windows/deployment/update/images/update-compliance-wdav-status-query.png new file mode 100644 index 0000000000..c7d1a436fe Binary files /dev/null and b/windows/deployment/update/images/update-compliance-wdav-status-query.png differ diff --git a/windows/deployment/update/images/update-compliance-wdav-threat-status.png b/windows/deployment/update/images/update-compliance-wdav-threat-status.png new file mode 100644 index 0000000000..ada9c09bbf Binary files /dev/null and b/windows/deployment/update/images/update-compliance-wdav-threat-status.png differ diff --git a/windows/deployment/update/update-compliance-get-started.md b/windows/deployment/update/update-compliance-get-started.md index f6c1878943..822dbf7bd1 100644 --- a/windows/deployment/update/update-compliance-get-started.md +++ b/windows/deployment/update/update-compliance-get-started.md @@ -1,6 +1,7 @@ --- title: Get started with Update Compliance (Windows 10) -description: Explains how to configure Update Compliance. +description: Configure Update Compliance in OMS to see the status of updates and antimalware protection on devices in your network. +keywords: update compliance, oms, operations management suite, prerequisites, requirements, updates, upgrades, antivirus, antimalware, signature, log analytics, wdav ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library @@ -14,88 +15,90 @@ This topic explains the steps necessary to configure your environment for Window Steps are provided in sections that follow the recommended setup process: 1. Ensure that [prerequisites](#update-compliance-prerequisites) are met. -2. [Add Update Compliance](#add-update-compliance-to-microsoft-operations-management-suite) to Microsoft Operations Management Suite -3. [Deploy your Commercial ID](#deploy-your-commercial-id-to-your-windows-10-devices) to your organization’s devices +2. [Add Update Compliance](#add-update-compliance-to-microsoft-operations-management-suite) to Microsoft Operations Management Suite. +3. [Deploy your Commercial ID](#deploy-your-commercial-id-to-your-windows-10-devices) to your organization’s devices. -## Update Compliance Prerequisites +## Update Compliance prerequisites Update Compliance has the following requirements: 1. Update Compliance is currently only compatible with Windows 10 devices. The solution is intended to be used with desktop devices (Windows 10 workstations and laptops). 2. The solution requires that Windows 10 telemetry is enabled on all devices that are intended to be displayed in the solution. These devices must have at least the [basic level of telemetry](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization#basic-level) enabled. To learn more about Windows telemetry, see [Configure Windows telemetry in your organization](/windows/configuration/configure-windows-telemetry-in-your-organization). -3. The telemetry of your organization’s Windows devices must be successfully transmitted to Microsoft. Microsoft has specified [endpoints for different aspects of telemetry](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization#endpoints), which must be whitelisted by your organization so the data can be transmitted. The following table is taken from the article on telemetry endpoints and summarizes the use of each endpoint: +3. The telemetry of your organization’s Windows devices must be successfully transmitted to Microsoft. Microsoft has specified [endpoints for each of the telemetry services](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization#endpoints), which must be whitelisted by your organization so the data can be transmitted. The following table is taken from the article on telemetry endpoints and summarizes the use of each endpoint: + +Service | Endpoint +--- | --- +Connected User Experience and Telemetry component | v10.vortex-win.data.microsoft.com
    settings-win.data.microsoft.com +Windows Error Reporting | watson.telemetry.microsoft.com +Online Crash Analysis | oca.telemetry.microsoft.com + + + 4. To use Windows Defender Antivirus Assessment, devices must be protected by Windows Defender AV (and not a 3rd party AV program), and must have enabled [cloud-delivered protection](/windows/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus). See the [Windows Defender Antivirus in Windows 10](/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) content library for more information on enabling, configuring, and validating Windows Defender AV. - -
    ServiceEndpoint -
    Connected User Experience and Telemetry componentv10.vortex-win.data.microsoft.com -
    settings-win.data.microsoft.com -
    Windows Error Reporting watson.telemetry.microsoft.com -
    Online Crash Analysis oca.telemetry.microsoft.com -
    ## Add Update Compliance to Microsoft Operations Management Suite -Update Compliance is offered as a solution in the Microsoft Operations Management Suite (OMS), a collection of cloud-based servicing for monitoring and automating your on-premises and cloud environments. For more information about OMS, see [Operations Management Suite overview](https://azure.microsoft.com/en-us/documentation/articles/operations-management-suite-overview/). +Update Compliance is offered as a solution in the Microsoft Operations Management Suite (OMS), a collection of cloud-based servicing for monitoring and automating your on-premise and cloud environments. For more information about OMS, see [Operations Management Suite overview](https://azure.microsoft.com/en-us/documentation/articles/operations-management-suite-overview/). If you are already using OMS, you’ll find Update Compliance in the Solutions Gallery. Select the **Update Compliance** tile in the gallery and then click **Add** on the solution's details page. Update Compliance is now visible in your workspace. If you are not yet using OMS, use the following steps to subscribe to OMS Update Compliance: -1. Go to [Operations Management Suite’s page](https://www.microsoft.com/en-us/cloud-platform/operations-management-suite) on Microsoft.com and click **Sign in**. +1. Go to [Operations Management Suite](https://www.microsoft.com/en-us/cloud-platform/operations-management-suite) on Microsoft.com and click **Sign in**. + + + [![](images/uc-02a.png)](images/uc-02.png) -

    - - 2. Sign in to Operations Management Suite (OMS). You can use either a Microsoft Account or a Work or School account to create a workspace. If your company is already using Azure Active Directory (Azure AD), use a Work or School account when you sign in to OMS. Using a Work or School account allows you to use identities from your Azure AD to manage permissions in OMS. -

    - - + + [![](images/uc-03a.png)](images/uc-03.png) + 3. Create a new OMS workspace. -

    - - + [![](images/uc-04a.png)](images/uc-04.png) + 4. Enter a name for the workspace, select the workspace region, and provide the email address that you want associated with this workspace. Click **Create**. -

    - - + + [![](images/uc-05a.png)](images/uc-05.png) + 5. If your organization already has an Azure subscription, you can link it to your workspace. Note that you may need to request access from your organization’s Azure administrator. If your organization does not have an Azure subscription, create a new one or select the default OMS Azure subscription from the list. If you do not yet have an Azure subscription, follow [this guide](https://blogs.technet.microsoft.com/upgradeanalytics/2016/11/08/linking-operations-management-suite-workspaces-to-microsoft-azure/) to create and link an Azure subscription to an OMS workspace. -

