diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json
index 08c19e447c..c04926735a 100644
--- a/.openpublishing.publish.config.json
+++ b/.openpublishing.publish.config.json
@@ -129,22 +129,6 @@
"build_entry_point": "docs",
"template_folder": "_themes"
},
- {
- "docset_name": "win-access-protection",
- "build_source_folder": "windows/access-protection",
- "build_output_subfolder": "win-access-protection",
- "locale": "en-us",
- "monikers": [],
- "moniker_ranges": [],
- "open_to_public_contributors": true,
- "type_mapping": {
- "Conceptual": "Content",
- "ManagedReference": "Content",
- "RestApi": "Content"
- },
- "build_entry_point": "docs",
- "template_folder": "_themes"
- },
{
"docset_name": "win-app-management",
"build_source_folder": "windows/application-management",
@@ -225,38 +209,6 @@
"build_entry_point": "docs",
"template_folder": "_themes"
},
- {
- "docset_name": "windows-configure",
- "build_source_folder": "windows/configure",
- "build_output_subfolder": "windows-configure",
- "locale": "en-us",
- "monikers": [],
- "moniker_ranges": [],
- "open_to_public_contributors": false,
- "type_mapping": {
- "Conceptual": "Content",
- "ManagedReference": "Content",
- "RestApi": "Content"
- },
- "build_entry_point": "docs",
- "template_folder": "_themes"
- },
- {
- "docset_name": "windows-deploy",
- "build_source_folder": "windows/deploy",
- "build_output_subfolder": "windows-deploy",
- "locale": "en-us",
- "monikers": [],
- "moniker_ranges": [],
- "open_to_public_contributors": true,
- "type_mapping": {
- "Conceptual": "Content",
- "ManagedReference": "Content",
- "RestApi": "Content"
- },
- "build_entry_point": "docs",
- "template_folder": "_themes"
- },
{
"docset_name": "windows-hub",
"build_source_folder": "windows/hub",
diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index 6ba49fc316..9a87d541b5 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -2577,12 +2577,12 @@
},
{
"source_path": "windows/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md",
- "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection",
+ "redirect_url": "/microsoft-365/security/defender-endpoint/manage-indicators",
"redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md",
- "redirect_url": "/microsoft-365/security/defender-endpoint/use-custom-ti",
+ "redirect_url": "/microsoft-365/security/defender-endpoint/manage-indicators",
"redirect_document_id": false
},
{
@@ -13342,7 +13342,7 @@
},
{
"source_path": "windows/keep-secure/use-custom-ti-windows-defender-advanced-threat-protection.md",
- "redirect_url": "/windows/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection",
+ "redirect_url": "/microsoft-365/security/defender-endpoint/manage-indicators",
"redirect_document_id": false
},
{
@@ -19448,7 +19448,7 @@
{
"source_path": "windows/security/threat-protection/intelligence/supply-chain-malware.md",
"redirect_url": "/microsoft-365/security/intelligence/supply-chain-malware",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/intelligence/support-scams.md",
@@ -19496,24 +19496,69 @@
"redirect_document_id": false
},
{
- "source_path": "windows/education/itadmins.yml",
- "redirect_url": "/education/",
- "redirect_document_id": true
+ "source_path": "education/itadmins.yml",
+ "redirect_url": "/education",
+ "redirect_document_id": false
},
{
- "source_path": "windows/education/partners.yml",
- "redirect_url": "/education/",
- "redirect_document_id": true
+ "source_path": "education/partners.yml",
+ "redirect_url": "/education",
+ "redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/security-compliance-toolkit-10.md",
"redirect_url": "/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10",
"redirect_document_id": false
},
+ {
+ "source_path": "windows-docs-pr/windows/client-management/mdm/remotering-csp.md",
+ "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/remotering-ddf-file.md",
+ "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
+ "redirect_document_id": false
+ },
{
- "source_path": "windows/education/developers.yml",
- "redirect_url": "/education/",
- "redirect_document_id": true
- }
+ "source_path": "education/developers.yml",
+ "redirect_url": "/education",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/enterpriseappmanagement-csp.md",
+ "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/messaging-ddf.md",
+ "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/messaging-csp.md",
+ "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/policymanager-csp.md",
+ "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/proxy-csp.md",
+ "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/img-boot-sequence.md",
+ "redirect_url": "/windows/client-management/advanced-troubleshooting-boot-problems#boot-sequence",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/deployment/deploy-windows-mdt/deploy-a-windows-11-image-using-mdt.md",
+ "redirect_url": "/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt",
+ "redirect_document_id": false
+ }
]
-}
\ No newline at end of file
+}
diff --git a/CODEOWNERS b/CODEOWNERS
index 7fc05fbd5b..46c2195cd6 100644
--- a/CODEOWNERS
+++ b/CODEOWNERS
@@ -3,3 +3,5 @@ docfx.json @microsoftdocs/officedocs-admin
.openpublishing.publish.config.json @microsoftdocs/officedocs-admin
CODEOWNERS @microsoftdocs/officedocs-admin
.acrolinx-config.edn @microsoftdocs/officedocs-admin
+
+/windows/privacy/ @DHB-MSFT
\ No newline at end of file
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index ef3a69ff52..3bf0503686 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -2,104 +2,84 @@
Thank you for your interest in the Windows IT professional documentation! We appreciate your feedback, edits, and additions to our docs.
This page covers the basic steps for editing our technical documentation.
+For a more up-to-date and complete contribution guide, see the main [Microsoft Docs contributor guide overview](https://docs.microsoft.com/contribute/).
## Sign a CLA
-All contributors who are ***not*** a Microsoft employee must [sign a Microsoft Contribution Licensing Agreement (CLA)](https://cla.microsoft.com/) before editing any Microsoft repositories.
-If you've already edited within Microsoft repositories in the past, congratulations!
+All contributors who are ***not*** a Microsoft employee or vendor must [sign a Microsoft Contributor License Agreement (CLA)](https://cla.microsoft.com/) before editing any Microsoft repositories.
+If you've already edited within Microsoft repositories in the past, congratulations!
You've already completed this step.
## Editing topics
We've tried to make editing an existing, public file as simple as possible.
->**Note**
->At this time, only the English (en-us) content is available for editing.
+> **Note**
+> At this time, only the English (en-us) content is available for editing. If you have suggestions for edits to localized content, file feedback on the article.
-**To edit a topic**
+### To edit a topic
-1. Go to the page on docs.microsoft.com that you want to update, and then click **Edit**.
+1. Go to the page on [docs.microsoft.com](https://docs.microsoft.com/) that you want to update.
- 
+ > **Note**
+ > If you're a Microsoft employee or vendor, before you edit the article, append `review.` to the beginning of the URL. This action lets you use the private repository, **windows-docs-pr**. For more information, see the [internal contributor guide](https://review.docs.microsoft.com/help/get-started/edit-article-in-github?branch=main).
-2. Log into (or sign up for) a GitHub account.
-
- You must have a GitHub account to get to the page that lets you edit a topic.
+1. Then select the **Pencil** icon.
-3. Click the **Pencil** icon (in the red box) to edit the content.
+ 
- 
+ If the pencil icon isn't present, the content might not be open to public contributions. Some pages are generated (for example, from inline documentation in code) and must be edited in the project they belong to. This isn't always the case and you might be able to find the documentation by searching the [Microsoft Docs Organization on GitHub](https://github.com/MicrosoftDocs).
-4. Using Markdown language, make your changes to the topic. For info about how to edit content using Markdown, see:
- - **If you're linked to the Microsoft organization in GitHub:** [Windows authoring guide](https://aka.ms/WindowsAuthoring)
-
- - **If you're external to Microsoft:** [Mastering Markdown](https://guides.github.com/features/mastering-markdown/)
+ > **TIP**
+ > View the page source in your browser, and look for the following metadata: `original_content_git_url`. This path always points to the source markdown file for the article.
-5. Make your suggested change, and then click **Preview Changes** to make sure it looks correct.
+1. In GitHub, select the **Pencil** icon to edit the article. If the pencil icon is grayed out, you need to either sign in to your GitHub account or create a new account.
- 
+ 
-6. When you’re done editing the topic, scroll to the bottom of the page, and then click **Propose file change** to create a fork in your personal GitHub account.
+1. Using Markdown language, make your changes to the file. For info about how to edit content using Markdown, see the [Microsoft Docs Markdown reference](https://docs.microsoft.com/contribute/markdown-reference) and GitHub's [Mastering Markdown](https://guides.github.com/features/mastering-markdown/) documentation.
- 
+1. Make your suggested change, and then select **Preview changes** to make sure it looks correct.
- The **Comparing changes** screen appears to see what the changes are between your fork and the original content.
+ 
-7. On the **Comparing changes** screen, you’ll see if there are any problems with the file you’re checking in.
+1. When you're finished editing, scroll to the bottom of the page. In the **Propose changes** area, enter a title and optionally a description for your changes. The title will be the first line of the commit message. Briefly state _what_ you changed. Select **Propose changes** to commit your changes:
+
+ 
+
+1. The **Comparing changes** screen appears to show what the changes are between your fork and the original content. On the **Comparing changes** screen, you'll see if there are any problems with the file you're checking. If there are no problems, you'll see the message **Able to merge**.
- If there are no problems, you’ll see the message, **Able to merge**.
-
-8. Click **Create pull request**.
+ Select **Create pull request**. Next, enter a title and description to give the approver the appropriate context about _why_ you're suggesting this change. Make sure that only your changed files are in this pull request; otherwise, you could overwrite changes from other people.
-9. Enter a title and description to give the approver the appropriate context about what’s in the request.
+1. Select **Create pull request** again to actually submit the pull request.
-10. Scroll to the bottom of the page, making sure that only your changed files are in this pull request. Otherwise, you could overwrite changes from other people.
+ The pull request is sent to the writer of the topic and your edits are reviewed. If your request is accepted, updates are published to their respective article. This repository contains articles on some of the following topics:
-11. Click **Create pull request** again to actually submit the pull request.
-
- The pull request is sent to the writer of the topic and your edits are reviewed. If your request is accepted, updates are published to one of the following places:
-
- - [Windows 10](https://docs.microsoft.com/windows/windows-10)
-
- - [Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy)
-
- - [Surface](https://docs.microsoft.com/surface)
-
- - [Surface Hub](https://docs.microsoft.com/surface-hub)
-
- - [HoloLens](https://docs.microsoft.com/hololens)
-
+ - [Windows client documentation for IT Pros](https://docs.microsoft.com/windows/resources/)
- [Microsoft Store](https://docs.microsoft.com/microsoft-store)
-
- [Windows 10 for Education](https://docs.microsoft.com/education/windows)
-
- [Windows 10 for SMB](https://docs.microsoft.com/windows/smb)
-
- - [Internet Explorer 11](https://docs.microsoft.com/internet-explorer)
-
- - [Microsoft Desktop Optimization Pack](https://docs.microsoft.com/microsoft-desktop-optimization-pack)
-
+ - [Internet Explorer 11](https://docs.microsoft.com/internet-explorer/)
## Making more substantial changes
-To make substantial changes to an existing article, add or change images, or contribute a new article, you will need to create a local clone of the content.
-For info about creating a fork or clone, see the GitHub help topic, [Fork a Repo](https://help.github.com/articles/fork-a-repo/).
+To make substantial changes to an existing article, add or change images, or contribute a new article, you'll need to create a local clone of the content.
+For info about creating a fork or clone, see [Set up a local Git repository](https://docs.microsoft.com/contribute/get-started-setup-local). The GitHub docs topic, [Fork a Repo](https://docs.github.com/articles/fork-a-repo), is also insightful.
-Fork the official repo into your personal GitHub account, and then clone the fork down to your local device. Work locally, then push your changes back into your fork. Then open a pull request back to the master branch of the official repo.
+Fork the official repo into your personal GitHub account, and then clone the fork down to your local device. Work locally, then push your changes back into your fork. Finally, open a pull request back to the main branch of the official repo.
## Using issues to provide feedback on documentation
If you just want to provide feedback rather than directly modifying actual documentation pages, you can create an issue in the repository.
-At the top of a topic page you'll see an **Issues** tab. Click the tab and then click the **New issue** button.
+At the top of an article, you'll see a feedback icon. Select the icon to go to the **Feedback** section at the bottom of the article. Then select **This page** to file feedback for the current article.
-Be sure to include the topic title and the URL for the page you're submitting the issue for, if that page is different from the page you launched the **New issue** dialog from.
+In the new issue form, enter a brief title. In the body of the form, describe the concern, but don't modify the **Document Details** section. You can use markdown in this form. When you're ready, select **Submit new issue**.
## Resources
-You can use your favorite text editor to edit Markdown. We recommend [Visual Studio Code](https://code.visualstudio.com/), a free lightweight open source editor from Microsoft.
-
-You can learn the basics of Markdown in just a few minutes. To get started, check out [Mastering Markdown](https://guides.github.com/features/mastering-markdown/).
-
+- You can use your favorite text editor to edit Markdown files. We recommend [Visual Studio Code](https://code.visualstudio.com/), a free lightweight open source editor from Microsoft.
+- You can learn the basics of Markdown in just a few minutes. To get started, check out [Mastering Markdown](https://guides.github.com/features/mastering-markdown/).
+- Microsoft Docs uses several custom Markdown extensions. To learn more, see the [Microsoft Docs Markdown reference](https://docs.microsoft.com/contribute/markdown-reference).
diff --git a/ContentOwners.txt b/ContentOwners.txt
new file mode 100644
index 0000000000..23bca2c5c7
--- /dev/null
+++ b/ContentOwners.txt
@@ -0,0 +1,2 @@
+/windows/ @aczechowski
+/windows/privacy/ @DHB-MSFT
diff --git a/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md b/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md
index 10d59733dd..91c262c502 100644
--- a/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md
+++ b/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md
@@ -138,7 +138,7 @@ Before you can start to collect your data, you must run the provided PowerShell
-OR-
- Collect your hardware inventory using the MOF Editor with a .MOF import file.
-OR-
-- Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only)
+- Collect your hardware inventory using the SMS\DEF.MOF file (Configuration Manager 2007 only)
### WMI only: Running the PowerShell script to compile the .MOF file and to update security privileges
You need to set up your computers for data collection by running the provided PowerShell script (IETelemetrySetUp.ps1) to compile the .mof file and to update security privileges for the new WMI classes.
@@ -235,7 +235,7 @@ After you’ve collected your data, you’ll need to get the local files off of
-OR-
- Collect your hardware inventory using the MOF Editor with a .MOF import file.
-OR-
-- Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only)
+- Collect your hardware inventory using the SMS\DEF.MOF file (Configuration Manager 2007 only)
### Collect your hardware inventory using the MOF Editor while connected to a client device
You can collect your hardware inventory using the MOF Editor, while you’re connected to your client devices.
@@ -277,8 +277,8 @@ You can collect your hardware inventory using the MOF Editor and a .MOF import f
4. Click **OK** to close the default windows.
Your environment is now ready to collect your hardware inventory and review the sample reports.
-### Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only)
-You can collect your hardware inventory using the using the Systems Management Server (SMS\DEF.MOF) file. Editing this file lets you collect your data for System Center Configuration Manager 2007. If you aren’t using this version of Configuration Manager, you won’t want to use this option.
+### Collect your hardware inventory using the SMS\DEF.MOF file (Configuration Manager 2007 only)
+You can collect your hardware inventory using the using the Systems Management Server (SMS\DEF.MOF) file. Editing this file lets you collect your data for Configuration Manager 2007. If you aren’t using this version of Configuration Manager, you won’t want to use this option.
**To collect your inventory**
@@ -352,14 +352,14 @@ You can collect your hardware inventory using the using the Systems Management S
Your environment is now ready to collect your hardware inventory and review the sample reports.
## View the sample reports with your collected data
-The sample reports, **SCCM Report Sample – ActiveX.rdl** and **SCCM Report Sample – Site Discovery.rdl**, work with System Center 2012, so you can review your collected data.
+The sample reports, **Configuration Manager Report Sample – ActiveX.rdl** and **Configuration Manager Report Sample – Site Discovery.rdl**, work with System Center 2012, so you can review your collected data.
-### SCCM Report Sample – ActiveX.rdl
+### Configuration Manager Report Sample – ActiveX.rdl
Gives you a list of all of the ActiveX-related sites visited by the client computer.
-### SCCM Report Sample – Site Discovery.rdl
+### Configuration Manager Report Sample – Site Discovery.rdl
Gives you a list of all of the sites visited by the client computer.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md
index 187e1eade3..0175cb7bbe 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md
@@ -29,7 +29,7 @@ Before you install Internet Explorer 11, you should:
- **Choose how you'll deploy your installation package.** Your deployment method should be based on whether you're installing to computers already running Windows, or if you're deploying IE11 as part of a Windows installation.
