From e60b112e8bd9dedb8c87e1626c142fc65537945a Mon Sep 17 00:00:00 2001 From: AtsuMaeda <153284067+AtsuMaeda@users.noreply.github.com> Date: Wed, 21 Aug 2024 13:40:39 +0900 Subject: [PATCH 1/7] Learn Editor: Update policy-csp-applicationdefaults.md --- windows/client-management/mdm/policy-csp-applicationdefaults.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md index ee6da319a3..b0628933e8 100644 --- a/windows/client-management/mdm/policy-csp-applicationdefaults.md +++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md @@ -31,6 +31,8 @@ ms.date: 01/18/2024 This policy allows an administrator to set default file type and protocol associations. When set, default associations will be applied on sign-in to the PC. The association file can be created using the DISM tool (dism /online /export-defaultappassociations:appassoc.xml). The file can be further edited by adding attributes to control how often associations are applied by the policy. The file then needs to be base64 encoded before being added to SyncML. If policy is enabled and the client machine is Microsoft Entra joined, the associations assigned in SyncML will be processed and default associations will be applied. +> [!NOTE] +> Regarding the default app associations feature, MDM policies take precedence over group policies. From f28fd01dc60e21d84a562038e516e3031b451480 Mon Sep 17 00:00:00 2001 From: AtsuMaeda <153284067+AtsuMaeda@users.noreply.github.com> Date: Wed, 21 Aug 2024 13:41:01 +0900 Subject: [PATCH 2/7] Learn Editor: Update policy-csp-applicationdefaults.md --- .../client-management/mdm/policy-csp-applicationdefaults.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md index b0628933e8..27ed3e74a1 100644 --- a/windows/client-management/mdm/policy-csp-applicationdefaults.md +++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md @@ -40,7 +40,8 @@ This policy allows an administrator to set default file type and protocol associ -**Description framework properties**: +** +Description framework properties**: | Property name | Property value | |:--|:--| From f27544f56aa63c99d4929aa6ab3f7fe7a73e603f Mon Sep 17 00:00:00 2001 From: MrPetronas Date: Mon, 26 Aug 2024 09:52:56 +0300 Subject: [PATCH 4/7] Update configure.md Fixed typo for CSP user policy from HHKEY_LOCAL_MACHINE to HKEY_LOCAL_MACHINE --- .../identity-protection/hello-for-business/configure.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/configure.md b/windows/security/identity-protection/hello-for-business/configure.md index 008110433e..901fa618d2 100644 --- a/windows/security/identity-protection/hello-for-business/configure.md +++ b/windows/security/identity-protection/hello-for-business/configure.md @@ -106,7 +106,7 @@ Windows Hello for Business is enabled by default for devices that are Microsoft Configuration type| Details | |--|-| -| CSP (user)|**Key path**: `HHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Policies\PassportForWork\\UserSid\Policies`
**Key name**: `UsePassportForWork`
**Type**: `REG_DWORD`
**Value**:
 `1` to enable
 `0` to disable | +| CSP (user)|**Key path**: `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Policies\PassportForWork\\UserSid\Policies`
**Key name**: `UsePassportForWork`
**Type**: `REG_DWORD`
**Value**:
 `1` to enable
 `0` to disable | | CSP (device)|**Key path**: `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Policies\PassportForWork\\Device\Policies`
**Key name**: `UsePassportForWork`
**Type**: `REG_DWORD`
**Value**:
 `1` to enable
 `0` to disable | | GPO (user)|**Key path**: `HKEY_USERS\\SOFTWARE\Policies\Microsoft\PassportForWork`
**Key name**: `Enabled`
**Type**: `REG_DWORD`
**Value**:
 `1` to enable
 `0` to disable | | GPO (user)|**Key path**: `KEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork`
**Key name**: `Enabled`
**Type**: `REG_DWORD`
**Value**:
 `1` to enable
 `0` to disable | From bf3b081474c988b86d206f4b97b2424562859d3d Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Mon, 26 Aug 2024 08:45:25 -0700 Subject: [PATCH 5/7] Unification prep --- ...publishing.redirection.windows-deployment.json | 15 +++++++++++++++ windows/deployment/windows-autopatch/TOC.yml | 6 +++--- ... => windows-autopatch-feature-deactivation.md} | 0 ...md => windows-autopatch-feature-activation.md} | 0 ...topatch-changes-made-at-feature-activation.md} | 0 5 files changed, 18 insertions(+), 3 deletions(-) rename windows/deployment/windows-autopatch/manage/{windows-autopatch-unenroll-tenant.md => windows-autopatch-feature-deactivation.md} (100%) rename windows/deployment/windows-autopatch/prepare/{windows-autopatch-enroll-tenant.md => windows-autopatch-feature-activation.md} (100%) rename windows/deployment/windows-autopatch/references/{windows-autopatch-changes-to-tenant.md => windows-autopatch-changes-made-at-feature-activation.md} (100%) diff --git a/.openpublishing.redirection.windows-deployment.json b/.openpublishing.redirection.windows-deployment.json index b603a54613..b4041cd83e 100644 --- a/.openpublishing.redirection.windows-deployment.json +++ b/.openpublishing.redirection.windows-deployment.json @@ -1504,6 +1504,21 @@ "source_path": "windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md", "redirect_url": "/windows/deployment/windows-autopatch/manage/windows-autopatch-manage-autopatch-groups", "redirect_document_id": true + }, + { + "source_path": "windows/deployment/windows-autopatch/prepare/windows-autopatch-enroll-tenant.md", + "redirect_url": "/windows/deployment/windows-autopatch/prepare/windows-autopatch-feature-activation", + "redirect_document_id": true + }, + { + "source_path": "windows/deployment/windows-autopatch/manage/windows-autopatch-unenroll-tenant.md", + "redirect_url": "/windows/deployment/windows-autopatch/manage/windows-autopatch-feature-deactivation", + "redirect_document_id": false + }, + { + "source_path": "windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md", + "redirect_url": "/windows/deployment/windows-autopatch/references/windows-autopatch-changes-made-at-feature-activation", + "redirect_document_id": true } ] } diff --git a/windows/deployment/windows-autopatch/TOC.yml b/windows/deployment/windows-autopatch/TOC.yml index a678f8d182..69c792af96 100644 --- a/windows/deployment/windows-autopatch/TOC.yml +++ b/windows/deployment/windows-autopatch/TOC.yml @@ -22,7 +22,7 @@ - name: Configure your network href: prepare/windows-autopatch-configure-network.md - name: Enroll your tenant - href: prepare/windows-autopatch-enroll-tenant.md + href: prepare/windows-autopatch-feature-activation.md items: - name: Fix issues found by the Readiness assessment tool href: prepare/windows-autopatch-fix-issues.md @@ -79,7 +79,7 @@ - name: Exclude a device href: manage/windows-autopatch-exclude-device.md - name: Unenroll your tenant - href: manage/windows-autopatch-unenroll-tenant.md + href: manage/windows-autopatch-feature-deactivation.md - name: Monitor href: items: @@ -128,7 +128,7 @@ - name: Conflicting configurations href: references/windows-autopatch-conflicting-configurations.md - name: Changes made at tenant enrollment - href: references/windows-autopatch-changes-to-tenant.md + href: references/windows-autopatch-changes-made-at-feature-activation.md - name: What's new href: items: diff --git a/windows/deployment/windows-autopatch/manage/windows-autopatch-unenroll-tenant.md b/windows/deployment/windows-autopatch/manage/windows-autopatch-feature-deactivation.md similarity index 100% rename from windows/deployment/windows-autopatch/manage/windows-autopatch-unenroll-tenant.md rename to windows/deployment/windows-autopatch/manage/windows-autopatch-feature-deactivation.md diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-enroll-tenant.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-feature-activation.md similarity index 100% rename from windows/deployment/windows-autopatch/prepare/windows-autopatch-enroll-tenant.md rename to windows/deployment/windows-autopatch/prepare/windows-autopatch-feature-activation.md diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md b/windows/deployment/windows-autopatch/references/windows-autopatch-changes-made-at-feature-activation.md similarity index 100% rename from windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md rename to windows/deployment/windows-autopatch/references/windows-autopatch-changes-made-at-feature-activation.md From 2318bbf8dc840fde59fc871e97c5ad991a5508fc Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Mon, 26 Aug 2024 08:49:38 -0700 Subject: [PATCH 6/7] Acrolinx --- .../windows-autopatch-changes-made-at-feature-activation.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-changes-made-at-feature-activation.md b/windows/deployment/windows-autopatch/references/windows-autopatch-changes-made-at-feature-activation.md index 311771b8a5..c6c643dfec 100644 --- a/windows/deployment/windows-autopatch/references/windows-autopatch-changes-made-at-feature-activation.md +++ b/windows/deployment/windows-autopatch/references/windows-autopatch-changes-made-at-feature-activation.md @@ -34,7 +34,7 @@ Windows Autopatch creates an enterprise application in your tenant. This enterpr ## Microsoft Entra groups -Windows Autopatch will create the required Microsoft Entra groups to operate the service. +Windows Autopatch creates the required Microsoft Entra groups to operate the service. The following groups target Windows Autopatch configurations to devices and management of the service by our [first party enterprise applications](#windows-autopatch-enterprise-applications). @@ -54,7 +54,7 @@ The following groups target Windows Autopatch configurations to devices and mana ## Device configuration policies -- Windows Autopatch - Set MDM to Win Over GPO +- Windows Autopatch - Set MDM to Win Over GPO (Group Policy Objects) - Windows Autopatch - Data Collection | Policy name | Policy description | Properties | Value | From 3caf19d37dd29ca669c67ddca63d03b8b99ace99 Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Mon, 26 Aug 2024 11:36:39 -0600 Subject: [PATCH 7/7] Update policy-csp-applicationdefaults.md --- .../client-management/mdm/policy-csp-applicationdefaults.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md index 27ed3e74a1..72d0c01014 100644 --- a/windows/client-management/mdm/policy-csp-applicationdefaults.md +++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md @@ -31,8 +31,9 @@ ms.date: 01/18/2024 This policy allows an administrator to set default file type and protocol associations. When set, default associations will be applied on sign-in to the PC. The association file can be created using the DISM tool (dism /online /export-defaultappassociations:appassoc.xml). The file can be further edited by adding attributes to control how often associations are applied by the policy. The file then needs to be base64 encoded before being added to SyncML. If policy is enabled and the client machine is Microsoft Entra joined, the associations assigned in SyncML will be processed and default associations will be applied. + > [!NOTE] -> Regarding the default app associations feature, MDM policies take precedence over group policies. +> For this policy, MDM policy take precedence over group policies even when [MDMWinsOverGP](policy-csp-controlpolicyconflict.md#mdmwinsovergp) policy is not set. @@ -40,8 +41,7 @@ This policy allows an administrator to set default file type and protocol associ -** -Description framework properties**: +**Description framework properties**: | Property name | Property value | |:--|:--|