    - - + + [![](images/uc-06a.png)](images/uc-06.png) + 6. To add the Update Compliance solution to your workspace, go to the Solutions Gallery. -

    - - -7. Select the **Update Compliance** tile in the gallery and then select **Add** on the solution’s details page. You might need to scroll to find **Update Compliance**. The solution is now visible on your workspace. + [![](images/uc-07a.png)](images/uc-07.png) + + +7. Select the **Update Compliance** tile in the gallery and then select **Add** on the solution’s details page. You might need to scroll to find **Update Compliance**. The solution is now visible in your workspace. + + + [![](images/uc-08a.png)](images/uc-08.png) -

    - - 8. Click the **Update Compliance** tile to configure the solution. The **Settings Dashboard** opens. -

    - - + + [![](images/uc-09a.png)](images/uc-09.png) + 9. Click **Subscribe** to subscribe to OMS Update Compliance. You will then need to distribute your Commercial ID across all your organization’s devices. More information on the Commercial ID is provided below. -

    - - + + [![](images/uc-10a.png)](images/uc-10.png) + After you are subscribed to OMS Update Compliance and your devices have a Commercial ID, you will begin receiving data. It will typically take 24 hours for the first data to begin appearing. The following section explains how to deploy your Commercial ID to your Windows 10 devices. +>[!NOTE] >You can unsubscribe from the Update Compliance solution if you no longer want to monitor your organization’s devices. User device data will continue to be shared with Microsoft while the opt-in keys are set on user devices and the proxy allows traffic. ## Deploy your Commercial ID to your Windows 10 devices diff --git a/windows/deployment/update/update-compliance-monitor.md b/windows/deployment/update/update-compliance-monitor.md index 9ee49a1e9d..1be2149594 100644 --- a/windows/deployment/update/update-compliance-monitor.md +++ b/windows/deployment/update/update-compliance-monitor.md @@ -1,6 +1,7 @@ --- -title: Monitor Windows Updates with Update Compliance (Windows 10) -description: Introduction to Update Compliance. +title: Monitor Windows Updates and Windows Defender AV with Update Compliance (Windows 10) +description: You can use Update Compliance in OMS to monitor the progress of updates and key antimalware protection features on devices in your network. +keywords: oms, operations management suite, wdav, updates, upgrades, antivirus, antimalware, signature, log analytics ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library @@ -8,26 +9,26 @@ ms.pagetype: deploy author: greg-lindsay --- -# Monitor Windows Updates with Update Compliance +# Monitor Windows Updates and Windows Defender Antivirus with Update Compliance ## Introduction -With Windows 10, organizations need to change the way they approach monitoring and deploying updates. Update Compliance is a powerful set of tools that enable organizations to monitor and track all important aspects of Microsoft’s new servicing strategy: [Windows as a Service](waas-overview.md). +With Windows 10, organizations need to change the way they approach monitoring and deploying updates. Update Compliance is a powerful set of tools that enable organizations to monitor and track all important aspects of the new servicing strategy from Microsoft: [Windows as a Service](waas-overview.md). Update Compliance is a solution built within Operations Management Suite (OMS), a cloud-based monitoring and automation service which has a flexible servicing subscription based off data usage/retention. For more information about OMS, see [Operations Management Suite overview](http://azure.microsoft.com/en-us/documentation/articles/operations-management-suite-overview/). -Update Compliance uses the Windows telemetry that is part of all Windows 10 devices. It collects system data including update installation progress, Windows Update for Business (WUfB) configuration data, and other update-specific information, and then sends this data privately to a secure cloud to be stored for analysis and usage within the solution. +Update Compliance uses the Windows telemetry that is part of all Windows 10 devices. It collects system data including update installation progress, Windows Update for Business (WUfB) configuration data, Windows Defender Antivirus data, and other update-specific information, and then sends this data privately to a secure cloud to be stored for analysis and usage within the solution. Update Compliance provides the following: -- An overview of your organization’s devices that just works. -- Dedicated drill-downs for devices that might need attention. -- An inventory of devices, including the version of Windows they are running and their update status. -- An overview of WUfB deferral configurations (Windows 10 Anniversary Update [1607] and later). -- Powerful built-in [log analytics](https://www.microsoft.com/en-us/cloud-platform/insight-and-analytics?WT.srch=1&WT.mc_id=AID529558_SEM_%5B_uniqid%5D&utm_source=Bing&utm_medium=CPC&utm_term=log%20analytics&utm_campaign=Hybrid_Cloud_Management) to create useful custom queries. -- Cloud-connected access utilizing Windows 10 telemetry means no need for new complex, customized infrastructure. +- Dedicated drill-downs for devices that might need attention +- An inventory of devices, including the version of Windows they are running and their update status +- The ability to track protection and threat status for Windows Defender Antivirus-enabled devices +- An overview of WUfB deferral configurations (Windows 10 Anniversary Update [1607] and later) +- Powerful built-in [log analytics](https://www.microsoft.com/en-us/cloud-platform/insight-and-analytics?WT.srch=1&WT.mc_id=AID529558_SEM_%5B_uniqid%5D&utm_source=Bing&utm_medium=CPC&utm_term=log%20analytics&utm_campaign=Hybrid_Cloud_Management) to create useful custom queries +- Cloud-connected access utilizing Windows 10 telemetry means no need for new complex, customized infrastructure -See the following topics in this guide for detailed information about configuring and use the Update Compliance solution: +See the following topics in this guide for detailed information about configuring and using the Update Compliance solution: - [Get started with Update Compliance](update-compliance-get-started.md): How to add Update Compliance to your environment. - [Using Update Compliance](update-compliance-using.md): How to begin using Update Compliance. @@ -36,19 +37,20 @@ An overview of the processes used by the Update Compliance solution is provided ## Update Compliance architecture -The Update Compliance architecture and data flow is summarized by the following five step process: +The Update Compliance architecture and data flow is summarized by the following five-step process: **(1)** User computers send telemetry data to a secure Microsoft data center using the Microsoft Data Management Service.