- - **Existing computers running Windows.** Use System Center R2 2012 System Center 2012 R2 Configuration Manager, System Center Essentials 2010, Windows Server Updates Services (WSUS), or Microsoft Intune to deploy IE11. For more information about how to use these systems, see [System Center 2012 R2 Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682129(v=technet.10)), [System Center Essentials 2010](https://go.microsoft.com/fwlink/p/?LinkId=395200), [Windows Server Update Services](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh852345(v=ws.11)), and [Microsoft Intune Overview](https://www.microsoft.com/cloud-platform/microsoft-intune).
+ - **Existing computers running Windows.** Use Configuration Manager, System Center Essentials 2010, Windows Server Updates Services (WSUS), or Microsoft Intune to deploy IE11. For more information about how to use these systems, see [Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682129(v=technet.10)), [System Center Essentials 2010](https://go.microsoft.com/fwlink/p/?LinkId=395200), [Windows Server Update Services](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh852345(v=ws.11)), and [Microsoft Intune Overview](https://www.microsoft.com/cloud-platform/microsoft-intune).
- **As part of a Windows deployment.** Update your Windows images to include IE11, and then add the update to your MDT deployment share or to your Windows image. For instructions about how to create and use Windows images, see [Create and Manage a Windows Image Using DISM](/previous-versions/windows/it-pro/windows-8.1-and-8/hh825251(v=win.10)). For general information about deploying IE, see [Microsoft Deployment Toolkit (MDT)](/mem/configmgr/mdt/), [Windows ADK Overview](/previous-versions/windows/it-pro/windows-8.1-and-8/hh825486(v=win.10)).
diff --git a/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md b/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md
index 8cef068687..24265e0261 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md
@@ -142,7 +142,7 @@ Before you can start to collect your data, you must run the provided PowerShell
-OR-
- Collect your hardware inventory using the MOF Editor with a .MOF import file.
-OR-
-- Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only)
+- Collect your hardware inventory using the SMS\DEF.MOF file (Configuration Manager 2007 only)
### WMI only: Running the PowerShell script to compile the .MOF file and to update security privileges
You need to set up your computers for data collection by running the provided PowerShell script (IETelemetrySetUp.ps1) to compile the .mof file and to update security privileges for the new WMI classes.
@@ -239,7 +239,7 @@ After you’ve collected your data, you’ll need to get the local files off of
-OR-
- Collect your hardware inventory using the MOF Editor with a .MOF import file.
-OR-
-- Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only)
+- Collect your hardware inventory using the SMS\DEF.MOF file (Configuration Manager 2007 only)
### Collect your hardware inventory using the MOF Editor while connected to a client device
You can collect your hardware inventory using the MOF Editor, while you’re connected to your client devices.
@@ -281,8 +281,8 @@ You can collect your hardware inventory using the MOF Editor and a .MOF import f
4. Click **OK** to close the default windows.
Your environment is now ready to collect your hardware inventory and review the sample reports.
-### Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only)
-You can collect your hardware inventory using the using the Systems Management Server (SMS\DEF.MOF) file. Editing this file lets you collect your data for System Center Configuration Manager 2007. If you aren’t using this version of Configuration Manager, you won’t want to use this option.
+### Collect your hardware inventory using the SMS\DEF.MOF file (Configuration Manager 2007 only)
+You can collect your hardware inventory using the using the Systems Management Server (SMS\DEF.MOF) file. Editing this file lets you collect your data for Configuration Manager 2007. If you aren’t using this version of Configuration Manager, you won’t want to use this option.
**To collect your inventory**
@@ -356,14 +356,14 @@ You can collect your hardware inventory using the using the Systems Management S
Your environment is now ready to collect your hardware inventory and review the sample reports.
## View the sample reports with your collected data
-The sample reports, **SCCM Report Sample – ActiveX.rdl** and **SCCM Report Sample – Site Discovery.rdl**, work with System Center 2012, so you can review your collected data.
+The sample reports, **Configuration Manager Report Sample – ActiveX.rdl** and **Configuration Manager Report Sample – Site Discovery.rdl**, work with System Center 2012, so you can review your collected data.
-### SCCM Report Sample – ActiveX.rdl
+### Configuration Manager Report Sample – ActiveX.rdl
Gives you a list of all of the ActiveX-related sites visited by the client computer.
-### SCCM Report Sample – Site Discovery.rdl
+### Configuration Manager Report Sample – Site Discovery.rdl
Gives you a list of all of the sites visited by the client computer.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md b/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md
index 9e65453694..7eaac18e22 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md
@@ -21,7 +21,7 @@ ms.date: 07/27/2017
If you already manage software distribution and updates on your network through software distribution tools, you can also use these tools for ongoing deployments of Internet Explorer. Software distribution tools include:
-- **System Center R2 2012 System Center 2012 R2 Configuration Manager.** Deploy and install Internet Explorer 11 on your user's computers through a software distribution package. For more information about using this tool, see [System Center R2 2012 Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682129(v=technet.10)).
+- **Configuration Manager** Deploy and install Internet Explorer 11 on your user's computers through a software distribution package. For more information about using this tool, see [Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682129(v=technet.10)).
- **Windows Server Update Services (WSUS).** Download a single copy of the IE11 updates, caching them to local servers so your users' computers can receive the updates directly from the WSUS servers, instead of through Windows Update. For more information about using this tool, see [Windows Server Update Services](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh852345(v=ws.11)).
diff --git a/browsers/internet-explorer/ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md b/browsers/internet-explorer/ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md
index 897b27ceed..6290d3a462 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md
@@ -23,11 +23,11 @@ ms.date: 07/27/2017
**Applies to:**
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
+- Windows 10
+- Windows 8.1
+- Windows 7
+- Windows Server 2012 R2
+- Windows Server 2008 R2 with Service Pack 1 (SP1)
You can turn on local control of Enterprise Mode so that your users can turn Enterprise Mode on from the **Tools** menu. Turning on this feature also adds the **Enterprise** browser profile to the **Emulation** tab of the F12 developer tools.
@@ -53,16 +53,13 @@ Besides turning on this feature, you also have the option to provide a URL for E
Your **Value data** location can be any of the following types:
-- **URL location (like, https://www.emieposturl.com/api/records or https://localhost:13000)**. IE sends a POST message to the URL every time a change is made to Enterprise Mode from the **Tools** menu.
**Important**
- The `https://www.emieposturl.com/api/records` example will only work if you’ve downloaded the sample discussed in the [Set up Enterprise Mode logging and data collection](set-up-enterprise-mode-logging-and-data-collection.md) topic. If you don’t have the sample, you won’t have the web API.
-- **Local network location (like, https://emieposturl/)**. IE sends a POST message to your specified local network location every time a change is made to Enterprise Mode from the **Tools** menu.
-- **Empty string**. If you leave the **Value data** box blank; your employees will be able to turn Enterprise Mode on and off from the **Tools** menu, but you won’t collect any logging data.
+- **URL location**, for example: `https://www.emieposturl.com/api/records` or `https://localhost:13000`. IE sends a POST message to the URL every time a change is made to Enterprise Mode from the **Tools** menu.
+
+ > [!Important]
+ > The `https://www.emieposturl.com/api/records` example will only work if you've downloaded the sample discussed in the [Set up Enterprise Mode logging and data collection](set-up-enterprise-mode-logging-and-data-collection.md) article. If you don't have the sample, you won't have the web API.
+
+- **Local network location**, for example: `https://emieposturl/`. IE sends a POST message to your specified local network location every time a change is made to Enterprise Mode from the **Tools** menu.
+
+- **Empty string**. If you leave the **Value data** box blank; your employees will be able to turn Enterprise Mode on and off from the **Tools** menu, but you won't collect any logging data.
For information about how to collect the data provided when your employees turn Enterprise Mode on or off from the **Tools** menu, see [Set up Enterprise Mode logging and data collection](set-up-enterprise-mode-logging-and-data-collection.md).
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/what-is-the-internet-explorer-11-blocker-toolkit.md b/browsers/internet-explorer/ie11-deploy-guide/what-is-the-internet-explorer-11-blocker-toolkit.md
index 3ec3c7c763..13e84a6792 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/what-is-the-internet-explorer-11-blocker-toolkit.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/what-is-the-internet-explorer-11-blocker-toolkit.md
@@ -75,7 +75,7 @@ If you use Automatic Updates in your company, but want to stop your users from a
> [!NOTE]
>The toolkit won't stop users with local administrator accounts from manually installing Internet Explorer 11. Using this toolkit also prevents your users from receiving automatic upgrades from Internet Explorer 8, Internet Explorer 9, or Internet Explorer 10 to Internet Explorer 11. For more information, see the [Internet Explorer 11 Blocker Toolkit frequently asked questions](../ie11-faq/faq-for-it-pros-ie11.yml).
-- **Use an update management solution to control update deployment.** If you already use an update management solution, like [Windows Server Update Services (WSUS)](/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus) or the more advanced [System Center 2012 Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682129(v=technet.10)), you should use that instead of the Internet Explorer Blocker Toolkit.
+- **Use an update management solution to control update deployment.** If you already use an update management solution, like [Windows Server Update Services (WSUS)](/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus) or the more advanced [Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682129(v=technet.10)), you should use that instead of the Internet Explorer Blocker Toolkit.
> [!NOTE]
> If you use WSUS to manage updates, and Update Rollups are configured for automatic installation, Internet Explorer will automatically install throughout your company.
diff --git a/browsers/internet-explorer/ie11-faq/faq-ie11-blocker-toolkit.yml b/browsers/internet-explorer/ie11-faq/faq-ie11-blocker-toolkit.yml
index 178595abf4..618ec339b5 100644
--- a/browsers/internet-explorer/ie11-faq/faq-ie11-blocker-toolkit.yml
+++ b/browsers/internet-explorer/ie11-faq/faq-ie11-blocker-toolkit.yml
@@ -22,7 +22,7 @@ summary: |
Get answers to commonly asked questions about the Internet Explorer 11 Blocker Toolkit.
> [!Important]
- > If you administer your company’s environment using an update management solution, such as Windows Server Update Services (WSUS) or System Center 2012 Configuration Manager, you don’t need to use the Internet Explorer 11 Blocker Toolkit. Update management solutions let you completely manage your Windows Updates and Microsoft Updates, including your Internet Explorer 11 deployment.
+ > If you administer your company’s environment using an update management solution, such as Windows Server Update Services (WSUS) or Configuration Manager, you don’t need to use the Internet Explorer 11 Blocker Toolkit. Update management solutions let you completely manage your Windows Updates and Microsoft Updates, including your Internet Explorer 11 deployment.
- [Automatic updates delivery process](/internet-explorer/ie11-faq/faq-ie11-blocker-toolkit#automatic-updates-delivery-process)
@@ -47,7 +47,7 @@ sections:
- question: |
Whtools cI use to manage Windows Updates and Microsoft Updates in my company?
answer: |
- We encourage anyone who wants full control over their company’s deployment of Windows Updates and Microsoft Updates, to use [Windows Server Update Services (WSUS)](/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus), a free tool for users of Windows Server. You calso use the more advanced configuration management tool, [System Center 2012 Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682041(v=technet.10)).
+ We encourage anyone who wants full control over their company’s deployment of Windows Updates and Microsoft Updates, to use [Windows Server Update Services (WSUS)](/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus), a free tool for users of Windows Server. You calso use the more advanced configuration management tool, [Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682041(v=technet.10)).
- question: |
How long does the blocker mechanism work?
diff --git a/browsers/internet-explorer/includes/microsoft-365-ie-end-of-support.md b/browsers/internet-explorer/includes/microsoft-365-ie-end-of-support.md
index c92fd17fd3..bb2983bca4 100644
--- a/browsers/internet-explorer/includes/microsoft-365-ie-end-of-support.md
+++ b/browsers/internet-explorer/includes/microsoft-365-ie-end-of-support.md
@@ -1,13 +1,17 @@
---
-author: pamgreen-msft
-ms.author: pamgreen
-ms.date: 10/02/2018
+author: dansimp
+ms.author: dansimp
+ms.date:
ms.reviewer:
audience: itpro
-manager: pamgreen
+manager: dansimp
ms.prod: ie11
ms.topic: include
---
> [!IMPORTANT]
-> The Internet Explorer 11 desktop application will be retired and go out of support on June 15, 2022. For a list of what’s in scope, see [the FAQ](https://aka.ms/IEModeFAQ). The same IE11 apps and sites you use today can open in Microsoft Edge with Internet Explorer mode. [Learn more here](https://blogs.windows.com/msedgedev/).
\ No newline at end of file
+> The Internet Explorer 11 desktop application is [retired and out of support](https://aka.ms/IEJune15Blog) as of June 15, 2022 for certain versions of Windows 10.
+>
+> You can still access older, legacy sites that require Internet Explorer with Internet Explorer mode in Microsoft Edge. [Learn how](https://aka.ms/IEmodewebsite).
+>
+> The Internet Explorer 11 desktop application will progressively redirect to the faster, more secure Microsoft Edge browser, and will ultimately be disabled via Windows Update. [Disable IE today](/deployedge/edge-ie-disable-ie11).
diff --git a/browsers/internet-explorer/internet-explorer.yml b/browsers/internet-explorer/internet-explorer.yml
index 27e231694f..17fad3f1dd 100644
--- a/browsers/internet-explorer/internet-explorer.yml
+++ b/browsers/internet-explorer/internet-explorer.yml
@@ -34,8 +34,6 @@ landingContent:
url: /lifecycle/faq/internet-explorer-microsoft-edge
- linkListType: download
links:
- - text: Download IE11 with Windows 10
- url: https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise
- text: Enterprise Mode Site List Manager (schema, v.2)
url: https://www.microsoft.com/download/details.aspx?id=49974
- text: Cumulative security updates for Internet Explorer 11
diff --git a/education/docfx.json b/education/docfx.json
index 04a27cb629..38f8413d5f 100644
--- a/education/docfx.json
+++ b/education/docfx.json
@@ -32,7 +32,6 @@
"ms.topic": "article",
"ms.technology": "windows",
"manager": "dansimp",
- "audience": "ITPro",
"breadcrumb_path": "/education/breadcrumb/toc.json",
"ms.date": "05/09/2017",
"feedback_system": "None",
@@ -51,6 +50,9 @@
"Kellylorenebaker",
"jborsecnik",
"tiburd",
+ "AngelaMotherofDragons",
+ "dstrome",
+ "v-dihans",
"garycentric"
]
},
diff --git a/education/windows/change-history-edu.md b/education/windows/change-history-edu.md
index 9a828c6755..68e0429bb0 100644
--- a/education/windows/change-history-edu.md
+++ b/education/windows/change-history-edu.md
@@ -135,7 +135,7 @@ The topics in this library have been updated for Windows 10, version 1607 (also
| New or changed topic | Description|
| --- | --- |
| [Windows 10 editions for education customers](windows-editions-for-education-customers.md) | New. Learn about the two editions in Windows 10, version 1607 that's designed for the needs of K-12 institutions. |
-|[Deploy Windows 10 in a school district](deploy-windows-10-in-a-school-district.md)|New. Learn how to deploy Windows 10 in a school district. Integrate the school environment with Office 365, AD DS, and Microsoft Azure AD, use SCCM, Intune, and Group Policy to manage devices. |
+|[Deploy Windows 10 in a school district](deploy-windows-10-in-a-school-district.md)|New. Learn how to deploy Windows 10 in a school district. Integrate the school environment with Office 365, AD DS, and Microsoft Azure AD, use Configuration Manager, Intune, and Group Policy to manage devices. |
## June 2016
diff --git a/education/windows/change-to-pro-education.md b/education/windows/change-to-pro-education.md
index 9d165c8892..d1ed1e7192 100644
--- a/education/windows/change-to-pro-education.md
+++ b/education/windows/change-to-pro-education.md
@@ -28,7 +28,7 @@ To take advantage of this offering, make sure you meet the [requirements for cha
## Requirements for changing
Before you change to Windows 10 Pro Education, make sure you meet these requirements:
- Devices must be running Windows 10 Pro, version 1607 or higher.
-- Devices must be Azure Active Directory joined, or domain joined with Azure AD Connect. Customers who are federated with Azure AD are also eligible. For more information, see [Review requirements on devices](#review-requirements-on-devices).
+- Devices must be Azure Active Directory-joined, or domain joined with Azure AD Connect. Customers who are federated with Azure AD are also eligible. For more information, see [Review requirements on devices](#review-requirements-on-devices).
If you haven't domain joined your devices already, [prepare for deployment of Windows 10 Pro Education licenses](#preparing-for-deployment-of-windows-10-pro-education-licenses).
@@ -47,7 +47,7 @@ For schools that want to standardize all their Windows 10 Pro devices to Windows
In this scenario:
-- The IT admin of the tenant chooses to turn on the change for all Azure AD joined devices.
+- The IT admin of the tenant chooses to turn on the change for all Azure AD-joined devices.
- Any device that joins the Azure AD will change automatically to Windows 10 Pro Education.
- The IT admin has the option to automatically roll back to Windows 10 Pro, if desired. See [Roll back Windows 10 Pro Education to Windows 10 Pro](#roll-back-windows-10-pro-education-to-windows-10-pro).
@@ -92,7 +92,7 @@ You can use Windows Configuration Designer to create a provisioning package that
3. In the **Enter a product key** window, enter the MAK key for Windows 10 Pro Education and click **Next**.
-## Education customers with Azure AD joined devices
+## Education customers with Azure AD-joined devices
Academic institutions can easily move from Windows 10 Pro to Windows 10 Pro Education without using activation keys or reboots. When one of your users enters their Azure AD credentials associated with a Windows 10 Pro Education license, the operating system changes to Windows 10 Pro Education and all the appropriate Windows 10 Pro Education features are unlocked. Previously, only schools or organizations purchasing devices as part of the Shape the Future K-12 program or with a Microsoft Volume Licensing Agreement could deploy Windows 10 Pro Education to their users. Now, if you have an Azure AD for your organization, you can take advantage of the Windows 10 Pro Education features.
@@ -145,7 +145,7 @@ Enabling the automatic change also triggers an email message notifying all globa
So what will users experience? How will they change their devices?
-### For existing Azure AD joined devices
+### For existing Azure AD-joined devices
Existing Azure AD domain joined devices will be changed to Windows 10 Pro Education the next time the user logs in. That's it! No other steps are needed.
### For new devices that are not Azure AD joined
@@ -251,7 +251,7 @@ Devices must be running Windows 10 Pro, version 1607 or higher, or domain joined
dsregcmd /status
```
-2. Review the output under Device State. If the **AzureAdJoined** status is YES, the device is Azure Active Directory joined.
+2. Review the output under Device State. If the **AzureAdJoined** status is YES, the device is Azure Active Directory-joined.
**To determine the version of Windows 10**
diff --git a/education/windows/chromebook-migration-guide.md b/education/windows/chromebook-migration-guide.md
index 37e9cba645..6ecad551d4 100644
--- a/education/windows/chromebook-migration-guide.md
+++ b/education/windows/chromebook-migration-guide.md
@@ -485,7 +485,7 @@ Table 9. Management systems and deployment resources
|--- |--- |
|Windows provisioning packages|
[Build and apply a provisioning package](/windows/configuration/provisioning-packages/provisioning-create-package)
[Windows Imaging and Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd)
[Step-By-Step: Building Windows 10 Provisioning Packages](/archive/blogs/canitpro/step-by-step-building-windows-10-provisioning-packages)|
|Group Policy|
[Core Network Companion Guide: Group Policy Deployment](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj899807(v=ws.11))
[Deploying Group Policy](/previous-versions/windows/it-pro/windows-server-2003/cc737330(v=ws.10))"|
-|Configuration Manager|
[Site Administration for System Center 2012 Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg681983(v=technet.10))
[Deploying Clients for System Center 2012 Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg699391(v=technet.10))|
+|Configuration Manager|
[Site Administration for Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg681983(v=technet.10))
[Deploying Clients for Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg699391(v=technet.10))|
|Intune|
[Set up and manage devices with Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkId=690262)
[System Center 2012 R2 Configuration Manager & Windows Intune](/learn/?l=fCzIjVKy_6404984382)|
|MDT|
[Step-By-Step: Installing Windows 8.1 From A USB Key](/archive/blogs/canitpro/step-by-step-installing-windows-8-1-from-a-usb-key)|
diff --git a/education/windows/set-up-school-pcs-azure-ad-join.md b/education/windows/set-up-school-pcs-azure-ad-join.md
index f1a4be1df2..a04a034238 100644
--- a/education/windows/set-up-school-pcs-azure-ad-join.md
+++ b/education/windows/set-up-school-pcs-azure-ad-join.md
@@ -59,7 +59,7 @@ The following table describes each setting within **Device Settings**.
| Setting | Description |
|------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Users may join devices to Azure AD | Choose the scope of people in your organization that are allowed to join devices to Azure AD. **All** allows all users and groups within your tenant to join devices. **Selected** prompts you to choose specific users or groups to allow. **None** allows no one in your tenant to join devices to Azure AD. |
-| More local administrators on Azure AD joined devices | Only applicable to Azure AD Premium tenants. Grant extra local administrator rights on devices, to selected users. Global administrators and the device owner are granted local administrator rights by default. |
+| More local administrators on Azure AD-joined devices | Only applicable to Azure AD Premium tenants. Grant extra local administrator rights on devices, to selected users. Global administrators and the device owner are granted local administrator rights by default. |
| Users may register their devices with Azure AD | Allow all or none of your users to register their devices with Azure AD (Workplace Join). If you're enrolled in Microsoft Intune or Mobile Device Management for Office 365, your devices are required to be registered. In this case, **All** is automatically selected for you. |
| Require Multi-Factor Authentication to join devices | Recommended when adding devices to Azure AD. When set to **Yes**, users that are setting up devices must enter a second method of authentication. |
| Maximum number of devices per user | Set the maximum number of devices a user is allowed to have in Azure AD. If the maximum is exceeded, the user must remove one or more existing devices before more devices are added. |
diff --git a/education/windows/set-up-school-pcs-whats-new.md b/education/windows/set-up-school-pcs-whats-new.md
index 72bea22625..29c5d1cc71 100644
--- a/education/windows/set-up-school-pcs-whats-new.md
+++ b/education/windows/set-up-school-pcs-whats-new.md
@@ -34,7 +34,7 @@ You can now give devices running Windows 10, version 2004 and later a name that'
### Resumed support for Windows 10, version 1903 and later
The previously mentioned provisioning problem was resolved, so the Set up School PCs app once again supports Windows 10, version 1903 and later. The Windows 10 settings that were removed are now back in the app.
-### Device rename made optional for Azure AD joined devices
+### Device rename made optional for Azure AD-joined devices
When you set up your Azure AD join devices in the app, you no longer need to rename your devices. You can keep existing device names.
## Week of May 23, 2019
@@ -42,7 +42,7 @@ When you set up your Azure AD join devices in the app, you no longer need to ren
### Suspended support for Windows 10, version 1903 and later
Due to a provisioning problem, Set up School PCs has temporarily stopped support for Windows 10, version 1903 and later. All settings in the app that were for Windows 10, version 1903 and later have been removed. When the problem is resolved, support will resume again.
-### Mandatory device rename for Azure AD joined devices
+### Mandatory device rename for Azure AD-joined devices
If you configure Azure AD Join, you're now required to rename your devices during setup. You can't keep existing device names.
## Week of April 15, 2019
diff --git a/education/windows/test-windows10s-for-edu.md b/education/windows/test-windows10s-for-edu.md
index 87443100ce..70532ccda4 100644
--- a/education/windows/test-windows10s-for-edu.md
+++ b/education/windows/test-windows10s-for-edu.md
@@ -111,7 +111,7 @@ Back up all your data before installing Windows 10 in S mode. Only personal file
Windows 10 in S mode doesn't support non-Azure Active Directory domain accounts. Before installing Windows 10 in S mode, you must have at least one of these administrator accounts:
- Local administrator
-- Microsoft Account (MSA) administrator
+- Microsoft account administrator
- Azure Active Directory administrator
> [!WARNING]
diff --git a/education/windows/windows-11-se-overview.md b/education/windows/windows-11-se-overview.md
index 445f9c1e89..5a247f51f3 100644
--- a/education/windows/windows-11-se-overview.md
+++ b/education/windows/windows-11-se-overview.md
@@ -38,44 +38,63 @@ Windows 11 SE is only available preinstalled on devices from OEMs. The OEM insta
Windows 11 SE comes with some preinstalled apps. The following apps can also run on Windows 11 SE, and are deployed using the [Intune for Education portal](https://intuneeducation.portal.azure.com). For more information, see [Manage devices running Windows 11 SE](/intune-education/windows-11-se-overview).
-| Application | Supported version | Vendor |
-| --- | --- | --- |
-|Blub Digital Portoflio |0.0.7.0 |bulb|
-|CA Secure Browser |14.0.0 |Cambium Development|
-|Cisco Umbrella |3.0.110.0 |Cisco|
-|Dragon Professional Individual |15.00.100 |Nuance Communications|
-|DRC INSIGHT Online Assessments |12.0.0.0 |DRC|
-|e-Speaking Voice and Speech recognition|4.4.0.8 |e-speaking|
-|Free NaturalReader |16.1.2 |Natural Soft|
-|GoGuardian |1.4.4 |GoGuardian|
-|Google Chrome |97.0.4692.71 |Google|
-|JAWS for Windows |2022.2112.24 |Freedom Scientific|
-|Kite Student Portal |8.0.1|Dynamic Learning Maps|
-|Kortext |2.3.418.0 |Kortext|
-|LanSchool |9.1.0.46 |Stoneware|
-|Lightspeed Smart Agent |1.9.1 |Lightspeed Systems|
-|Mozilla Firefox |96.0.2 |Mozilla|
-|NextUp Talker |1.0.49 |NextUp Technologies|
-|NonVisual Desktop Access |2021.3.1 |NV Access|
-|NWEA Secure Testing Browser |5.4.300.0 |NEWA|
-|Read&Write for Windows (US English) |12.0.60.0 |Texthelp Ltd.|
-|Safe Exam Broswer |3.3.1 |Safe Exam Broswer|
-|Secure Browser |4.8.3.376 |Questar, Inc|
-|SuperNova Magnifier & Screen Reader | 20.03 |Dolphin Computer Access|
-|SuperNova Magnifier & Speech | 20.03 |Dolphin Computer Access|
-|Respondus Lockdown Browser |2.0.8.03 |Respondus|
-|TestNav |1.10.2.0 |Pearson Education Inc|
-|SecureBrowser |14.0.0 |Cambium Development|
-|Zoom |5.9.1 (2581) |Zoom|
-|ZoomText Fusion |2022.2109.10 |Freedom Scientific|
-|ZoomText Magnifier/Reader |2022.2109.25 |Freedom Scientific|
+| Application | Supported version | App Type | Vendor |
+| --- | --- | --- | --- |
+|AirSecure |8.0.0 |Win32 |AIR|
+|Brave Browser |1.34.80|Win32 |Brave|
+|Bulb Digital Portfolio |0.0.7.0|Store|Bulb|
+|Cisco Umbrella |3.0.110.0 |Win32 |Cisco|
+|CKAuthenticator |3.6 |Win32 |Content Keeper|
+|Class Policy |114.0.0 |Win32 |Class Policy|
+|Classroom.cloud |1.40.0004 |Win32 |NetSupport|
+|CoGat Secure Browser |11.0.0.19 |Win32 |Riverside Insights|
+|Dragon Professional Individual |15.00.100 |Win32 |Nuance Communications|
+|DRC INSIGHT Online Assessments |12.0.0.0 |Store |Data recognition Corporation|
+|Duo from Cisco |2.25.0 |Win32 |Cisco|
+|e-Speaking Voice and Speech recognition |4.4.0.8 |Win32 |e-speaking|
+|eTests |4.0.25 |Win32 |CASAS|
+|FortiClient |7.0.1.0083 |Win32 |Fortinet|
+|Free NaturalReader |16.1.2 |Win32 |Natural Soft|
+|GoGuardian |1.4.4 |Win32 |GoGuardian|
+|Google Chrome |100.0.4896.127|Win32 |Google|
+|Illuminate Lockdown Browser |2.0.5 |Win32 |Illuminate Education|
+|Immunet |7.5.0.20795 |Win32 |Immunet|
+|JAWS for Windows |2022.2112.24 |Win32 |Freedom Scientific|
+|Kite Student Portal |8.0.1 |Win32 |Dynamic Learning Maps|
+|Kortext |2.3.433.0 |Store |Kortext|
+|Kurzweil 3000 Assistive Learning |20.13.0000 |Win32 |Kurzweil Educational Systems|
+|LanSchool |9.1.0.46 |Win32 |Stoneware|
+|Lightspeed Smart Agent |2.6.2 |Win32 |Lightspeed Systems|
+|Microsoft Connect |10.0.22000.1 |Store |Microsoft|
+|Mozilla Firefox |99.0.1 |Win32 |Mozilla|
+|NAPLAN |2.5.0 |Win32 |NAP|
+|NetSupport Manager |12.01.0011 |Win32 |NetSupport|
+|NetSupport Notify |5.10.1.215 |Win32 |NetSupport|
+|NetSupport School |14.00.0011 |Win32 |NetSupport|
+|NextUp Talker |1.0.49 |Win32 |NextUp Technologies|
+|NonVisual Desktop Access |2021.3.1 |Win32 |NV Access|
+|NWEA Secure Testing Browser |5.4.300.0 |Win32 |NWEA|
+|Pearson TestNav |1.10.2.0 |Store |Pearson|
+|Questar Secure Browser |4.8.3.376 |Win32 |Questar|
+|ReadAndWriteForWindows |12.0.60.0 |Win32 |Texthelp Ltd.|
+|Remote Desktop client (MSRDC) |1.2.3213.0 |Win32 |Microsoft|
+|Remote Help |3.8.0.12 |Win32 |Microsoft|
+|Respondus Lockdown Browser |2.0.8.05 |Win32 |Respondus|
+|Safe Exam Browser |3.3.2.413 |Win32 |Safe Exam Browser|
+|Secure Browser |14.0.0 |Win32 |Cambium Development|
+|Secure Browser |4.8.3.376 |Win32 |Questar, Inc|
+|Senso.Cloud |2021.11.15.0 |Win32|Senso.Cloud|
+|SuperNova Magnifier & Screen Reader |21.02 |Win32 |Dolphin Computer Access|
+|Zoom |5.9.1 (2581)|Win32 |Zoom|
+|ZoomText Fusion |2022.2109.10|Win32 |Freedom Scientific|
+|ZoomText Magnifier/Reader |2022.2109.25|Win32 |Freedom Scientific|
### Enabled apps
| App type | Enabled |
| --- | --- |
| Apps that run in a browser | ✔️ Apps that run in a browser, like Progressive Web Apps (PWA) and Web apps, can run on Windows 11 SE without any changes or limitations. |
-| Apps that require installation | ❌ Apps that require an installation, including Microsoft Store apps and Win32 apps can't be installed. If students try to install these apps, the installation fails.
✔️ If there are specific installation-type of apps you want to enable, then work with Microsoft to get them enabled. For more information, see [Add your own apps](#add-your-own-apps) (in this article). |
+| Apps that require installation | ❌ Apps that require an installation, including Microsoft Store apps and Win32 apps can't be installed. If students try to install these apps, the installation fails.
✔️ If there are specific installation-type apps you want to enable, then work with Microsoft to get them enabled. For more information, see [Add your own apps](#add-your-own-apps) (in this article). |
### Add your own apps
diff --git a/education/windows/windows-11-se-settings-list.md b/education/windows/windows-11-se-settings-list.md
index 0e70e1cad2..b2b9df5de8 100644
--- a/education/windows/windows-11-se-settings-list.md
+++ b/education/windows/windows-11-se-settings-list.md
@@ -30,22 +30,24 @@ The following table lists and describes the settings that can be changed by admi
| Setting | Description |
| --- | --- |
-| Block manual unenrollment | Default: Blocked
Users can't unenroll their devices from device management services.
[Experience/AllowManualMDMUnenrollment CSP](/windows/client-management/mdm/policy-csp-experience#experience-allowmanualmdmunenrollment)|
-| Allow option to Show Network | Default: Allowed
Gives users the option to see the **Show Network** folder in File Explorer. |
-| Allow option to Show This PC | Default: Allowed
Gives user the option to see the **Show This PC** folder in File Explorer. |
-| Set Allowed Folder location | Default folders: Documents, Desktop, Pictures, and Downloads
Gives user access to these folders. |
-| Set Allowed Storage Locations | Default: Blocks Local Drives and Network Drives
Blocks user access to these storage locations. |
-| Allow News and Interests | Default: Hide
Hides Widgets. |
-| Disable advertising ID | Default: Disabled
Blocks apps from using usage data to tailor advertisements.
|
-| Enable App Install Control | Default: Turned On
Users can’t download apps from the internet.
[SmartScreen/EnableAppInstallControl CSP](/windows/client-management/mdm/policy-csp-smartscreen#smartscreen-enableappinstallcontrol)|
-| Configure Storage Sense Cloud Content Dehydration Threshold | Default: 30 days
If a file hasn’t been opened in 30 days, it becomes an online-only file. Online-only files can be opened when there's an internet connection. When an online-only file is opened on a device, it downloads and becomes locally available on that device. The file is available until it's unopened for the specified number of days, and becomes online-only again.
Users can't unenroll their devices from device management services.
[Experience/AllowManualMDMUnenrollment CSP](/windows/client-management/mdm/policy-csp-experience#experience-allowmanualmdmunenrollment) |
+| Allow option to Show Network | Default: Allowed
Gives users the option to see the **Show Network** folder in File Explorer. |
+| Allow option to Show This PC | Default: Allowed
Gives user the option to see the **Show This PC** folder in File Explorer. |
+| Set Allowed Folder location | Default folders: Documents, Desktop, Pictures, and Downloads
Gives user access to these folders. |
+| Set Allowed Storage Locations | Default: Blocks local drives and network drives
Blocks user access to these storage locations. |
+| Allow News and Interests | Default: Hide
Hides widgets. |
+| Disable advertising ID | Default: Disabled
Blocks apps from using usage data to tailor advertisements.
|
+| Enable App Install Control | Default: Turned On
Users can't download apps from the internet.