    **(2)** Telemetry data is analyzed by the Update Compliance Data Service.
    **(3)** Telemetry data is pushed from the Update Compliance Data Service to your OMS workspace.
    **(4)** Telemetry data is available in the Update Compliance solution.
    -**(5)** You are able to monitor and troubleshoot Windows updates on your network.
    +**(5)** You are able to monitor and troubleshoot Windows updates and Windows Defender AV in your environment.
    These steps are illustrated in following diagram: -![Update Compliance architecture](images/uc-01.png) +![Update Compliance architecture](images/uc-01-wdav.png) ->This process assumes that Windows telemetry is enabled and devices are assigned your Commercial ID. +>[!NOTE] +>This process assumes that Windows telemetry is enabled and you [have assigned your Commercial ID to devices](update-compliance-get-started#deploy-your-commercial-id-to-your-windows-10-devices. diff --git a/windows/deployment/update/update-compliance-using.md b/windows/deployment/update/update-compliance-using.md index 39d8b0e012..9daa1a5103 100644 --- a/windows/deployment/update/update-compliance-using.md +++ b/windows/deployment/update/update-compliance-using.md @@ -19,6 +19,7 @@ Update Compliance: - Provides a workflow that can be used to quickly identify which devices require attention. - Enables you to track deployment compliance targets for updates. +>[!NOTE] >Information is refreshed daily so that update progress can be monitored. Changes will be displayed about 24 hours after their occurrence, so you always have a recent snapshot of your devices. In OMS, the aspects of a solution's dashboard are usually divided into blades. Blades are a slice of information, typically with a summarization tile and an enumeration of the items that makes up that data. All data is presented through queries. Perspectives are also possible, wherein a given query has a unique view designed to display custom data. The terminology of blades, tiles, and perspectives will be used in the sections that follow. @@ -31,7 +32,8 @@ Update Compliance has the following primary blades: 3. [Latest and Previous Security Update Status](#latest-and-previous-security-update-status) 4. [Overall Feature Update Status](#overall-feature-update-status) 5. [CB, CBB, LTSB Deployment Status](#cb-cbb-ltsb-deployment-status) -6. [List of Queries](#list-of-queries) +6. [Windows Defender Antivirus Assessment](#wdav-assessment) +7. [List of Queries](#list-of-queries) ## OS Update Overview @@ -41,6 +43,7 @@ The first blade of OMS Update Compliance is the General **OS Update Overview** b ![OS Update Overview](images/uc-11.png) + This blade is divided into three sections: - Device Summary: - Needs Attention Summary @@ -139,6 +142,133 @@ The Overall Feature Update Status blade focuses around whether or not your devic Devices are evaluated by OS Version (e.g., 1607) and the count of how many are Current, Not Current, and have Update Failures is displayed. Clicking on any of these counts will allow you to view all those devices, as well as select the **Update Deployment Status** perspective, described below.  + +## Windows Defender Antivirus Assessment + +You'll notice some new tiles in the Overview blade which provide a summary of Windows Defender AV-related issues, highlighted in the following screenshot. + +![verview blade showing a summary of key Windows Defender Antivirus issues](images/update-compliance-wdav-overview.png) + +The **AV Signature** chart shows the number of devices that either have up-to-date [protection updates (also known as signatures or definitions)](/windows/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus), while the **Windows Defender AV Status** tile indicates the percentage of all assessed devices that are not updated and do not have real-time protection enabled. The Windows Defender Antivirus Assessment section provides more information that lets you investigate potential issues. + +If you're using [Windows Defender Antivirus in Windows 10](/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) to protect devices in your organization and have enabled [cloud-delivered protection](/windows/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus), you can use this section to review the overall status of key protection features, including the number of devices that have [always-on real-time protection](/windows/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus) and up-to-date definitions. + +There are two blades in the Windows Defender AV Assessment section: + +- Protection status +- Threats status + +![Windows Defender Antivirus Assessment blade in Update Compliance](images/update-compliance-wdav-assessment.png) + +The **Protection Status** blade shows three key measurements: + +1. How many devices have old or current signatures (also known as protection updates or definitions) +2. How many devices have the core Windows Defender AV always-on scanning feature enabled, called real-time protection + + +![Windows Defender Antivirus protection status in Update Compliance](images/update-compliance-wdav-prot-status.png) + +See the [Manage Windows Defender AV updates and apply baselines](/windows/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus) topic for an overview on how updates work, and further information on applying updates. + +The **Threats Status** blade shows the following measurements: + +1. How many devices that have threats that have been remediated (removed or quarantined on the device) +2. How many devices that have threats where remediation was not successful (this may indicate a manual reboot or clean is required) + + +![Windows Defender Antivirus threat status in Update Compliance](images/update-compliance-wdav-threat-status.png) + +Devices can be in multiple states at once, as one device may have multiple threats, some of which may or may not be remediated. + +> [!IMPORTANT] +> The data reported in Update Compliance can be delayed by up to 24 hours. + +See the [Customize, initiate, and review the results of Windows Defender AV scans and remediation](/windows/threat-protection/windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus) topic for more information on how to perform scans and other manual remediation tasks. + +As with other blades in Update Compliance, clicking on a specific measurement or item will open the associated query that you can use to investigate individual devices and issues, as described below. + + +### Investigate individual devices and threats + + +Click on any of the status measurements to be taken to a pre-built log query that shows the impacted devices for that status. + +![Sample Windows Defender AV query in Update Compliance](images/update-compliance-wdav-status-log.png) + +You can also find a pre-built query on the main Update Compliance screen, under the **Queries** blade, that lists devices that have not been assessed for Windows Defender AV. + +![Overview blade showing a summary of key Windows Defender Antivirus issues](images/update-compliance-wdav-query-not-assessed.png) + + + + + + + + +You can further filter queries by clicking any of the measurement labels for each incident, changing the values in the query filter pane, and then clicking **Apply**. + +![Click the Apply button on the left pane](images/update-compliance-wdav-status-filter-apply.png) + + + +Click **+Add** at the bottom of the filter pane to open a list of filters you can apply. + +![Click Add to add more filters](images/update-compliance-wdav-status-add-filter.png) + + +You can also click the **. . .** button next to each label to instantly filter by that label or value. + +![Click the elipsis icon to instantly filter by the selected label](images/update-compliance-wdav-status-filter.png) + +You can create your own queries by using a query string in the following format: + +``` +Type:
    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Portal labelSIEM field nameArcSight fieldExample valueDescription
    1AlertTitlenameA dll was unexpectedly loaded into a high integrity process without a UAC promptValue available for every alert.