[SmartScreen/EnableAppInstallControl CSP](/windows/client-management/mdm/policy-csp-smartscreen#smartscreen-enableappinstallcontrol)|
+| Configure Storage Sense Cloud Content Dehydration Threshold | Default: 30 days
If a file hasn't been opened in 30 days, it becomes an online-only file. Online-only files can be opened when there's an internet connection. When an online-only file is opened on a device, it downloads and becomes locally available on that device. The file is available until it's unopened for the specified number of days, and becomes online-only again.
Specify a jpg, jpeg, or png image to be used as the desktop image. This setting can take an http or https URL to a remote image to be downloaded, a file URL to a local image.
Specify a jpg, jpeg, or png image to be used as lock screen image. This setting can take an http or https URL to a remote image to be downloaded, a file URL to a local image.
[LockScreenImageUrl](/windows/client-management/mdm/personalization-csp) |
## Settings that can't be changed
diff --git a/images/compare-changes.png b/images/compare-changes.png
index 0d86db70f5..183953dc8a 100644
Binary files a/images/compare-changes.png and b/images/compare-changes.png differ
diff --git a/images/contribute-link.png b/images/contribute-link.png
index 4cf685e54e..742a6f53ef 100644
Binary files a/images/contribute-link.png and b/images/contribute-link.png differ
diff --git a/images/pencil-icon.png b/images/pencil-icon.png
index 82fe7852dd..f041c32229 100644
Binary files a/images/pencil-icon.png and b/images/pencil-icon.png differ
diff --git a/images/preview-changes.png b/images/preview-changes.png
index cb4ecab594..54761f44d2 100644
Binary files a/images/preview-changes.png and b/images/preview-changes.png differ
diff --git a/images/propose-changes.png b/images/propose-changes.png
new file mode 100644
index 0000000000..5c16f931fc
Binary files /dev/null and b/images/propose-changes.png differ
diff --git a/images/propose-file-change.png b/images/propose-file-change.png
deleted file mode 100644
index aedbc07b16..0000000000
Binary files a/images/propose-file-change.png and /dev/null differ
diff --git a/smb/breadcrumb/toc.yml b/smb/breadcrumb/toc.yml
index 3fc3bfeaee..317dcb4c3b 100644
--- a/smb/breadcrumb/toc.yml
+++ b/smb/breadcrumb/toc.yml
@@ -1,10 +1,11 @@
+items:
- name: Docs
tocHref: /
topicHref: /
items:
- name: Windows
tocHref: /windows
- topicHref: https://docs.microsoft.com/windows/#pivot=it-pro
+ topicHref: /windows/resources/
items:
- name: SMB
tocHref: /windows/smb
diff --git a/smb/cloud-mode-business-setup.md b/smb/cloud-mode-business-setup.md
index 7da2e85c29..729c76f598 100644
--- a/smb/cloud-mode-business-setup.md
+++ b/smb/cloud-mode-business-setup.md
@@ -574,7 +574,7 @@ See [Add users to Office 365](/microsoft-365/admin/add-users/add-users) to learn
To learn more about the services and tools mentioned in this walkthrough, and learn what other tasks you can do, follow these links:
- [Set up Office 365 for business](/microsoft-365/admin/setup)
- Common admin tasks in Office 365 including email and OneDrive in [Manage Office 365](/microsoft-365/admin/)
-- More info about managing devices, apps, data, troubleshooting, and more in the [/mem/intune/](/mem/intune/)
+- More info about managing devices, apps, data, troubleshooting, and more in the [Intune documentation](/mem/intune/)
- Learn more about Windows client in the [Windows client documentation for IT Pros](/windows/resources/).
- Info about distributing apps to your employees, managing apps, managing settings, and more in [Microsoft Store for Business](/microsoft-store/)
diff --git a/smb/docfx.json b/smb/docfx.json
index 9b63f81cad..15de5f0bb4 100644
--- a/smb/docfx.json
+++ b/smb/docfx.json
@@ -48,6 +48,9 @@
"Kellylorenebaker",
"jborsecnik",
"tiburd",
+ "AngelaMotherofDragons",
+ "dstrome",
+ "v-dihans",
"garycentric"
],
"titleSuffix": "Windows for Small to Midsize Business"
diff --git a/store-for-business/docfx.json b/store-for-business/docfx.json
index bf0a63a161..953ad15d25 100644
--- a/store-for-business/docfx.json
+++ b/store-for-business/docfx.json
@@ -57,6 +57,9 @@
"Kellylorenebaker",
"jborsecnik",
"tiburd",
+ "AngelaMotherofDragons",
+ "dstrome",
+ "v-dihans",
"garycentric"
]
},
diff --git a/store-for-business/manage-private-store-settings.md b/store-for-business/manage-private-store-settings.md
index 5ec635a24d..c6c6e4564c 100644
--- a/store-for-business/manage-private-store-settings.md
+++ b/store-for-business/manage-private-store-settings.md
@@ -50,10 +50,11 @@ You can create collections of apps within your private store. Collections allow
You can add a collection to your private store from the private store, or from the details page for an app.
**From private store**
+
1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com).
2. Click your private store.
- 
+ 
3. Click **Add a Collection**.
@@ -65,6 +66,7 @@ You can add a collection to your private store from the private store, or from t
> New collections require at least one app, or they will not be created.
**From app details page**
+
1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com).
2. Click **Manage**, and then click **Products & services**.
3. Under **Apps & software**, choose an app you want to include in a new collection.
@@ -84,12 +86,13 @@ If you've already added a Collection to your private store, you can easily add a
1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com).
2. Click your private store.
- 
+ 
3. Click the ellipses next to the collection name, and click **Edit collection**.
4. Add or remove products from the collection, and then click **Done**.
You can also add an app to a collection from the app details page.
+
1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com).
2. Click **Manage**, and then click **Products & services**.
3. Under **Apps & software**, choose an app you want to include in a new collection.
diff --git a/store-for-business/working-with-line-of-business-apps.md b/store-for-business/working-with-line-of-business-apps.md
index 42eda0b990..9478fd004c 100644
--- a/store-for-business/working-with-line-of-business-apps.md
+++ b/store-for-business/working-with-line-of-business-apps.md
@@ -45,7 +45,7 @@ You'll need to set up:
- LOB publishers need to have an app in Microsoft Store, or have an app ready to submit to the Store.
The process and timing look like this:
-
+
## Add an LOB publisher (Admin)
Admins need to invite developer or ISVs to become an LOB publisher.
diff --git a/windows/application-management/app-v/appv-about-appv.md b/windows/application-management/app-v/appv-about-appv.md
index ed4e23e340..3c080dc8c9 100644
--- a/windows/application-management/app-v/appv-about-appv.md
+++ b/windows/application-management/app-v/appv-about-appv.md
@@ -58,11 +58,7 @@ For more information about how to configure an existing App-V installation after
## Support for System Center
-App-V supports System Center 2016 and System Center 2012 R2 Configuration Manager SP1. See [Planning for App-V Integration with Configuration Manager](/previous-versions/system-center/system-center-2012-R2/jj822982(v=technet.10)) to learn more about how to integrate your App-V environment with Configuration Manager.
-
-
-
-
+App-V supports System Center 2016 and Configuration Manager SP1. See [Planning for App-V Integration with Configuration Manager](/previous-versions/system-center/system-center-2012-R2/jj822982(v=technet.10)) to learn more about how to integrate your App-V environment with Configuration Manager.
## Related articles
diff --git a/windows/application-management/app-v/appv-capacity-planning.md b/windows/application-management/app-v/appv-capacity-planning.md
index 969926e2ed..1b99178358 100644
--- a/windows/application-management/app-v/appv-capacity-planning.md
+++ b/windows/application-management/app-v/appv-capacity-planning.md
@@ -34,7 +34,7 @@ You can also manage your App-V environment using an electronic software distribu
* **Standalone model**—The standalone model allows virtual applications to be Windows Installer-enabled for distribution without streaming. App-V in Standalone mode only needs the sequencer and the client; no extra components are required. Applications are prepared for virtualization using a process called sequencing. For more information, see [Planning for the App-V Sequencer and Client deployment](appv-planning-for-sequencer-and-client-deployment.md). The standalone model is recommended for the following scenarios:
* When there are disconnected remote users who can't connect to the App-V infrastructure.
- * When you're running a software management system, such as System Center 2012 Configuration Manager.
+ * When you're running a software management system, such as Configuration Manager.
* When network bandwidth limitations inhibit electronic software distribution.
* **Full infrastructure model**—The full infrastructure model provides for software distribution, management, and reporting capabilities; it also includes the streaming of applications across the network. The App-V full infrastructure model consists of one or more App-V management servers that can be used to publish applications to all clients. Publishing places the virtual application icons and shortcuts on the target computer. It can also stream applications to local users. For more information about how to install the management server, see [Planning for App-V Server deployment](appv-planning-for-appv-server-deployment.md). The full infrastructure model is recommended for the following scenarios:
diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md
index cf9b704fd3..34683ed7d8 100644
--- a/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md
+++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md
@@ -31,7 +31,7 @@ The following table shows the App-V versions, methods of Office package creation
## Creating Office 2010 App-V using the sequencer
-Sequencing Office 2010 is one of the main methods for creating an Office 2010 package on App-V. Microsoft has provided a detailed recipe through a Knowledge Base article. For detailed instructions about how to create an Office 2010 package on App-V, see [How To Sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://support.microsoft.com/kb/2830069).
+Sequencing Office 2010 is one of the main methods for creating an Office 2010 package on App-V. For more information, see [How to Sequence a New Application with App-V 5.0](/microsoft-desktop-optimization-pack/appv-v5/how-to-sequence-a-new-application-with-app-v-50-beta-gb18030).
## Creating Office 2010 App-V packages using package accelerators
@@ -76,26 +76,10 @@ The following table provides a full list of supported integration points for Off
|Active X Controls: - Groove.SiteClient - PortalConnect.PersonalSite - SharePoint.openDocuments - SharePoint.ExportDatabase - SharePoint.SpreadSheetLauncher - SharePoint.StssyncHander - SharePoint.DragUploadCtl - SharePoint.DragDownloadCtl - Sharpoint.OpenXMLDocuments - Sharepoint.ClipboardCtl - WinProj.Activator - Name.NameCtrl - STSUPld.CopyCtl - CommunicatorMeetingJoinAx.JoinManager - LISTNET.Listnet - OneDrive Pro Browser Helper|Active X Control.
For more information about ActiveX controls, see the [ActiveX Control API Reference]().||
|OneDrive Pro Icon Overlays|Windows explorer shell icon overlays when users look at folders OneDrive Pro folders||
-## Additional resources
-
-### Office 2013 App-V Packages Additional Resources
-
-* [Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](https://support.microsoft.com/kb/2772509)
-
-### Office 2010 App-V Packages
-
-* [Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](https://www.microsoft.com/download/details.aspx?id=38399)
-* [Known issues when you create or use an App-V 5.0 Office 2010 package](https://support.microsoft.com/kb/2828619)
-* [How To Sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://support.microsoft.com/kb/2830069)
-
### Connection Groups
* [Managing Connection Groups](appv-managing-connection-groups.md)
-* [Connection groups on the App-V team blog](https://blogs.msdn.microsoft.com/gladiator/tag/connection-groups/)
### Dynamic Configuration
-* [About App-V Dynamic Configuration](appv-dynamic-configuration.md)
-
-
-
+* [About App-V Dynamic Configuration](appv-dynamic-configuration.md)
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-supported-configurations.md b/windows/application-management/app-v/appv-supported-configurations.md
index 071879bc7c..2522c24732 100644
--- a/windows/application-management/app-v/appv-supported-configurations.md
+++ b/windows/application-management/app-v/appv-supported-configurations.md
@@ -119,7 +119,7 @@ See the Windows or Windows Server documentation for the hardware requirements.
## Supported versions of Microsoft Endpoint Configuration Manager
-The App-V client works with Configuration Manager versions starting with Technical Preview for System Center Configuration Manager, version 1606.
+The App-V client works with Configuration Manager versions starting with Technical Preview for Configuration Manager, version 1606.
## Related articles
diff --git a/windows/application-management/manage-windows-mixed-reality.md b/windows/application-management/manage-windows-mixed-reality.md
index 98fff77da2..122ffdd4f1 100644
--- a/windows/application-management/manage-windows-mixed-reality.md
+++ b/windows/application-management/manage-windows-mixed-reality.md
@@ -31,7 +31,7 @@ Organizations that use Windows Server Update Services (WSUS) must take action to
1. Download the FOD .cab file:
- [Windows 11, version 21H2](https://software-download.microsoft.com/download/sg/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd_64~~.cab)
- - [Windows 10, version 2004](https://software-download.microsoft.com/download/pr/6cf73b63/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab)
+ - [Windows 10, version 2004](https://software-static.download.prss.microsoft.com/pr/download/6cf73b63/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab)
- [Windows 10, version 1903 and 1909](https://software-download.microsoft.com/download/pr/Microsoft-Windows-Holographic-Desktop-FOD-Package-31bf3856ad364e35-amd64.cab)
- [Windows 10, version 1809](https://software-download.microsoft.com/download/pr/microsoft-windows-holographic-desktop-fod-package31bf3856ad364e35amd64_1.cab)
- [Windows 10, version 1803](https://download.microsoft.com/download/9/9/3/9934B163-FA01-4108-A38A-851B4ACD1244/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab)
diff --git a/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md b/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md
index 17fe815f82..45f7dec8fa 100644
--- a/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md
+++ b/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md
@@ -26,7 +26,7 @@ This article discusses the Company Portal app installation options, adding organ
## Before you begin
-The Company Portal app is included with Microsoft Endpoint Manager (MEM). Endpoint Manager is a Mobile Device Management (MDM) and Mobile Application manager (MAM) provider. It help manages your devices, and manage apps on your devices.
+The Company Portal app is included with Microsoft Endpoint Manager. Endpoint Manager is a Mobile Device Management (MDM) and Mobile Application manager (MAM) provider. It help manages your devices, and manage apps on your devices.
If you're not managing your devices using an MDM provider, the following resources may help you get started:
diff --git a/windows/client-management/administrative-tools-in-windows-10.md b/windows/client-management/administrative-tools-in-windows-10.md
index edca458380..76d04a5dd1 100644
--- a/windows/client-management/administrative-tools-in-windows-10.md
+++ b/windows/client-management/administrative-tools-in-windows-10.md
@@ -2,8 +2,6 @@
title: Windows Tools/Administrative Tools
description: The folders for Windows Tools and Administrative Tools are folders in the Control Panel that contain tools for system administrators and advanced users.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.author: aaroncz
manager: dougeby
diff --git a/windows/client-management/advanced-troubleshooting-802-authentication.md b/windows/client-management/advanced-troubleshooting-802-authentication.md
index 59c8210b09..eba023fe12 100644
--- a/windows/client-management/advanced-troubleshooting-802-authentication.md
+++ b/windows/client-management/advanced-troubleshooting-802-authentication.md
@@ -2,10 +2,7 @@
title: Advanced Troubleshooting 802.1X Authentication
ms.reviewer:
description: Troubleshoot authentication flow by learning how 802.1X Authentication works for wired and wireless clients.
-keywords: advanced troubleshooting, 802.1X authentication, troubleshooting, authentication, Wi-Fi
ms.prod: w10
-ms.mktglfcycl:
-ms.sitesec: library
author: aczechowski
ms.author: aaroncz
manager: dougeby
diff --git a/windows/client-management/advanced-troubleshooting-boot-problems.md b/windows/client-management/advanced-troubleshooting-boot-problems.md
index dd92af8c4f..817cffb7c0 100644
--- a/windows/client-management/advanced-troubleshooting-boot-problems.md
+++ b/windows/client-management/advanced-troubleshooting-boot-problems.md
@@ -2,11 +2,11 @@
title: Advanced troubleshooting for Windows boot problems
description: Learn to troubleshoot when Windows can't boot. This article includes advanced troubleshooting techniques intended for use by support agents and IT professionals.
ms.prod: w10
-ms.sitesec: library
-author: aczechowski
+ms.technology: windows
ms.localizationpriority: medium
+ms.date: 06/02/2022
+author: aczechowski
ms.author: aaroncz
-ms.date: 11/16/2018
ms.reviewer:
manager: dougeby
ms.topic: troubleshooting
@@ -15,16 +15,15 @@ ms.collection: highpri
# Advanced troubleshooting for Windows boot problems
-
Try our Virtual Agent - It can help you quickly identify and fix common Windows boot issues
+
Try our Virtual Agent - It can help you quickly identify and fix common Windows boot issues.
> [!NOTE]
-> This article is intended for use by support agents and IT professionals. If you're looking for more general information about recovery options, see [Recovery options in Windows 10](https://support.microsoft.com/help/12415).
+> This article is intended for use by support agents and IT professionals. If you're looking for more general information about recovery options, see [Recovery options in Windows 10](https://support.microsoft.com/windows/recovery-options-in-windows-31ce2444-7de3-818c-d626-e3b5a3024da5).
## Summary
There are several reasons why a Windows-based computer may have problems during startup. To troubleshoot boot problems, first determine in which of the following phases the computer gets stuck:
-
| Phase | Boot Process | BIOS | UEFI |
|-----------|----------------------|------------------------------------|-----------------------------------|
| 1 | PreBoot | MBR/PBR (Bootstrap Code) | UEFI Firmware |
@@ -32,31 +31,21 @@ There are several reasons why a Windows-based computer may have problems during
| 3 | Windows OS Loader | %SystemRoot%\system32\winload.exe | %SystemRoot%\system32\winload.efi |
| 4 | Windows NT OS Kernel | %SystemRoot%\system32\ntoskrnl.exe | |
-**1. PreBoot**
+1. **PreBoot**: The PC's firmware initiates a power-on self test (POST) and loads firmware settings. This pre-boot process ends when a valid system disk is detected. Firmware reads the master boot record (MBR), and then starts Windows Boot Manager.
-The PC’s firmware initiates a Power-On Self Test (POST) and loads firmware settings. This pre-boot process ends when a valid system disk is detected. Firmware reads the master boot record (MBR), and then starts Windows Boot Manager.
+2. **Windows Boot Manager**: Windows Boot Manager finds and starts the Windows loader (Winload.exe) on the Windows boot partition.
-**2. Windows Boot Manager**
+3. **Windows operating system loader**: Essential drivers required to start the Windows kernel are loaded and the kernel starts to run.
-Windows Boot Manager finds and starts the Windows loader (Winload.exe) on the Windows boot partition.
+4. **Windows NT OS Kernel**: The kernel loads into memory the system registry hive and other drivers that are marked as BOOT_START.
-**3. Windows operating system loader**
-
-Essential drivers required to start the Windows kernel are loaded and the kernel starts to run.
-
-**4. Windows NT OS Kernel**
-
-The kernel loads into memory the system registry hive and other drivers that are marked as BOOT_START.
-
-The kernel passes control to the session manager process (Smss.exe) which initializes the system session, and loads and starts the devices and drivers that aren't marked BOOT_START.
-
-Here's a summary of the boot sequence, what will be seen on the display, and typical boot problems at that point in the sequence. Before starting troubleshooting, you have to understand the outline of the boot process and display status to ensure that the issue is properly identified at the beginning of the engagement.
-
-
-[Click to enlarge](img-boot-sequence.md)
+ The kernel passes control to the session manager process (Smss.exe) which initializes the system session, and loads and starts the devices and drivers that aren't marked BOOT_START.
+
+Here's a summary of the boot sequence, what will be seen on the display, and typical boot problems at that point in the sequence. Before you start troubleshooting, you have to understand the outline of the boot process and display status to ensure that the issue is properly identified at the beginning of the engagement. Select the thumbnail to view it larger.
+:::image type="content" source="images/boot-sequence-thumb.png" alt-text="Diagram of the boot sequence flowchart." lightbox="images/boot-sequence.png":::
Each phase has a different approach to troubleshooting. This article provides troubleshooting techniques for problems that occur during the first three phases.
@@ -69,7 +58,6 @@ Each phase has a different approach to troubleshooting. This article provides tr
>
> `Bcdedit /set {default} bootmenupolicy legacy`
-
## BIOS phase
To determine whether the system has passed the BIOS phase, follow these steps:
@@ -86,26 +74,25 @@ To determine whether the system has passed the BIOS phase, follow these steps:
If the screen is black except for a blinking cursor, or if you receive one of the following error codes, this status indicates that the boot process is stuck in the Boot Loader phase:
-- Boot Configuration Data (BCD) missing or corrupted
-- Boot file or MBR corrupted
-- Operating system Missing
-- Boot sector missing or corrupted
-- Bootmgr missing or corrupted
-- Unable to boot due to system hive missing or corrupted
-
-To troubleshoot this problem, use Windows installation media to start the computer, press Shift+F10 for a command prompt, and then use any of the following methods.
+- Boot Configuration Data (BCD) missing or corrupted
+- Boot file or MBR corrupted
+- Operating system Missing
+- Boot sector missing or corrupted
+- Bootmgr missing or corrupted
+- Unable to boot due to system hive missing or corrupted
+To troubleshoot this problem, use Windows installation media to start the computer, press **Shift** + **F10** for a command prompt, and then use any of the following methods.
### Method 1: Startup Repair tool
The Startup Repair tool automatically fixes many common problems. The tool also lets you quickly diagnose and repair more complex startup problems. When the computer detects a startup problem, the computer starts the Startup Repair tool. When the tool starts, it performs diagnostics. These diagnostics include analyzing startup log files to determine the cause of the problem. When the Startup Repair tool determines the cause, the tool tries to fix the problem automatically.
-To do this task of invoking the Startup Repair tool, follow these steps.
+To do this task of invoking the Startup Repair tool, follow these steps.
> [!NOTE]
-> For additional methods to start WinRE, see [Windows Recovery Environment (Windows RE)](/windows-hardware/manufacture/desktop/windows-recovery-environment--windows-re--technical-reference#span-identrypointsintowinrespanspan-identrypointsintowinrespanspan-identrypointsintowinrespanentry-points-into-winre).
+> For additional methods to start WinRE, see [Windows Recovery Environment (Windows RE)](/windows-hardware/manufacture/desktop/windows-recovery-environment--windows-re--technical-reference#entry-points-into-winre).
-1. Start the system to the installation media for the installed version of Windows. For more information, see [Create installation media for Windows](https://support.microsoft.com/help/15088).
+1. Start the system to the installation media for the installed version of Windows. For more information, see [Create installation media for Windows](https://support.microsoft.com/windows/create-installation-media-for-windows-99a58364-8c02-206f-aa6f-40c3b507420d).
2. On the **Install Windows** screen, select **Next** > **Repair your computer**.
@@ -117,28 +104,26 @@ To do this task of invoking the Startup Repair tool, follow these steps.
The Startup Repair tool generates a log file to help you understand the startup problems and the repairs that were made. You can find the log file in the following location:
-**%windir%\System32\LogFiles\Srt\Srttrail.txt**
-
-
-For more information, see [A Stop error occurs, or the computer stops responding when you try to start Windows Vista or Windows 7](https://support.microsoft.com/help/925810/a-stop-error-occurs-or-the-computer-stops-responding-when-you-try-to-s)
+`%windir%\System32\LogFiles\Srt\Srttrail.txt`
+For more information, see [Troubleshoot blue screen errors](https://support.microsoft.com/sbs/windows/troubleshoot-blue-screen-errors-5c62726c-6489-52da-a372-3f73142c14ad).
### Method 2: Repair Boot Codes
To repair boot codes, run the following command:
-```console
+```command
BOOTREC /FIXMBR
```
To repair the boot sector, run the following command:
-```console
+```command
BOOTREC /FIXBOOT
```
> [!NOTE]
-> Running **BOOTREC** together with **Fixmbr** overwrites only the master boot code. If the corruption in the MBR affects the partition table, running **Fixmbr** may not fix the problem.
+> Running `BOOTREC` together with `Fixmbr` overwrites only the master boot code. If the corruption in the MBR affects the partition table, running `Fixmbr` may not fix the problem.
### Method 3: Fix BCD errors
@@ -146,15 +131,15 @@ If you receive BCD-related errors, follow these steps:
1. Scan for all the systems that are installed. To do this step, run the following command:
- ```console
+ ```command
Bootrec /ScanOS
```
2. Restart the computer to check whether the problem is fixed.
3. If the problem isn't fixed, run the following commands:
-
- ```console
+
+ ```command
bcdedit /export c:\bcdbackup
attrib c:\boot\bcd -r -s -h
@@ -172,128 +157,116 @@ If methods 1, 2 and 3 don't fix the problem, replace the Bootmgr file from drive
1. At a command prompt, change the directory to the System Reserved partition.
-2. Run the **attrib** command to unhide the file:
+2. Run the `attrib` command to unhide the file:
- ```console
+ ```command
attrib -r -s -h
```
3. Navigate to the system drive and run the same command:
- ```console
+ ```command
attrib -r -s -h
```
-4. Rename the Bootmgr file as Bootmgr.old:
+4. Rename the `bootmgr` file as `bootmgr.old`:
- ```console
+ ```command
ren c:\bootmgr bootmgr.old
```
5. Navigate to the system drive.
-6. Copy the Bootmgr file, and then paste it to the System Reserved partition.
+6. Copy the `bootmgr` file, and then paste it to the System Reserved partition.
7. Restart the computer.
-### Method 5: Restore System Hive
+### Method 5: Restore system hive
-If Windows can't load the system registry hive into memory, you must restore the system hive. To do this step,, use the Windows Recovery Environment or use Emergency Repair Disk (ERD) to copy the files from the C:\Windows\System32\config\RegBack to C:\Windows\System32\config.
+If Windows can't load the system registry hive into memory, you must restore the system hive. To do this step, use the Windows Recovery Environment or use the Emergency Repair Disk (ERD) to copy the files from the `C:\Windows\System32\config\RegBack` directory to `C:\Windows\System32\config`.
If the problem persists, you may want to restore the system state backup to an alternative location, and then retrieve the registry hives to be replaced.
> [!NOTE]
-> Starting in Windows 10, version 1803, Windows no longer automatically backs up the system registry to the RegBack folder.This change is by design, and is intended to help reduce the overall disk footprint size of Windows. To recover a system with a corrupt registry hive, Microsoft recommends that you use a system restore point. For more details, check [this article](/troubleshoot/windows-client/deployment/system-registry-no-backed-up-regback-folder)
+> Starting in Windows 10, version 1803, Windows no longer automatically backs up the system registry to the RegBack folder.This change is by design, and is intended to help reduce the overall disk footprint size of Windows. To recover a system with a corrupt registry hive, Microsoft recommends that you use a system restore point. For more information, see [The system registry is no longer backed up to the RegBack folder starting in Windows 10 version 1803](/troubleshoot/windows-client/deployment/system-registry-no-backed-up-regback-folder).
## Kernel Phase
If the system gets stuck during the kernel phase, you experience multiple symptoms or receive multiple error messages. These error messages include, but aren't limited to, the following examples:
-- A Stop error appears after the splash screen (Windows Logo screen).
+- A Stop error appears after the splash screen (Windows Logo screen).
-- Specific error code is displayed.
+- Specific error code is displayed. For example, `0x00000C2` , `0x0000007B` , or `inaccessible boot device`.
+ - [Advanced troubleshooting for Stop error 7B or Inaccessible_Boot_Device](./troubleshoot-inaccessible-boot-device.md)
+ - [Advanced troubleshooting for Event ID 41 "The system has rebooted without cleanly shutting down first"](troubleshoot-event-id-41-restart.md)
- For example, "0x00000C2" , "0x0000007B" , "inaccessible boot device" and so on.
- - [Advanced troubleshooting for Stop error 7B or Inaccessible_Boot_Device](./troubleshoot-inaccessible-boot-device.md)
- - [Advanced troubleshooting for Event ID 41 "The system has rebooted without cleanly shutting down first"](troubleshoot-event-id-41-restart.md)
+- The screen is stuck at the "spinning wheel" (rolling dots) "system busy" icon.
-- The screen is stuck at the "spinning wheel" (rolling dots) "system busy" icon.
-
-- A black screen appears after the splash screen.
+- A black screen appears after the splash screen.
To troubleshoot these problems, try the following recovery boot options one at a time.
-**Scenario 1: Try to start the computer in Safe mode or Last Known Good Configuration**
+### Scenario 1: Try to start the computer in Safe mode or Last Known Good Configuration
On the **Advanced Boot Options** screen, try to start the computer in **Safe Mode** or **Safe Mode with Networking**. If either of these options works, use Event Viewer to help identify and diagnose the cause of the boot problem. To view events that are recorded in the event logs, follow these steps:
-1. Use one of the following methods to open Event Viewer:
+1. Use one of the following methods to open Event Viewer:
- - Click **Start**, point to **Administrative Tools**, and then click
- **Event Viewer**.
+ - Go to the **Start** menu, select **Administrative Tools**, and then select **Event Viewer**.
- - Start the Event Viewer snap-in in Microsoft Management Console (MMC).
+ - Start the Event Viewer snap-in in Microsoft Management Console (MMC).
-2. In the console tree, expand Event Viewer, and then click the log that you
- want to view. For example, click **System log** or **Application log**.
+2. In the console tree, expand Event Viewer, and then select the log that you want to view. For example, choose **System log** or **Application log**.
-3. In the details pane, double-click the event that you want to view.
+3. In the details pane, open the event that you want to view.
-4. On the **Edit** menu, click **Copy**, open a new document in the program in
- which you want to paste the event (for example, Microsoft Word), and then
- click **Paste**.
-
-5. Use the Up Arrow or Down Arrow key to view the description of the previous
- or next event.
+4. On the **Edit** menu, select **Copy**. Open a new document in the program in which you want to paste the event. For example, Microsoft Word. Then select **Paste**.
+5. Use the up arrow or down arrow key to view the description of the previous or next event.
### Clean boot
-To troubleshoot problems that affect services, do a clean boot by using System Configuration (msconfig).
+To troubleshoot problems that affect services, do a clean boot by using System Configuration (`msconfig`).
Select **Selective startup** to test the services one at a time to determine which one is causing the problem. If you can't find the cause, try including system services. However, in most cases, the problematic service is third-party.
Disable any service that you find to be faulty, and try to start the computer again by selecting **Normal startup**.
-For detailed instructions, see [How to perform a clean boot in Windows](https://support.microsoft.com/help/929135/how-to-perform-a-clean-boot-in-windows).
+For detailed instructions, see [How to perform a clean boot in Windows](https://support.microsoft.com/topic/how-to-perform-a-clean-boot-in-windows-da2f9573-6eec-00ad-2f8a-a97a1807f3dd).
If the computer starts in Disable Driver Signature mode, start the computer in Disable Driver Signature Enforcement mode, and then follow the steps that are documented in the following article to determine which drivers or files require driver signature enforcement:
-[Troubleshooting boot problem caused by missing driver signature (x64)](/archive/blogs/askcore/troubleshooting-boot-issues-due-to-missing-driver-signature-x64)
+[Troubleshooting boot problem caused by missing driver signature (x64)](/archive/blogs/askcore/troubleshooting-boot-issues-due-to-missing-driver-signature-x64)
> [!NOTE]
> If the computer is a domain controller, try Directory Services Restore mode (DSRM).
>
> This method is an important step if you encounter Stop error "0xC00002E1" or "0xC00002E2"
-
-**Examples**
+#### Examples
> [!WARNING]
-> Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these
-problems can be solved. Modify the registry at your own risk.
+> Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft can't guarantee that these problems can be solved. Modify the registry at your own risk.
*Error code INACCESSIBLE_BOOT_DEVICE (STOP 0x7B)*
To troubleshoot this Stop error, follow these steps to filter the drivers:
-1. Go to Windows Recovery Environment (WinRE) by putting an ISO disk of the system in the disk drive. The ISO should be of the same version of Windows or a later version.
+1. Go to Windows Recovery Environment (WinRE) by putting an ISO disk of the system in the disk drive. The ISO should be of the same version of Windows or a later version.
-2. Open the registry.
+2. Open the registry.
-3. Load the system hive, and name it as "test."
+3. Load the system hive, and name it **test**.
-4. Under the following registry subkey, check for lower filter and upper filter items for Non-Microsoft Drivers:
-
- **HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Class**
-
-5. For each third-party driver that you locate, click the upper or lower filter, and then delete the value data.
+4. Under the following registry subkey, check for lower filter and upper filter items for non-Microsoft drivers:
-6. Search through the whole registry for similar items. Process as an appropriate, and then unload the registry hive.
+ `HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class`
-7. Restart the server in Normal mode.
+5. For each third-party driver that you locate, select the upper or lower filter, and then delete the value data.
-For more troubleshooting steps, see the following articles:
+6. Search through the whole registry for similar items. Process as appropriate, and then unload the registry hive.
-- [Advanced troubleshooting for Stop error 7B or Inaccessible_Boot_Device](./troubleshoot-inaccessible-boot-device.md)
+7. Restart the server in Normal mode.
+
+For more troubleshooting steps, see [Advanced troubleshooting for Stop error 7B or Inaccessible_Boot_Device](./troubleshoot-inaccessible-boot-device.md).