    2SeveritydeviceSeverityMediumValue available for every alert.
    3CategorydeviceEventCategoryPrivilege EscalationValue available for every alert.
    4SourcesourceServiceNameWindowsDefenderATPWindows Defender Antivirus or Windows Defender ATP. Value available for every alert.
    5MachineNamesourceHostNameliz-beanValue available for every alert.
    6FileNamefileNameRobocopy.exeAvailable for alerts associated with a file or process.
    7FilePathfilePathC:\Windows\System32\Robocopy.exeAvailable for alerts associated with a file or process. \
    8UserDomainsourceNtDomaincontosoThe domain of the user context running the activity, available for Windows Defender ATP behavioral based alerts.
    9UserNamesourceUserNameliz-beanThe user context running the activity, available for Windows Defender ATP behavioral based alerts.
    10Sha1fileHash5b4b3985339529be3151d331395f667e1d5b7f35Available for alerts associated with a file or process.
    11Md5deviceCustomString555394b85cb5edddff551f6f3faa9d8ebAvailable for Windows Defender AV alerts.
    12Sha256deviceCustomString69987474deb9f457ece2a9533a08ec173a0986fa3aa6ac355eeba5b622e4a43f5Available for Windows Defender AV alerts.
    13ThreatNameeviceCustomString1Trojan:Win32/Skeeyah.A!bitAvailable for Windows Defender AV alerts.
    14IpAddresssourceAddress218.90.204.141Available for alerts associated to network events. For example, 'Communication to a malicious network destination'.
    15UrlrequestUrldown.esales360.cnAvailabe for alerts associated to network events. For example, 'Communication to a malicious network destination'.
    16RemediationIsSuccessdeviceCustomNumber2TRUEAvailable for Windows Defender AV alerts. ArcSight value is 1 when TRUE and 0 when FALSE.
    17WasExecutingWhileDetecteddeviceCustomNumber1FALSEAvailable for Windows Defender AV alerts. ArcSight value is 1 when TRUE and 0 when FALSE.
    18AlertIdexternalId636210704265059241_673569822Value available for every alert.
    19LinkToWDATPflexString1`https://securitycenter.windows.com/alert/636210704265059241_673569822`Value available for every alert.
    20AlertTimedeviceReceiptTime2017-05-07T01:56:59.3191352ZThe time the activity relevant to the alert occurred. Value available for every alert.
    21MachineDomainsourceDnsDomaincontoso.comDomain name not relevant for AAD joined machines. Value available for every alert.
    22ActordeviceCustomString4Available for alerts related to a known actor group.
    21+5ComputerDnsNameNo mappingliz-bean.contoso.comThe machine fully qualified domain name. Value available for every alert.
    LogOnUserssourceUserIdcontoso\liz-bean; contoso\jay-hardeeThe domain and user of the interactive logon user/s at the time of the event. Note: For machines on Windows 10 version 1607, the domain information will not be available.
    Internal fieldLastProcessedTimeUtcNo mapping2017-05-07T01:56:58.9936648ZTime when event arrived at the backend. This field can be used when setting the request parameter for the range of time that alerts are retrieved.
    Not part of the schemadeviceVendorStatic value in the ArcSight mapping - 'Microsoft'.
    Not part of the schemadeviceProductStatic value in the ArcSight mapping - 'Windows Defender ATP'.
    Not part of the schemadeviceVersionStatic value in the ArcSight mapping - '2.0', used to identify the mapping versions.