To fix problems that occur after you install Windows updates, check for pending updates by using these steps:
@@ -301,16 +274,15 @@ To fix problems that occur after you install Windows updates, check for pending
2. Run the command:
- ```console
+ ```command
DISM /image:C:\ /get-packages
```
3. If there are any pending updates, uninstall them by running the following commands:
- ```console
+ ```command
DISM /image:C:\ /remove-package /packagename: name of the package
- ```
- ```console
+
DISM /Image:C:\ /Cleanup-Image /RevertPendingActions
```
@@ -318,72 +290,67 @@ To fix problems that occur after you install Windows updates, check for pending
If the computer doesn't start, follow these steps:
-1. Open A Command Prompt window in WinRE, and start a text editor, such as Notepad.
+1. Open a command prompt window in WinRE, and start a text editor, such as Notepad.
-2. Navigate to the system drive, and search for windows\winsxs\pending.xml.
+2. Navigate to the system drive, and search for `windows\winsxs\pending.xml`.
-3. If the Pending.xml file is found, rename the file as Pending.xml.old.
+3. If the pending.xml file is found, rename the file as `pending.xml.old`.
-4. Open the registry, and then load the component hive in HKEY_LOCAL_MACHINE as a test.
+4. Open the registry, and then load the component hive in HKEY_LOCAL_MACHINE as test.
-5. Highlight the loaded test hive, and then search for the **pendingxmlidentifier** value.
+5. Highlight the loaded test hive, and then search for the `pendingxmlidentifier` value.
-6. If the **pendingxmlidentifier** value exists, delete the value.
+6. If the `pendingxmlidentifier` value exists, delete it.
-7. Unload the test hive.
+7. Unload the test hive.
-8. Load the system hive, name it as "test".
+8. Load the system hive, name it **test**.
-9. Navigate to the following subkey:
-
- **HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\TrustedInstaller**
-
-10. Change the **Start** value from **1** to **4**
+9. Navigate to the following subkey:
+
+ `HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrustedInstaller`
+
+10. Change the **Start** value from `1` to `4`.
11. Unload the hive.
12. Try to start the computer.
-If the Stop error occurs late in the startup process, or if the Stop error is still being generated, you can capture a memory dump. A good memory dump can help determine the root cause of the Stop error. For details, see the following articles:
+If the Stop error occurs late in the startup process, or if the Stop error is still being generated, you can capture a memory dump. A good memory dump can help determine the root cause of the Stop error. For more information, see [Generate a kernel or complete crash dump](./generate-kernel-or-complete-crash-dump.md).
-- [Generate a kernel or complete crash dump](./generate-kernel-or-complete-crash-dump.md)
+For more information about page file problems in Windows 10 or Windows Server 2016, see [Introduction to page files](./introduction-page-file.md).
-For more information about page file problems in Windows 10 or Windows Server 2016, see the following article:
-- [Introduction to page files](./introduction-page-file.md)
+For more information about Stop errors, see [Advanced troubleshooting for Stop error or blue screen error issue](./troubleshoot-stop-errors.md).
-For more information about Stop errors, see the following Knowledge Base article:
-- [Advanced troubleshooting for Stop error or blue screen error issue](./troubleshoot-stop-errors.md)
+Sometimes the dump file shows an error that's related to a driver. For example, `windows\system32\drivers\stcvsm.sys` is missing or corrupted. In this instance, follow these guidelines:
-
-If the dump file shows an error that is related to a driver (for example, windows\system32\drivers\stcvsm.sys is missing or corrupted), follow these guidelines:
-
-- Check the functionality that is provided by the driver. If the driver is a third-party boot driver, make sure that you understand what it does.
+- Check the functionality that's provided by the driver. If the driver is a third-party boot driver, make sure that you understand what it does.
- If the driver isn't important and has no dependencies, load the system hive, and then disable the driver.
- If the stop error indicates system file corruption, run the system file checker in offline mode.
- - To do this, open WinRE, open a command prompt, and then run the following command:
+ - To do this action, open WinRE, open a command prompt, and then run the following command:
- ```console
- SFC /Scannow /OffBootDir=C:\ /OffWinDir=C:\Windows
- ```
+ ```command
+ SFC /Scannow /OffBootDir=C:\ /OffWinDir=C:\Windows
+ ```
- For more information, see [Using System File Checker (SFC) To Fix Issues](/archive/blogs/askcore/using-system-file-checker-sfc-to-fix-issues)
+ For more information, see [Using system file checker (SFC) to fix issues](/archive/blogs/askcore/using-system-file-checker-sfc-to-fix-issues).
- - If there's disk corruption, run the check disk command:
+ - If there's disk corruption, run the check disk command:
- ```console
- chkdsk /f /r
- ```
+ ```command
+ chkdsk /f /r
+ ```
- - If the Stop error indicates general registry corruption, or if you believe that new drivers or services were installed, follow these steps:
+- If the Stop error indicates general registry corruption, or if you believe that new drivers or services were installed, follow these steps:
- 1. Start WinRE, and open a Command Prompt window.
- 2. Start a text editor, such as Notepad.
- 3. Navigate to C:\Windows\System32\Config\.
- 4. Rename the all five hives by appending ".old" to the name.
- 5. Copy all the hives from the Regback folder, paste them in the Config folder, and then try to start the computer in Normal mode.
+ 1. Start WinRE, and open a command prompt window.
+ 2. Start a text editor, such as Notepad.
+ 3. Navigate to `C:\Windows\System32\Config\`.
+ 4. Rename the all five hives by appending `.old` to the name.
+ 5. Copy all the hives from the `Regback` folder, paste them in the `Config` folder, and then try to start the computer in Normal mode.
> [!NOTE]
-> Starting in Windows 10, version 1803, Windows no longer automatically backs up the system registry to the RegBack folder.This change is by design, and is intended to help reduce the overall disk footprint size of Windows. To recover a system with a corrupt registry hive, Microsoft recommends that you use a system restore point. For more details, check [this article](/troubleshoot/windows-client/deployment/system-registry-no-backed-up-regback-folder).
+> Starting in Windows 10, version 1803, Windows no longer automatically backs up the system registry to the RegBack folder.This change is by design, and is intended to help reduce the overall disk footprint size of Windows. To recover a system with a corrupt registry hive, Microsoft recommends that you use a system restore point. For more information, see [The system registry is no longer backed up to the RegBack folder starting in Windows 10 version 1803](/troubleshoot/windows-client/deployment/system-registry-no-backed-up-regback-folder).
diff --git a/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md b/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md
index 8ab2aede4e..35484e641a 100644
--- a/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md
+++ b/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md
@@ -3,10 +3,7 @@ title: Advanced Troubleshooting Wireless Network Connectivity
ms.reviewer:
manager: dougeby
description: Learn how to troubleshoot Wi-Fi connections. Troubleshooting Wi-Fi connections requires understanding the basic flow of the Wi-Fi autoconnect state machine.
-keywords: troubleshooting, wireless network connectivity, wireless, Wi-Fi
ms.prod: w10
-ms.mktglfcycl:
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/client-management/connect-to-remote-aadj-pc.md b/windows/client-management/connect-to-remote-aadj-pc.md
index cf0c18ee1d..ea9fe24821 100644
--- a/windows/client-management/connect-to-remote-aadj-pc.md
+++ b/windows/client-management/connect-to-remote-aadj-pc.md
@@ -1,11 +1,7 @@
---
title: Connect to remote Azure Active Directory-joined PC (Windows)
description: You can use Remote Desktop Connection to connect to an Azure AD-joined PC.
-keywords: ["MDM", "device management", "RDP", "AADJ"]
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: devices
author: dansimp
ms.localizationpriority: medium
ms.author: dansimp
@@ -66,7 +62,7 @@ Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-gu
- Adding users using policy
- Starting in Windows 10, version 2004, you can add users to the Remote Desktop Users using MDM policies as described in [How to manage the local administrators group on Azure AD joined devices](/azure/active-directory/devices/assign-local-admin#manage-administrator-privileges-using-azure-ad-groups-preview).
+ Starting in Windows 10, version 2004, you can add users to the Remote Desktop Users using MDM policies as described in [How to manage the local administrators group on Azure AD-joined devices](/azure/active-directory/devices/assign-local-admin#manage-administrator-privileges-using-azure-ad-groups-preview).
> [!TIP]
> When you connect to the remote PC, enter your account name in this format: AzureAD\yourloginid@domain.com.
diff --git a/windows/client-management/data-collection-for-802-authentication.md b/windows/client-management/data-collection-for-802-authentication.md
index 8717d386a2..686860ae52 100644
--- a/windows/client-management/data-collection-for-802-authentication.md
+++ b/windows/client-management/data-collection-for-802-authentication.md
@@ -3,10 +3,7 @@ title: Data collection for troubleshooting 802.1X authentication
ms.reviewer:
manager: dansimp
description: Use the steps in this article to collect data that can be used to troubleshoot 802.1X authentication issues.
-keywords: troubleshooting, data collection, data, 802.1X authentication, authentication, data
ms.prod: w10
-ms.mktglfcycl:
-ms.sitesec: library
author: dansimp
ms.localizationpriority: medium
ms.author: dansimp
diff --git a/windows/client-management/determine-appropriate-page-file-size.md b/windows/client-management/determine-appropriate-page-file-size.md
index 6c0e959124..54cd623df2 100644
--- a/windows/client-management/determine-appropriate-page-file-size.md
+++ b/windows/client-management/determine-appropriate-page-file-size.md
@@ -2,7 +2,6 @@
title: How to determine the appropriate page file size for 64-bit versions of Windows
description: Learn how to determine the appropriate page file size for 64-bit versions of Windows.
ms.prod: w10
-ms.sitesec: library
ms.topic: troubleshooting
author: Deland-Han
ms.localizationpriority: medium
diff --git a/windows/client-management/generate-kernel-or-complete-crash-dump.md b/windows/client-management/generate-kernel-or-complete-crash-dump.md
index b3c3a0f026..e631ae9d84 100644
--- a/windows/client-management/generate-kernel-or-complete-crash-dump.md
+++ b/windows/client-management/generate-kernel-or-complete-crash-dump.md
@@ -2,7 +2,6 @@
title: Generate a kernel or complete crash dump
description: Learn how to generate a kernel or complete crash dump, and then use the output to troubleshoot several issues.
ms.prod: w10
-ms.sitesec: library
ms.topic: troubleshooting
author: Deland-Han
ms.localizationpriority: medium
diff --git a/windows/client-management/group-policies-for-enterprise-and-education-editions.md b/windows/client-management/group-policies-for-enterprise-and-education-editions.md
index 3d50f1d30a..dfb3d72af7 100644
--- a/windows/client-management/group-policies-for-enterprise-and-education-editions.md
+++ b/windows/client-management/group-policies-for-enterprise-and-education-editions.md
@@ -2,8 +2,6 @@
title: Group Policy settings that apply only to Windows 10 Enterprise and Education Editions (Windows 10)
description: Use this topic to learn about Group Policy settings that apply only to Windows 10 Enterprise and Windows 10 Education.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: dansimp
ms.localizationpriority: medium
ms.date: 09/14/2021
diff --git a/windows/client-management/img-boot-sequence.md b/windows/client-management/img-boot-sequence.md
deleted file mode 100644
index 6ce343dade..0000000000
--- a/windows/client-management/img-boot-sequence.md
+++ /dev/null
@@ -1,17 +0,0 @@
----
-title: Boot sequence flowchart
-description: View a full-sized view of the boot sequence flowchart. Use the link to return to the Advanced troubleshooting for Windows boot problems article.
-ms.date: 11/16/2018
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-author: dansimp
-ms.topic: article
-ms.prod: w10
----
-
-# Boot sequence flowchart
-
-Return to: [Advanced troubleshooting for Windows boot problems](advanced-troubleshooting-boot-problems.md)
-
-
diff --git a/windows/client-management/includes/allow-a-shared-books-folder-shortdesc.md b/windows/client-management/includes/allow-a-shared-books-folder-shortdesc.md
index 9b1d7821f3..57b5523dd9 100644
--- a/windows/client-management/includes/allow-a-shared-books-folder-shortdesc.md
+++ b/windows/client-management/includes/allow-a-shared-books-folder-shortdesc.md
@@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
-audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
diff --git a/windows/client-management/includes/allow-address-bar-drop-down-shortdesc.md b/windows/client-management/includes/allow-address-bar-drop-down-shortdesc.md
index 116864a49f..031d179b36 100644
--- a/windows/client-management/includes/allow-address-bar-drop-down-shortdesc.md
+++ b/windows/client-management/includes/allow-address-bar-drop-down-shortdesc.md
@@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
-audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
diff --git a/windows/client-management/includes/allow-adobe-flash-shortdesc.md b/windows/client-management/includes/allow-adobe-flash-shortdesc.md
index dca6cf6233..45365c58bd 100644
--- a/windows/client-management/includes/allow-adobe-flash-shortdesc.md
+++ b/windows/client-management/includes/allow-adobe-flash-shortdesc.md
@@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
-audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
diff --git a/windows/client-management/includes/allow-clearing-browsing-data-on-exit-shortdesc.md b/windows/client-management/includes/allow-clearing-browsing-data-on-exit-shortdesc.md
index af3d4fefef..82ccb5f2ed 100644
--- a/windows/client-management/includes/allow-clearing-browsing-data-on-exit-shortdesc.md
+++ b/windows/client-management/includes/allow-clearing-browsing-data-on-exit-shortdesc.md
@@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
-audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
diff --git a/windows/client-management/includes/allow-configuration-updates-for-books-library-shortdesc.md b/windows/client-management/includes/allow-configuration-updates-for-books-library-shortdesc.md
index 40a927c882..f8b89a8e2e 100644
--- a/windows/client-management/includes/allow-configuration-updates-for-books-library-shortdesc.md
+++ b/windows/client-management/includes/allow-configuration-updates-for-books-library-shortdesc.md
@@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
-audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
diff --git a/windows/client-management/includes/allow-cortana-shortdesc.md b/windows/client-management/includes/allow-cortana-shortdesc.md
index fbfa0f13b0..234b73f7d2 100644
--- a/windows/client-management/includes/allow-cortana-shortdesc.md
+++ b/windows/client-management/includes/allow-cortana-shortdesc.md
@@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
-audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
diff --git a/windows/client-management/includes/allow-developer-tools-shortdesc.md b/windows/client-management/includes/allow-developer-tools-shortdesc.md
index 9d134d4a38..41176ffb3b 100644
--- a/windows/client-management/includes/allow-developer-tools-shortdesc.md
+++ b/windows/client-management/includes/allow-developer-tools-shortdesc.md
@@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
-audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
diff --git a/windows/client-management/includes/allow-extended-telemetry-for-books-tab-shortdesc.md b/windows/client-management/includes/allow-extended-telemetry-for-books-tab-shortdesc.md
index 6fa1849707..3c9d3f6b42 100644
--- a/windows/client-management/includes/allow-extended-telemetry-for-books-tab-shortdesc.md
+++ b/windows/client-management/includes/allow-extended-telemetry-for-books-tab-shortdesc.md
@@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
-audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
diff --git a/windows/client-management/includes/allow-extensions-shortdesc.md b/windows/client-management/includes/allow-extensions-shortdesc.md
index ca5e422178..8276b06760 100644
--- a/windows/client-management/includes/allow-extensions-shortdesc.md
+++ b/windows/client-management/includes/allow-extensions-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-Microsoft Edge allows users to add or personalize extensions in Microsoft Edge by default. With this policy, you can configure Microsoft to prevent users from adding or personalizing extensions.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge allows users to add or personalize extensions in Microsoft Edge by default. With this policy, you can configure Microsoft to prevent users from adding or personalizing extensions.
diff --git a/windows/client-management/includes/allow-fullscreen-mode-shortdesc.md b/windows/client-management/includes/allow-fullscreen-mode-shortdesc.md
index 06b4e1eb02..8c616dedff 100644
--- a/windows/client-management/includes/allow-fullscreen-mode-shortdesc.md
+++ b/windows/client-management/includes/allow-fullscreen-mode-shortdesc.md
@@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
-audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
diff --git a/windows/client-management/includes/allow-inprivate-browsing-shortdesc.md b/windows/client-management/includes/allow-inprivate-browsing-shortdesc.md
index 4e15608ff7..1340e13406 100644
--- a/windows/client-management/includes/allow-inprivate-browsing-shortdesc.md
+++ b/windows/client-management/includes/allow-inprivate-browsing-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, Microsoft Edge allows InPrivate browsing, and after closing all InPrivate tabs, Microsoft Edge deletes the browsing data from the device. With this policy, you can configure Microsoft Edge to prevent InPrivate web browsing.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge allows InPrivate browsing, and after closing all InPrivate tabs, Microsoft Edge deletes the browsing data from the device. With this policy, you can configure Microsoft Edge to prevent InPrivate web browsing.