    ->[!NOTE] -> Fields #21-29 are related to Windows Defender Antivirus alerts. -![Image of actor profile with numbers](images/atp-actor.png) +![Image of alert with numbers](images/atp-alert-page.png) -![Image of alert timeline with numbers](images/atp-alert-timeline-numbered.png) +![Image of alert details pane with numbers](images/atp-siem-mapping13.png) -![Image of new alerts with numbers](images/atp-alert-source.png) +![Image of alert timeline with numbers](images/atp-siem-mapping3.png) -![Image of machine timeline with numbers](images/atp-remediated-alert.png) +![Image of alert timeline with numbers](images/atp-siem-mapping4.png) -![Image of file details](images/atp-file-details.png) +![Image machine view](images/atp-mapping6.png) + +![Image browser URL](images/atp-mapping5.png) + +![Image actor alert](images/atp-mapping7.png) ## Related topics diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md index cb875edc71..1976fb8703 100644 --- a/windows/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md @@ -24,14 +24,14 @@ localizationpriority: high ## Configure endpoints using System Center Configuration Manager (current branch) version 1606 -System Center Configuration Manager (current branch) version 1606, has UI integrated support for configuring and managing Windows Defender ATP on endpoints. For more information, see [Support for Windows Defender Advanced Threat Protection service](https://go.microsoft.com/fwlink/p/?linkid=823682). +System Center Configuration Manager (SCCM) (current branch) version 1606, has UI integrated support for configuring and managing Windows Defender ATP on endpoints. For more information, see [Support for Windows Defender Advanced Threat Protection service](https://go.microsoft.com/fwlink/p/?linkid=823682). >[!NOTE] > If you’re using SCCM client version 1606 with server version 1610 or above, you must upgrade the client version to match the server version. ## Configure endpoints using System Center Configuration Manager earlier versions -You can use System Center Configuration Manager’s existing functionality to create a policy to configure your endpoints. This is supported in the following System Center Configuration Manager versions: +You can use existing System Center Configuration Manager functionality to create a policy to configure your endpoints. This is supported in the following System Center Configuration Manager versions: - System Center 2012 Configuration Manager - System Center 2012 R2 Configuration Manager diff --git a/windows/threat-protection/windows-defender-atp/images/1.png b/windows/threat-protection/windows-defender-atp/images/1.png new file mode 100644 index 0000000000..70ce314c00 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/1.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-actor-alert.png b/windows/threat-protection/windows-defender-atp/images/atp-actor-alert.png new file mode 100644 index 0000000000..a23b78fd2f Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-actor-alert.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-alert-details.png b/windows/threat-protection/windows-defender-atp/images/atp-alert-details.png new file mode 100644 index 0000000000..238b7e880b Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-alert-details.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-alert-mgt-pane.png b/windows/threat-protection/windows-defender-atp/images/atp-alert-mgt-pane.png new file mode 100644 index 0000000000..33cb7862f6 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-alert-mgt-pane.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-alert-page.png b/windows/threat-protection/windows-defender-atp/images/atp-alert-page.png new file mode 100644 index 0000000000..2f834e986c Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-alert-page.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-alert-process-tree.png b/windows/threat-protection/windows-defender-atp/images/atp-alert-process-tree.png index 06daaa6ea7..4dfdc73f8c 100644 Binary files a/windows/threat-protection/windows-defender-atp/images/atp-alert-process-tree.png and b/windows/threat-protection/windows-defender-atp/images/atp-alert-process-tree.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-alert-timeline.png b/windows/threat-protection/windows-defender-atp/images/atp-alert-timeline.png index 467c7a321e..f162f21b1b 100644 Binary files a/windows/threat-protection/windows-defender-atp/images/atp-alert-timeline.png and b/windows/threat-protection/windows-defender-atp/images/atp-alert-timeline.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-alerts-related-to-machine.PNG b/windows/threat-protection/windows-defender-atp/images/atp-alerts-related-to-machine.PNG new file mode 100644 index 0000000000..af1915fb0b Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-alerts-related-to-machine.PNG differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-detailed-actor.png b/windows/threat-protection/windows-defender-atp/images/atp-detailed-actor.png new file mode 100644 index 0000000000..3df0eccc18 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-detailed-actor.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-incident-graph.png b/windows/threat-protection/windows-defender-atp/images/atp-incident-graph.png index 2968bc4cbb..1dd7f28817 100644 Binary files a/windows/threat-protection/windows-defender-atp/images/atp-incident-graph.png and b/windows/threat-protection/windows-defender-atp/images/atp-incident-graph.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-machine-details-view.png b/windows/threat-protection/windows-defender-atp/images/atp-machine-details-view.png index e91eb539fa..3d9b39c0f9 100644 Binary files a/windows/threat-protection/windows-defender-atp/images/atp-machine-details-view.png and b/windows/threat-protection/windows-defender-atp/images/atp-machine-details-view.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-machine-timeline-details-panel.png b/windows/threat-protection/windows-defender-atp/images/atp-machine-timeline-details-panel.png index fbb2de4176..c9063c8fa9 100644 Binary files a/windows/threat-protection/windows-defender-atp/images/atp-machine-timeline-details-panel.png and b/windows/threat-protection/windows-defender-atp/images/atp-machine-timeline-details-panel.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-machine-timeline-export.png b/windows/threat-protection/windows-defender-atp/images/atp-machine-timeline-export.png index a1e3309e81..da80abb64f 100644 Binary files a/windows/threat-protection/windows-defender-atp/images/atp-machine-timeline-export.png and b/windows/threat-protection/windows-defender-atp/images/atp-machine-timeline-export.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-machines-timeline.png b/windows/threat-protection/windows-defender-atp/images/atp-machines-timeline.png index b58b0f29b0..eccd6e9aec 100644 Binary files a/windows/threat-protection/windows-defender-atp/images/atp-machines-timeline.png and b/windows/threat-protection/windows-defender-atp/images/atp-machines-timeline.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-mapping 3.png b/windows/threat-protection/windows-defender-atp/images/atp-mapping 3.png new file mode 100644 index 0000000000..e2a484f610 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-mapping 3.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-mapping1.png b/windows/threat-protection/windows-defender-atp/images/atp-mapping1.png new file mode 100644 index 0000000000..b34e915132 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-mapping1.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-mapping2.png b/windows/threat-protection/windows-defender-atp/images/atp-mapping2.png new file mode 100644 index 0000000000..7a735cb861 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-mapping2.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-mapping3.png b/windows/threat-protection/windows-defender-atp/images/atp-mapping3.png new file mode 100644 index 0000000000..7033649791 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-mapping3.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-mapping4.png b/windows/threat-protection/windows-defender-atp/images/atp-mapping4.png new file mode 100644 index 0000000000..baeae0dd38 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-mapping4.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-mapping5.png b/windows/threat-protection/windows-defender-atp/images/atp-mapping5.png new file mode 100644 index 0000000000..405fbaf384 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-mapping5.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-mapping6.png b/windows/threat-protection/windows-defender-atp/images/atp-mapping6.png new file mode 100644 index 0000000000..2681a11815 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-mapping6.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-mapping7.png b/windows/threat-protection/windows-defender-atp/images/atp-mapping7.png new file mode 100644 index 0000000000..e46a8edac4 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-mapping7.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-siem-mapping1.png b/windows/threat-protection/windows-defender-atp/images/atp-siem-mapping1.png new file mode 100644 index 0000000000..c59c3c04c0 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-siem-mapping1.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-siem-mapping13.png b/windows/threat-protection/windows-defender-atp/images/atp-siem-mapping13.png new file mode 100644 index 0000000000..7aa79c89b8 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-siem-mapping13.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-siem-mapping2.png b/windows/threat-protection/windows-defender-atp/images/atp-siem-mapping2.png new file mode 100644 index 0000000000..b1521c7567 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-siem-mapping2.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-siem-mapping3.png b/windows/threat-protection/windows-defender-atp/images/atp-siem-mapping3.png new file mode 100644 index 0000000000..8dcfa06ea0 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-siem-mapping3.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-siem-mapping4.png b/windows/threat-protection/windows-defender-atp/images/atp-siem-mapping4.png new file mode 100644 index 0000000000..ebc702179f Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-siem-mapping4.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-user-details-pane.png b/windows/threat-protection/windows-defender-atp/images/atp-user-details-pane.png index 200437ab22..1d852999b9 100644 Binary files a/windows/threat-protection/windows-defender-atp/images/atp-user-details-pane.png and b/windows/threat-protection/windows-defender-atp/images/atp-user-details-pane.png differ diff --git a/windows/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md index e456a18096..c621085545 100644 --- a/windows/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md @@ -1,6 +1,6 @@ --- title: Investigate Windows Defender Advanced Threat Protection alerts -description: Use the investigation options to get details on which alerts are affecting your network, what they mean, and how to resolve them. +description: Use the investigation options to get details on alerts are affecting your network, what they mean, and how to resolve them. keywords: investigate, investigation, machines, machine, endpoints, endpoint, alerts queue, dashboard, IP address, file, submit, submissions, deep analysis, timeline, search, domain, URL, IP search.product: eADQiWindows 10XVcnh ms.prod: w10 @@ -15,30 +15,35 @@ localizationpriority: high **Applies to:** -- Windows 10 Enterprise -- Windows 10 Education -- Windows 10 Pro -- Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -You can click an alert in any of the [alert queues](alerts-queue-windows-defender-advanced-threat-protection.md) to begin an investigation. Selecting an alert brings up the **Alert management pane**, while clicking an alert brings you the alert details view where general information about the alert, some recommended actions, an alert process tree, an incident graph, and an alert timeline is shown. +Investigate alerts that are affecting your network, what they mean, and how to resolve them. Use the alert details view to see various tiles that provide information about alerts. You can also manage an alert and see alert metadata along with other information that can help you make better decisions on how to approach them. + +![Image of the alert page](images/atp-alert-details.png) + + +The alert context tile shows the where, who, and when context of the alert. As with other pages, you can click on the icon beside the name or user account to bring up the machine or user details pane. The alert details view also has a status tile that shows the status of the alert in the queue. You'll also see a description and a set of recommended actions which you can expand. + +For more information about managing alerts, see [Manage alerts](manage-alerts-windows-defender-advanced-threat-protection.md). + +The alert details page also shows the alert process tree, an incident graph, and an alert timeline. You can click on the machine link from the alert view to navigate to the machine. The alert will be highlighted automatically, and the timeline will display the appearance of the alert and its evidence in the **Machine timeline**. If the alert appeared more than once on the machine, the latest occurrence will be displayed in the **Machine timeline**. Alerts attributed to an adversary or actor display a colored tile with the actor's name. -![A detailed view of an alert when clicked](images/alert-details.png) +![A detailed view of an alert when clicked](images/atp-actor-alert.png) Click on the actor's name to see the threat intelligence profile of the actor, including a brief overview of the actor, their interests or targets, their tools, tactics, and processes (TTPs) and areas where they've been observed worldwide. You will also see a set of recommended actions to take. Some actor profiles include a link to download a more comprehensive threat intelligence report. -![Image of detailed actor profile](images/atp-actor-report.png) +![Image of detailed actor profile](images/atp-detailed-actor.png) The detailed alert profile helps you understand who the attackers are, who they target, what techniques, tools, and procedures (TTPs) they use, which geolocations they are active in, and finally, what recommended actions you may take. In many cases, you can download a more detailed Threat Intelligence report about this attacker or campaign for offline reading. ## Alert process tree -The **Alert process tree** takes alert triage and investigation to the next level, displaying the alert and related evidence and other events that occurred within the same execution context and time. This rich triage context of the alert and surrounding events is available on the alert page. +The **Alert process tree** takes alert triage and investigation to the next level, displaying the alert and related evidence, together with other events that occurred within the same execution context and time. This rich triage context of the alert and surrounding events is available on the alert page. ![Image of the alert process tree](images/atp-alert-process-tree.png) @@ -46,11 +51,15 @@ The **Alert process tree** expands to display the execution path of the alert, i The alert and related events or evidence have circles with thunderbolt icons inside them. + >[!NOTE] >The alert process tree might not be available in some alerts. -Clicking in the circle immediately to the left of the indicator displays the **Alert details** pane where you can take a deeper look at the details about the alert. It displays rich information about the selected process, file, IP address, and other details taken from the entity's page – while remaining on the alert page, so you never leave the current context of your investigation. +Clicking in the circle immediately to the left of the indicator displays its details. +![Image of the alert details pane](images/atp-alert-mgt-pane.png) + +The alert details pane helps you take a deeper look at the details about the alert. It displays rich information about the execution details, file details, detections, observed worldwide, observed in