diff --git a/windows/client-management/includes/allow-microsoft-compatibility-list-shortdesc.md b/windows/client-management/includes/allow-microsoft-compatibility-list-shortdesc.md
index 46d2b5f57e..35a86bfd85 100644
--- a/windows/client-management/includes/allow-microsoft-compatibility-list-shortdesc.md
+++ b/windows/client-management/includes/allow-microsoft-compatibility-list-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-During browser navigation, Microsoft Edge checks the Microsoft Compatibility List for websites with known compatibility issues. If found, users are prompted to use Internet Explorer, where the site loads and displays correctly. Periodically during browser navigation, Microsoft Edge downloads the latest version of the list and applies the updates. With this policy, you can configure Microsoft Edge to ignore the compatibility list. You can view the compatibility list at about:compat.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+During browser navigation, Microsoft Edge checks the Microsoft Compatibility List for websites with known compatibility issues. If found, users are prompted to use Internet Explorer, where the site loads and displays correctly. Periodically during browser navigation, Microsoft Edge downloads the latest version of the list and applies the updates. With this policy, you can configure Microsoft Edge to ignore the compatibility list. You can view the compatibility list at about:compat.
diff --git a/windows/client-management/includes/allow-prelaunch-shortdesc.md b/windows/client-management/includes/allow-prelaunch-shortdesc.md
index fcaf11e3ef..a8437f2035 100644
--- a/windows/client-management/includes/allow-prelaunch-shortdesc.md
+++ b/windows/client-management/includes/allow-prelaunch-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-Microsoft Edge pre-launches as a background process during Windows startup when the system is idle waiting to be launched by the user. Pre-launching helps the performance of Microsoft Edge and minimizes the amount of time required to start Microsoft Edge. You can also configure Microsoft Edge to prevent from pre-launching.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge pre-launches as a background process during Windows startup when the system is idle waiting to be launched by the user. Pre-launching helps the performance of Microsoft Edge and minimizes the amount of time required to start Microsoft Edge. You can also configure Microsoft Edge to prevent from pre-launching.
diff --git a/windows/client-management/includes/allow-printing-shortdesc.md b/windows/client-management/includes/allow-printing-shortdesc.md
index f03766176c..288599efdd 100644
--- a/windows/client-management/includes/allow-printing-shortdesc.md
+++ b/windows/client-management/includes/allow-printing-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-Microsoft Edge allows users to print web content by default. With this policy, you can configure Microsoft Edge to prevent users from printing web content.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge allows users to print web content by default. With this policy, you can configure Microsoft Edge to prevent users from printing web content.
diff --git a/windows/client-management/includes/allow-saving-history-shortdesc.md b/windows/client-management/includes/allow-saving-history-shortdesc.md
index 822a8f9b81..8f5084cda1 100644
--- a/windows/client-management/includes/allow-saving-history-shortdesc.md
+++ b/windows/client-management/includes/allow-saving-history-shortdesc.md
@@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
-audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
diff --git a/windows/client-management/includes/allow-search-engine-customization-shortdesc.md b/windows/client-management/includes/allow-search-engine-customization-shortdesc.md
index 1ecba430cb..d7acad8b8d 100644
--- a/windows/client-management/includes/allow-search-engine-customization-shortdesc.md
+++ b/windows/client-management/includes/allow-search-engine-customization-shortdesc.md
@@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
-audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
diff --git a/windows/client-management/includes/allow-sideloading-of-extensions-shortdesc.md b/windows/client-management/includes/allow-sideloading-of-extensions-shortdesc.md
index 985741be58..5774f8089e 100644
--- a/windows/client-management/includes/allow-sideloading-of-extensions-shortdesc.md
+++ b/windows/client-management/includes/allow-sideloading-of-extensions-shortdesc.md
@@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
-audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
diff --git a/windows/client-management/includes/allow-tab-preloading-shortdesc.md b/windows/client-management/includes/allow-tab-preloading-shortdesc.md
index 783d8517ed..5008070f5b 100644
--- a/windows/client-management/includes/allow-tab-preloading-shortdesc.md
+++ b/windows/client-management/includes/allow-tab-preloading-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-Microsoft Edge allows preloading of the Start and New Tab pages during Windows sign in, and each time Microsoft Edge closes by default. Preloading minimizes the amount of time required to start Microsoft Edge and load a new tab. With this policy, you can configure Microsoft Edge to prevent preloading of tabs.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge allows preloading of the Start and New Tab pages during Windows sign-in, and each time Microsoft Edge closes by default. Preloading minimizes the amount of time required to start Microsoft Edge and load a new tab. With this policy, you can configure Microsoft Edge to prevent preloading of tabs.
diff --git a/windows/client-management/includes/allow-web-content-on-new-tab-page-shortdesc.md b/windows/client-management/includes/allow-web-content-on-new-tab-page-shortdesc.md
index eb2a40f269..5d9a75ed5a 100644
--- a/windows/client-management/includes/allow-web-content-on-new-tab-page-shortdesc.md
+++ b/windows/client-management/includes/allow-web-content-on-new-tab-page-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 11/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, Microsoft Edge loads the default New Tab page and lets the users make changes. If you disable this policy, a blank page loads instead of the New Tab page and prevents users from changing it.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 11/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge loads the default New Tab page and lets the users make changes. If you disable this policy, a blank page loads instead of the New Tab page and prevents users from changing it.
diff --git a/windows/client-management/includes/allow-windows-app-to-share-data-users-shortdesc.md b/windows/client-management/includes/allow-windows-app-to-share-data-users-shortdesc.md
index 51e769d22c..2c63762356 100644
--- a/windows/client-management/includes/allow-windows-app-to-share-data-users-shortdesc.md
+++ b/windows/client-management/includes/allow-windows-app-to-share-data-users-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-With this policy, you can configure Windows 10 to share application data among multiple users on the system and with other instances of that app. Data shared through the SharedLocal folder is available through the Windows.Storage API. If you previously enabled this policy and now want to disable it, any shared app data remains in the SharedLocal folder.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+With this policy, you can configure Windows 10 to share application data among multiple users on the system and with other instances of that app. Data shared through the SharedLocal folder is available through the Windows.Storage API. If you previously enabled this policy and now want to disable it, any shared app data remains in the SharedLocal folder.
diff --git a/windows/client-management/includes/always-show-books-library-shortdesc.md b/windows/client-management/includes/always-show-books-library-shortdesc.md
index 264f64a898..a9e0bdb003 100644
--- a/windows/client-management/includes/always-show-books-library-shortdesc.md
+++ b/windows/client-management/includes/always-show-books-library-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-Microsoft Edge shows the Books Library only in countries or regions where supported. With this policy, you can configure Microsoft Edge to show the Books Library regardless of the device’s country or region.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge shows the Books Library only in countries or regions where supported. With this policy, you can configure Microsoft Edge to show the Books Library regardless of the device’s country or region.
diff --git a/windows/client-management/includes/configure-additional-search-engines-shortdesc.md b/windows/client-management/includes/configure-additional-search-engines-shortdesc.md
index cd9e9d9751..2560751600 100644
--- a/windows/client-management/includes/configure-additional-search-engines-shortdesc.md
+++ b/windows/client-management/includes/configure-additional-search-engines-shortdesc.md
@@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
-audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
diff --git a/windows/client-management/includes/configure-adobe-flash-click-to-run-setting-shortdesc.md b/windows/client-management/includes/configure-adobe-flash-click-to-run-setting-shortdesc.md
index 0f73c32d5f..d409c6374c 100644
--- a/windows/client-management/includes/configure-adobe-flash-click-to-run-setting-shortdesc.md
+++ b/windows/client-management/includes/configure-adobe-flash-click-to-run-setting-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-Microsoft Edge supports Adobe Flash as a built-in feature rather than as an external add-on and updates automatically via Windows Update. By default, Microsoft Edge prevents Adobe Flash content from loading automatically, requiring action from the user, for example, clicking the **Click-to-Run** button. Depending on how often the content loads and runs, the sites for the content gets added to the auto-allowed list. Disable this policy if you want Adobe Flash content to load automatically.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge supports Adobe Flash as a built-in feature rather than as an external add-on and updates automatically via Windows Update. By default, Microsoft Edge prevents Adobe Flash content from loading automatically, requiring action from the user, for example, clicking the **Click-to-Run** button. Depending on how often the content loads and runs, the sites for the content gets added to the auto-allowed list. Disable this policy if you want Adobe Flash content to load automatically.
diff --git a/windows/client-management/includes/configure-autofill-shortdesc.md b/windows/client-management/includes/configure-autofill-shortdesc.md
index 94441080d8..74af7970c6 100644
--- a/windows/client-management/includes/configure-autofill-shortdesc.md
+++ b/windows/client-management/includes/configure-autofill-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, users can choose to use the Autofill feature to populate the form fields automatically. With this policy, you can configure Microsoft Edge, when enabled to use Autofill or, when disabled to prevent using Autofill.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, users can choose to use the Autofill feature to populate the form fields automatically. With this policy, you can configure Microsoft Edge, when enabled to use Autofill or, when disabled to prevent using Autofill.
diff --git a/windows/client-management/includes/configure-browser-telemetry-for-m365-analytics-shortdesc.md b/windows/client-management/includes/configure-browser-telemetry-for-m365-analytics-shortdesc.md
index 90eddc5182..935810a840 100644
--- a/windows/client-management/includes/configure-browser-telemetry-for-m365-analytics-shortdesc.md
+++ b/windows/client-management/includes/configure-browser-telemetry-for-m365-analytics-shortdesc.md
@@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
-audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
diff --git a/windows/client-management/includes/configure-cookies-shortdesc.md b/windows/client-management/includes/configure-cookies-shortdesc.md
index 93152d2e3d..eeb223000b 100644
--- a/windows/client-management/includes/configure-cookies-shortdesc.md
+++ b/windows/client-management/includes/configure-cookies-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-Microsoft Edge allows all cookies from all websites by default. With this policy, you can configure Microsoft to block only 3rd-party cookies or block all cookies.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge allows all cookies from all websites by default. With this policy, you can configure Microsoft to block only 3rd-party cookies or block all cookies.
diff --git a/windows/client-management/includes/configure-do-not-track-shortdesc.md b/windows/client-management/includes/configure-do-not-track-shortdesc.md
index c5253680b3..d69135a7e9 100644
--- a/windows/client-management/includes/configure-do-not-track-shortdesc.md
+++ b/windows/client-management/includes/configure-do-not-track-shortdesc.md
@@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
-audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
diff --git a/windows/client-management/includes/configure-enterprise-mode-site-list-shortdesc.md b/windows/client-management/includes/configure-enterprise-mode-site-list-shortdesc.md
index d13febee60..f98aa94435 100644
--- a/windows/client-management/includes/configure-enterprise-mode-site-list-shortdesc.md
+++ b/windows/client-management/includes/configure-enterprise-mode-site-list-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-Microsoft Edge does not support ActiveX controls, Browser Helper Objects, VBScript, or other legacy technology. If you have sites or apps that use this technology, you can configure Microsoft Edge to check the Enterprise Mode Site List XML file that lists the sites and domains with compatibility issues and switch to IE11 automatically. You can use the same site list for both Microsoft Edge and IE11, or you can use separate lists. By default, Microsoft Edge ignores the Enterprise Mode and the Enterprise Mode Site List XML file. In this case, users might experience problems while using legacy apps. These sites and domains must be viewed using Internet Explorer 11 and Enterprise Mode.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge does not support ActiveX controls, Browser Helper Objects, VBScript, or other legacy technology. If you have sites or apps that use this technology, you can configure Microsoft Edge to check the Enterprise Mode Site List XML file that lists the sites and domains with compatibility issues and switch to IE11 automatically. You can use the same site list for both Microsoft Edge and IE11, or you can use separate lists. By default, Microsoft Edge ignores the Enterprise Mode and the Enterprise Mode Site List XML file. In this case, users might experience problems while using legacy apps. These sites and domains must be viewed using Internet Explorer 11 and Enterprise Mode.
diff --git a/windows/client-management/includes/configure-favorites-bar-shortdesc.md b/windows/client-management/includes/configure-favorites-bar-shortdesc.md
index 8f16c20242..661818a582 100644
--- a/windows/client-management/includes/configure-favorites-bar-shortdesc.md
+++ b/windows/client-management/includes/configure-favorites-bar-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-Microsoft Edge hides the favorites bar by default but shows it on the Start and New Tab pages. Also, by default, the Favorites Bar toggle, in Settings, is set to Off but enabled letting users make changes. With this policy, you can configure Microsoft Edge to either show or hide the Favorites Bar on all pages.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge hides the favorites bar by default but shows it on the Start and New Tab pages. Also, by default, the Favorites Bar toggle, in Settings, is set to Off but enabled letting users make changes. With this policy, you can configure Microsoft Edge to either show or hide the Favorites Bar on all pages.
diff --git a/windows/client-management/includes/configure-favorites-shortdesc.md b/windows/client-management/includes/configure-favorites-shortdesc.md
index 9317df97f3..34e0cded8f 100644
--- a/windows/client-management/includes/configure-favorites-shortdesc.md
+++ b/windows/client-management/includes/configure-favorites-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-Discontinued in Windows 10, version 1809. Use the **[Provision Favorites](../available-policies.md#provision-favorites)** policy instead.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Discontinued in Windows 10, version 1809. Use the **[Provision Favorites](../available-policies.md#provision-favorites)** policy instead.
diff --git a/windows/client-management/includes/configure-home-button-shortdesc.md b/windows/client-management/includes/configure-home-button-shortdesc.md
index c02a0dcee9..17d1b68784 100644
--- a/windows/client-management/includes/configure-home-button-shortdesc.md
+++ b/windows/client-management/includes/configure-home-button-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-Microsoft Edge shows the home button and by clicking it the Start page loads by default. With this policy, you can configure the home button to load the New Tab page or a URL defined in the Set Home Button URL policy. You can also configure Microsoft Edge to hide the home button.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge shows the home button and by clicking it the Start page loads by default. With this policy, you can configure the home button to load the New Tab page or a URL defined in the Set Home Button URL policy. You can also configure Microsoft Edge to hide the home button.
diff --git a/windows/client-management/includes/configure-kiosk-mode-shortdesc.md b/windows/client-management/includes/configure-kiosk-mode-shortdesc.md
index 8397ff7c18..b16c3d18e4 100644
--- a/windows/client-management/includes/configure-kiosk-mode-shortdesc.md
+++ b/windows/client-management/includes/configure-kiosk-mode-shortdesc.md
@@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
-audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
diff --git a/windows/client-management/includes/configure-kiosk-reset-after-idle-timeout-shortdesc.md b/windows/client-management/includes/configure-kiosk-reset-after-idle-timeout-shortdesc.md
index 3a7657e544..767c933e7c 100644
--- a/windows/client-management/includes/configure-kiosk-reset-after-idle-timeout-shortdesc.md
+++ b/windows/client-management/includes/configure-kiosk-reset-after-idle-timeout-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-You can configure Microsoft Edge kiosk mode to reset to the configured start experience after a specified amount of idle time in minutes (0-1440). The reset timer begins after the last user interaction. Once the idle time meets the time specified, a confirmation message prompts the user to continue, and if no user action, Microsoft Edge kiosk mode resets after 30 seconds. Resetting to the configured start experience deletes the current user’s browsing data.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+You can configure Microsoft Edge kiosk mode to reset to the configured start experience after a specified amount of idle time in minutes (0-1440). The reset timer begins after the last user interaction. Once the idle time meets the time specified, a confirmation message prompts the user to continue, and if no user action, Microsoft Edge kiosk mode resets after 30 seconds. Resetting to the configured start experience deletes the current user’s browsing data.
diff --git a/windows/client-management/includes/configure-open-microsoft-edge-with-shortdesc.md b/windows/client-management/includes/configure-open-microsoft-edge-with-shortdesc.md
index 97d9c264c0..26dc5e0d88 100644
--- a/windows/client-management/includes/configure-open-microsoft-edge-with-shortdesc.md
+++ b/windows/client-management/includes/configure-open-microsoft-edge-with-shortdesc.md
@@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
-audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
diff --git a/windows/client-management/includes/configure-password-manager-shortdesc.md b/windows/client-management/includes/configure-password-manager-shortdesc.md
index 0d3bd9b655..f0b41c5b0f 100644
--- a/windows/client-management/includes/configure-password-manager-shortdesc.md
+++ b/windows/client-management/includes/configure-password-manager-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, Microsoft Edge uses Password Manager automatically, allowing users to manager passwords locally. Disabling this policy restricts Microsoft Edge from using Password Manager. Don’t configure this policy if you want to let users choose to save and manage passwords locally using Password Manager.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge uses Password Manager automatically, allowing users to manager passwords locally. Disabling this policy restricts Microsoft Edge from using Password Manager. Don’t configure this policy if you want to let users choose to save and manage passwords locally using Password Manager.
diff --git a/windows/client-management/includes/configure-pop-up-blocker-shortdesc.md b/windows/client-management/includes/configure-pop-up-blocker-shortdesc.md
index d15347179d..a34c788e1e 100644
--- a/windows/client-management/includes/configure-pop-up-blocker-shortdesc.md
+++ b/windows/client-management/includes/configure-pop-up-blocker-shortdesc.md
@@ -1,12 +1,12 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, Microsoft Edge turns off Pop-up Blocker, which opens pop-up windows. Enabling this policy turns on Pop-up Blocker preventing pop-up windows from opening. If you want users to choose to use Pop-up Blocker, don’t configure this policy.