organization, and other details taken from the entity's page – while remaining on the alert page, so you never leave the current context of your investigation. ## Incident graph @@ -58,9 +67,7 @@ The **Incident Graph** provides a visual representation of the organizational f ![Image of the Incident graph](images/atp-incident-graph.png) -The **Incident Graph** previously supported expansion by File and Process, and now supports expansion by additional criteria: known processes and Destination IP Address. - -The Windows Defender ATP service keeps track of "known processes". Alerts related to known processes mostly include specific command lines, that combined are the basis for the alert. The **Incident Graph** supports expanding known processes with their command line to display other machines where the known process and the same command line were observed. +The **Incident Graph** supports expansion by File, Process, command line, or Destination IP Address, as appropriate. The **Incident Graph** expansion by destination IP Address, shows the organizational footprint of communications with this IP Address without having to change context by navigating to the IP Address page. diff --git a/windows/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md index 1fc73cb046..435dc1a3c2 100644 --- a/windows/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md @@ -15,10 +15,6 @@ localizationpriority: high **Applies to:** -- Windows 10 Enterprise -- Windows 10 Education -- Windows 10 Pro -- Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) ## Investigate machines @@ -55,7 +51,9 @@ You'll also see details such as logon types for each user account, the user grou For more information, see [Investigate user entities](investigate-user-windows-defender-advanced-threat-protection.md). -The **Alerts related to this machine** section provides a list of alerts that are associated with the machine. This list is a filtered version of the [Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md), and shows the date when the alert's last activity was detected, a short description of the alert, the user account associated with the alert, the alert's severity, the alert's status in the queue, and who is addressing the alert. +The **Alerts related to this machine** section provides a list of alerts that are associated with the machine. You can also manage alerts from this section by clicking the circle icons to the left of the alert (or using Ctrl or Shift + click to select multiple alerts). + +This list is a filtered version of the [Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md), and shows the date when the alert's last activity was detected, a short description of the alert, the user account associated with the alert, the alert's severity, the alert's status in the queue, and who is addressing the alert. You'll also see a list of displayed alerts and you'll be able to quickly know the total number of alerts on the machine. You can also choose to highlight an alert from the **Alerts related to this machine** or from the **Machine timeline** section to see the correlation between the alert and its related events on the machine by right-clicking on the alert and selecting **Select and mark events**. This highlights the alert and its related events and helps distinguish them from other alerts and events appearing in the timeline. Highlighted events are displayed in all information levels whether you choose to view the timeline by **Detections**, **Behaviors**, or **Verbose**. diff --git a/windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md index 6e7445cde4..a43f5f374c 100644 --- a/windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md @@ -64,7 +64,7 @@ Event ID | Error Type | Resolution steps :---|:---|:--- 5 | Offboarding data was found but couldn't be deleted | Check the permissions on the registry, specifically ```HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection```. 10 | Onboarding data couldn't be written to registry | Check the permissions on the registry, specifically
    ```HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat```.
    Verify that the script was ran as an administrator. -15 | Failed to start SENSE service |Check the service health (```sc query sense``` command). Make sure it's not in an intermediate state (*'Pending_Stopped'*, *'Pending_Running'*) and try to run the script again (with administrator rights). +15 | Failed to start SENSE service |Check the service health (```sc query sense``` command). Make sure it's not in an intermediate state (*'Pending_Stopped'*, *'Pending_Running'*) and try to run the script again (with administrator rights).

    If the endpoint is running Windows 10, version 1607 and running the command `sc query sense` returns `START_PENDING`, reboot the machine. If rebooting the machine doesn't address the issue, upgrade to KB4015217 and try onboarding again. 15 | Failed to start SENSE service | If the message of the error is: System error 577 has occurred. You need to enable the Windows Defender ELAM driver, see [Ensure that Windows Defender is not disabled by a policy](#ensure-that-windows-defender-is-not-disabled-by-a-policy) for instructions. 30 | The script failed to wait for the service to start running | The service could have taken more time to start or has encountered errors while trying to start. For more information on events and errors related to SENSE, see [Review events and errors on endpoints with Event viewer](event-error-codes-windows-defender-advanced-threat-protection.md). 35 | The script failed to find needed onboarding status registry value | When the SENSE service starts for the first time, it writes onboarding status to the registry location
    ```HKLM\SOFTWARE\Microsoft\Windows Advanced Threat Protection\Status```.
    The script failed to find it after several seconds. You can manually test it and check if it's there. For more information on events and errors related to SENSE, see [Review events and errors on endpoints with Event viewer](event-error-codes-windows-defender-advanced-threat-protection.md). diff --git a/windows/threat-protection/windows-defender-security-center/images/security-center-home.png b/windows/threat-protection/windows-defender-security-center/images/security-center-home.png new file mode 100644 index 0000000000..601b2a32b8 Binary files /dev/null and b/windows/threat-protection/windows-defender-security-center/images/security-center-home.png differ diff --git a/windows/threat-protection/windows-defender-security-center/images/security-center-start-menu.png b/windows/threat-protection/windows-defender-security-center/images/security-center-start-menu.png new file mode 100644 index 0000000000..e3d744df4c Binary files /dev/null and b/windows/threat-protection/windows-defender-security-center/images/security-center-start-menu.png differ diff --git a/windows/threat-protection/windows-defender-security-center/images/security-center-taskbar.png b/windows/threat-protection/windows-defender-security-center/images/security-center-taskbar.png new file mode 100644 index 0000000000..a35daeb1f4 Binary files /dev/null and b/windows/threat-protection/windows-defender-security-center/images/security-center-taskbar.png differ diff --git a/windows/threat-protection/windows-defender-security-center/images/security-center-turned-off.png b/windows/threat-protection/windows-defender-security-center/images/security-center-turned-off.png new file mode 100644 index 0000000000..eec35c6dcf Binary files /dev/null and b/windows/threat-protection/windows-defender-security-center/images/security-center-turned-off.png differ diff --git a/windows/threat-protection/windows-defender-security-center/windows-defender-security-center.md b/windows/threat-protection/windows-defender-security-center/windows-defender-security-center.md new file mode 100644 index 0000000000..f8376c934c --- /dev/null +++ b/windows/threat-protection/windows-defender-security-center/windows-defender-security-center.md @@ -0,0 +1,119 @@ +--- +title: Windows Defender Security Center +description: The Windows Defender Security Center brings together common Windows security features into one place +keywords: wdav, smartscreen, antivirus, wdsc, firewall, device health, performance, Edge, browser, family, parental options, security, windows +search.product: eADQiWindows 10XVcnh +ms.pagetype: security +ms.prod: w10 +ms.mktglfcycl: manage +ms.sitesec: library +ms.pagetype: security +localizationpriority: medium +author: iaanw +--- + + + + + +# The Windows Defender Security Center + +**Applies to** + +- Windows 10, version 1703 + + + + +In Windows 10, version 1703 we introduced the new Windows Defender Security Center, which brings together common Windows security features into one, easy-to-use app. + + + + +![Screen shot of the Windows Defender Security Center showing that the device is protected and five icons for each of the features](images/security-center-home.png) + + + + +Many settings that were previously part of the individual features and main Windows Settings have been combined and moved to the new app, which is installed out-of-the-box as part of Windows 10, version 1703. + +The app includes the settings and status for the following security features: + +- Virus & threat protection, including settings for Windows Defender Antivirus +- Device performance & health, which includes information about drivers, storage space, and general Windows Update issues +- Firewall & network protection, including Windows Firewall +- App & browser control, covering Windows Defender SmartScreen settings +- Family options, which include a number of parental controls along with tips and information for keeping kids safe online + + + +The Windows Defender Security Center uses the [Windows Security Center service](https://technet.microsoft.com/en-us/library/bb457154.aspx#EDAA) to provide the status and information on 3rd party antivirus and firewall products that are installed on the device. + +> [!IMPORTANT] +> Disabling the Windows Security Center service will not disable Windows Defender AV or [Windows Firewall](https://docs.microsoft.com/en-us/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security). These will be disabled automatically when a 3rd party antivirus or firewall product is installed and kept up to date. + +> [!WARNING] +> If you do disable the Windows Security Center service, or configure its associated Group Policy settings to prevent it from starting or running, the Windows Defender Security Center may display stale or inaccurate information about any antivirus or firewall products you have installed on the device. +>It may also prevent Windows Defender AV from enabling itself if you have an old or outdated 3rd party antivirus, or if you uninstall any 3rd party antivirus products you may have previously installed. +>This will significantly lower the protection of your device and could lead to malware infection. + + +## Open the Windows Defender Security Center +- Right-click the icon in the notification area on the taskbar and click **Open**. + + ![Screen shot of the Shield icon for the Windows Defender Security Center in the bottom Windows task bar](images/security-center-taskbar.png) +- Search the Start menu for **Windows Defender Security Center**. + + ![Screen shot of the Start menu showing the results of a search for Windows Defender Security Center, the first option with a large shield symbol is selected](images/security-center-start-menu.png) + + +> [!NOTE] +> Settings configured with management tools, such as Group Policy, Microsoft Intune, or System Center Configuration Manager, will generally take precedence over the settings in the Windows Defender Security Center. Review the settings for each feature in its appropriate library. Links for both home user and enterprise or commercial audiences are listed below. + +## How the Windows Defender Security Center works with Windows security features + + + + +The Windows Defender Security Center operates as a separate app or process from each of the individual features, and will display notifications through the Action Center. + +It acts as a collector or single place to see the status and perform some configuration for each of the features. + +Disabling any of the individual features (through Group Policy or other management tools, such as System Center Configuration Manager) will prevent that feature from reporting its status in the Windows Defender Security Center. The Windows Defender Security Center itself will still run and show status for the other security features. + +> [!IMPORTANT] +> Individually disabling any of the services will not disable the other services or the Windows Defender Security Center itself. + +For example, [using a 3rd party antivirus will disable Windows Defender Antivirus](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus). However, the Windows Defender Security Center will still run, show its icon in the taskbar, and display information about the other features, such as Windows Defender SmartScreen and Windows Firewall. + +The presence of the 3rd party antivirus will be indicated under the **Virus & threat protection** section in the Windows Defender Security Center. + + + +## More information + +See the following links for more information on the features in the Windows Defender Security Center: +- Windows Defender Antivirus + - IT administrators and IT pros can get configuration guidance from the [Windows Defender Antivirus in the Windows Defender Security Center topic](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus) and the [Windows Defender Antivirus documentation library](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) + - Home users can learn more at the [Virus & threat protection in Windows Defender Security Center topic at support.microsoft.com](https://support.microsoft.com/en-us/help/4012987/windows-10-virus-threat-protection-windows-defender-security-center) +- Device performance & health + - It administrators and IT pros can [configure the Load and unload device drivers security policy setting](https://docs.microsoft.com/en-us/windows/device-security/security-policy-settings/load-and-unload-device-drivers), and learn how to [deploy drivers during Windows 10 deployment using System Center Configuration Manager](https://docs.microsoft.com/en-us/windows/deployment/deploy-windows-sccm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager) + - Home users can learn more at the [Track your device and performance health in Windows Defender Security Center topic at support.microsoft.com](https://support.microsoft.com/en-us/help/4012986/windows-defender-track-your-device-performance-health) +- Windows Firewall + - IT administrators and IT pros can get configuration guidance from the [Windows Firewall with Advanced Security documentation library](https://docs.microsoft.com/en-us/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security) + - Home users can learn more at the [Firewall & network protection in Windows Defender Security Center topic at support.microsoft.com](https://support.microsoft.com/en-us/help/4012988/windows-10-firewall-network-protection-windows-defender-security-center) +- Windows Defender SmartScreen + - IT administrators and IT pros can get configuration guidance from the [Windows Defender SmartScreen documentation library](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview) + - Home users can learn more at the [App & browser control in Windows Defender Security Center topic at support.microsoft.com](https://support.microsoft.com/en-us/help/4013218/windows-10-app-browser-control-in-windows-defender) +- Family options, which include a number of parental controls along with tips and information for keeping kids safe online + - Home users can learn more at the [Help protection your family online in Windows Defender Security Center topic at support.microsoft.com](https://support.microsoft.com/en-us/help/4013209/windows-10-protect-your-family-online-in-windows-defender) + + + +>[!NOTE] +>The Windows Defender Security Center app is a client interface on Windows 10, version 1703. It is not the Windows Defender Security Center web portal that is used to review and manage [Windows Defender Advanced Threat Protection](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection). + + + + +