-
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge turns off Pop-up Blocker, which opens pop-up windows. Enabling this policy turns on Pop-up Blocker preventing pop-up windows from opening. If you want users to choose to use Pop-up Blocker, don’t configure this policy.
+
diff --git a/windows/client-management/includes/configure-search-suggestions-in-address-bar-shortdesc.md b/windows/client-management/includes/configure-search-suggestions-in-address-bar-shortdesc.md
index 2bdf42c6d3..71b3e06d0d 100644
--- a/windows/client-management/includes/configure-search-suggestions-in-address-bar-shortdesc.md
+++ b/windows/client-management/includes/configure-search-suggestions-in-address-bar-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, users can choose to see search suggestions in the Address bar of Microsoft Edge. Disabling this policy hides the search suggestions and enabling this policy shows the search suggestions.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, users can choose to see search suggestions in the Address bar of Microsoft Edge. Disabling this policy hides the search suggestions and enabling this policy shows the search suggestions.
diff --git a/windows/client-management/includes/configure-start-pages-shortdesc.md b/windows/client-management/includes/configure-start-pages-shortdesc.md
index e8c18a3d8b..76e4a07003 100644
--- a/windows/client-management/includes/configure-start-pages-shortdesc.md
+++ b/windows/client-management/includes/configure-start-pages-shortdesc.md
@@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
-audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
diff --git a/windows/client-management/includes/configure-windows-defender-smartscreen-shortdesc.md b/windows/client-management/includes/configure-windows-defender-smartscreen-shortdesc.md
index 8eeb1e44a5..1682bc2ca2 100644
--- a/windows/client-management/includes/configure-windows-defender-smartscreen-shortdesc.md
+++ b/windows/client-management/includes/configure-windows-defender-smartscreen-shortdesc.md
@@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
-audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
diff --git a/windows/client-management/includes/disable-lockdown-of-start-pages-shortdesc.md b/windows/client-management/includes/disable-lockdown-of-start-pages-shortdesc.md
index 37156ee3a7..12bcdd34b8 100644
--- a/windows/client-management/includes/disable-lockdown-of-start-pages-shortdesc.md
+++ b/windows/client-management/includes/disable-lockdown-of-start-pages-shortdesc.md
@@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
-audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
diff --git a/windows/client-management/includes/do-not-sync-browser-settings-shortdesc.md b/windows/client-management/includes/do-not-sync-browser-settings-shortdesc.md
index f0cb07d514..b269a7f3e3 100644
--- a/windows/client-management/includes/do-not-sync-browser-settings-shortdesc.md
+++ b/windows/client-management/includes/do-not-sync-browser-settings-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, the “browser” group syncs automatically between user’s devices and allowing users to choose to make changes. The “browser” group uses the _Sync your Settings_ option in Settings to sync information like history and favorites. Enabling this policy prevents the “browser” group from using the Sync your Settings option. If you want syncing turned off by default but not disabled, select the _Allow users to turn “browser” syncing_ option.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, the “browser” group syncs automatically between user’s devices and allowing users to choose to make changes. The “browser” group uses the _Sync your Settings_ option in Settings to sync information like history and favorites. Enabling this policy prevents the “browser” group from using the Sync your Settings option. If you want syncing turned off by default but not disabled, select the _Allow users to turn “browser” syncing_ option.
diff --git a/windows/client-management/includes/do-not-sync-shortdesc.md b/windows/client-management/includes/do-not-sync-shortdesc.md
index f61cc11548..2fe09c0260 100644
--- a/windows/client-management/includes/do-not-sync-shortdesc.md
+++ b/windows/client-management/includes/do-not-sync-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, Microsoft Edge turns on the _Sync your settings_ toggle in **Settings > Device sync settings** letting users choose what to sync on their devices. Enabling this policy turns off and disables the _Sync your settings_ toggle preventing the syncing of user’s settings between their devices. If you want syncing turned off by default in Microsoft Edge but not disabled, enable this policy and select the _Allow users to turn syncing on_ option.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge turns on the _Sync your settings_ toggle in **Settings > Device sync settings** letting users choose what to sync on their devices. Enabling this policy turns off and disables the _Sync your settings_ toggle preventing the syncing of user’s settings between their devices. If you want syncing turned off by default in Microsoft Edge but not disabled, enable this policy and select the _Allow users to turn syncing on_ option.
diff --git a/windows/client-management/includes/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md b/windows/client-management/includes/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md
index 3bd062d263..0b377e56b6 100644
--- a/windows/client-management/includes/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md
+++ b/windows/client-management/includes/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, Microsoft Edge does not sync the user’s favorites between IE and Microsoft Edge. Enabling this policy syncs favorites between Internet Explorer and Microsoft Edge. Changes to favorites in one browser reflect in the other, including additions, deletions, modifications, and ordering of favorites.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge does not sync the user’s favorites between IE and Microsoft Edge. Enabling this policy syncs favorites between Internet Explorer and Microsoft Edge. Changes to favorites in one browser reflect in the other, including additions, deletions, modifications, and ordering of favorites.
diff --git a/windows/client-management/includes/microsoft-browser-extension-policy-shortdesc.md b/windows/client-management/includes/microsoft-browser-extension-policy-shortdesc.md
index 05fce92a47..2b26624e8c 100644
--- a/windows/client-management/includes/microsoft-browser-extension-policy-shortdesc.md
+++ b/windows/client-management/includes/microsoft-browser-extension-policy-shortdesc.md
@@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 04/23/2020
ms.reviewer:
-audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
diff --git a/windows/client-management/includes/prevent-access-to-about-flags-page-shortdesc.md b/windows/client-management/includes/prevent-access-to-about-flags-page-shortdesc.md
index f4acce9ce0..d5f609cfa6 100644
--- a/windows/client-management/includes/prevent-access-to-about-flags-page-shortdesc.md
+++ b/windows/client-management/includes/prevent-access-to-about-flags-page-shortdesc.md
@@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
-audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
diff --git a/windows/client-management/includes/prevent-bypassing-windows-defender-prompts-for-files-shortdesc.md b/windows/client-management/includes/prevent-bypassing-windows-defender-prompts-for-files-shortdesc.md
index 3676adbc89..f6b222fde2 100644
--- a/windows/client-management/includes/prevent-bypassing-windows-defender-prompts-for-files-shortdesc.md
+++ b/windows/client-management/includes/prevent-bypassing-windows-defender-prompts-for-files-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, Microsoft Edge allows users to bypass (ignore) the Windows Defender SmartScreen warnings about potentially malicious files, allowing them to continue downloading the unverified file(s). Enabling this policy prevents users from bypassing the warnings, blocking them from downloading of the unverified file(s).
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge allows users to bypass (ignore) the Windows Defender SmartScreen warnings about potentially malicious files, allowing them to continue downloading the unverified file(s). Enabling this policy prevents users from bypassing the warnings, blocking them from downloading of the unverified file(s).
diff --git a/windows/client-management/includes/prevent-bypassing-windows-defender-prompts-for-sites-shortdesc.md b/windows/client-management/includes/prevent-bypassing-windows-defender-prompts-for-sites-shortdesc.md
index 05bae5dac6..d04429bef8 100644
--- a/windows/client-management/includes/prevent-bypassing-windows-defender-prompts-for-sites-shortdesc.md
+++ b/windows/client-management/includes/prevent-bypassing-windows-defender-prompts-for-sites-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, Microsoft Edge allows users to bypass (ignore) the Windows Defender SmartScreen warnings about potentially malicious sites, allowing them to continue to the site. With this policy though, you can configure Microsoft Edge to prevent users from bypassing the warnings, blocking them from continuing to the site.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge allows users to bypass (ignore) the Windows Defender SmartScreen warnings about potentially malicious sites, allowing them to continue to the site. With this policy though, you can configure Microsoft Edge to prevent users from bypassing the warnings, blocking them from continuing to the site.
diff --git a/windows/client-management/includes/prevent-certificate-error-overrides-shortdesc.md b/windows/client-management/includes/prevent-certificate-error-overrides-shortdesc.md
index 675180c666..c73e676517 100644
--- a/windows/client-management/includes/prevent-certificate-error-overrides-shortdesc.md
+++ b/windows/client-management/includes/prevent-certificate-error-overrides-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-Microsoft Edge, by default, allows overriding of the security warnings to sites that have SSL errors, bypassing or ignoring certificate errors. Enabling this policy prevents overriding of the security warnings.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge, by default, allows overriding of the security warnings to sites that have SSL errors, bypassing or ignoring certificate errors. Enabling this policy prevents overriding of the security warnings.
diff --git a/windows/client-management/includes/prevent-changes-to-favorites-shortdesc.md b/windows/client-management/includes/prevent-changes-to-favorites-shortdesc.md
index 33db87a522..b635ee64e8 100644
--- a/windows/client-management/includes/prevent-changes-to-favorites-shortdesc.md
+++ b/windows/client-management/includes/prevent-changes-to-favorites-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, users can add, import, and make changes to the Favorites list in Microsoft Edge. Enabling this policy locks down the Favorites list in Microsoft Edge, preventing users from making changes. When enabled, Microsoft Edge turns off the Save a Favorite, Import settings, and context menu items, such as Create a new folder. Enable only this policy or the Keep favorites in sync between Internet Explorer and Microsoft Edge policy. If you enable both, Microsoft Edge prevents users from syncing their favorites between the two browsers.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, users can add, import, and make changes to the Favorites list in Microsoft Edge. Enabling this policy locks down the Favorites list in Microsoft Edge, preventing users from making changes. When enabled, Microsoft Edge turns off the Save a Favorite, Import settings, and context menu items, such as Create a new folder. Enable only this policy or the Keep favorites in sync between Internet Explorer and Microsoft Edge policy. If you enable both, Microsoft Edge prevents users from syncing their favorites between the two browsers.
diff --git a/windows/client-management/includes/prevent-edge-from-gathering-live-tile-info-shortdesc.md b/windows/client-management/includes/prevent-edge-from-gathering-live-tile-info-shortdesc.md
index 30d9a48e8d..bba9ec1ad5 100644
--- a/windows/client-management/includes/prevent-edge-from-gathering-live-tile-info-shortdesc.md
+++ b/windows/client-management/includes/prevent-edge-from-gathering-live-tile-info-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, Microsoft Edge collects the Live Tile metadata and sends it to Microsoft to help provide users a complete experience when they pin Live Tiles to the Start menu. However, with this policy, you can configure Microsoft Edge to prevent Microsoft from collecting Live Tile metadata, providing users with a limited experience.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge collects the Live Tile metadata and sends it to Microsoft to help provide users a complete experience when they pin Live Tiles to the Start menu. However, with this policy, you can configure Microsoft Edge to prevent Microsoft from collecting Live Tile metadata, providing users with a limited experience.
diff --git a/windows/client-management/includes/prevent-first-run-webpage-from-opening-shortdesc.md b/windows/client-management/includes/prevent-first-run-webpage-from-opening-shortdesc.md
index 9ed6170971..c156c94126 100644
--- a/windows/client-management/includes/prevent-first-run-webpage-from-opening-shortdesc.md
+++ b/windows/client-management/includes/prevent-first-run-webpage-from-opening-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, when launching Microsoft Edge for the first time, the First Run webpage (a welcome page) hosted on Microsoft.com loads automatically via an FWLINK. The welcome page lists the new features and helpful tips of Microsoft Edge. With this policy, you can configure Microsoft Edge to prevent loading the welcome page on first explicit user-launch.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, when launching Microsoft Edge for the first time, the First Run webpage (a welcome page) hosted on Microsoft.com loads automatically via an FWLINK. The welcome page lists the new features and helpful tips of Microsoft Edge. With this policy, you can configure Microsoft Edge to prevent loading the welcome page on first explicit user-launch.
diff --git a/windows/client-management/includes/prevent-turning-off-required-extensions-shortdesc.md b/windows/client-management/includes/prevent-turning-off-required-extensions-shortdesc.md
index b7331dd725..4209d79579 100644
--- a/windows/client-management/includes/prevent-turning-off-required-extensions-shortdesc.md
+++ b/windows/client-management/includes/prevent-turning-off-required-extensions-shortdesc.md
@@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
-audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
diff --git a/windows/client-management/includes/prevent-users-to-turn-on-browser-syncing-shortdesc.md b/windows/client-management/includes/prevent-users-to-turn-on-browser-syncing-shortdesc.md
index e624de62e6..037c535aa8 100644
--- a/windows/client-management/includes/prevent-users-to-turn-on-browser-syncing-shortdesc.md
+++ b/windows/client-management/includes/prevent-users-to-turn-on-browser-syncing-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, the “browser” group syncs automatically between the user’s devices, letting users make changes. With this policy, though, you can prevent the “browser” group from syncing and prevent users from turning on the _Sync your Settings_ toggle in Settings. If you want syncing turned off by default but not disabled, select the _Allow users to turn “browser” syncing_ option in the Do not sync browser policy. For this policy to work correctly, you must enable the Do not sync browser policy.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, the “browser” group syncs automatically between the user’s devices, letting users make changes. With this policy, though, you can prevent the “browser” group from syncing and prevent users from turning on the _Sync your Settings_ toggle in Settings. If you want syncing turned off by default but not disabled, select the _Allow users to turn “browser” syncing_ option in the Do not sync browser policy. For this policy to work correctly, you must enable the Do not sync browser policy.
diff --git a/windows/client-management/includes/prevent-using-localhost-ip-address-for-webrtc-shortdesc.md b/windows/client-management/includes/prevent-using-localhost-ip-address-for-webrtc-shortdesc.md
index b7b66d315b..fe0bc3c307 100644
--- a/windows/client-management/includes/prevent-using-localhost-ip-address-for-webrtc-shortdesc.md
+++ b/windows/client-management/includes/prevent-using-localhost-ip-address-for-webrtc-shortdesc.md
@@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
-audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
diff --git a/windows/client-management/includes/provision-favorites-shortdesc.md b/windows/client-management/includes/provision-favorites-shortdesc.md
index 2ddbc5c6d7..6f47ca66c4 100644
--- a/windows/client-management/includes/provision-favorites-shortdesc.md
+++ b/windows/client-management/includes/provision-favorites-shortdesc.md
@@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
-audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
diff --git a/windows/client-management/includes/search-provider-discovery-shortdesc.md b/windows/client-management/includes/search-provider-discovery-shortdesc.md
index 8f54c4b93a..8524933996 100644
--- a/windows/client-management/includes/search-provider-discovery-shortdesc.md
+++ b/windows/client-management/includes/search-provider-discovery-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-Microsoft Edge follows the OpenSearch 1.1 specification to discover and use web search providers. When a user browses to a search service, the OpenSearch description is picked up and saved for later use. Users can then choose to add the search service to use in the Microsoft Edge address bar.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge follows the OpenSearch 1.1 specification to discover and use web search providers. When a user browses to a search service, the OpenSearch description is picked up and saved for later use. Users can then choose to add the search service to use in the Microsoft Edge address bar.
diff --git a/windows/client-management/includes/send-all-intranet-sites-to-ie-shortdesc.md b/windows/client-management/includes/send-all-intranet-sites-to-ie-shortdesc.md
index 787f96dd9b..3b17cd7e5f 100644
--- a/windows/client-management/includes/send-all-intranet-sites-to-ie-shortdesc.md
+++ b/windows/client-management/includes/send-all-intranet-sites-to-ie-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, all websites, including intranet sites, open in Microsoft Edge automatically. Only enable this policy if there are known compatibility problems with Microsoft Edge. Enabling this policy loads only intranet sites in Internet Explorer 11 automatically.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, all websites, including intranet sites, open in Microsoft Edge automatically. Only enable this policy if there are known compatibility problems with Microsoft Edge. Enabling this policy loads only intranet sites in Internet Explorer 11 automatically.
diff --git a/windows/client-management/includes/set-default-search-engine-shortdesc.md b/windows/client-management/includes/set-default-search-engine-shortdesc.md
index 39b408d1b4..958dd67138 100644
--- a/windows/client-management/includes/set-default-search-engine-shortdesc.md
+++ b/windows/client-management/includes/set-default-search-engine-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, Microsoft Edge uses the search engine specified in App settings, letting users make changes at any time unless the Allow search engine customization policy is disabled, which restricts users from making changes. With this policy, you can either remove or use the policy-set search engine. When you remove the policy-set search engine, Microsoft Edge uses the specified search engine for the market, which lets users make changes to the default search engine. You can use the policy-set search engine specified in the OpenSearch XML, which prevents users from making changes.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge uses the search engine specified in App settings, letting users make changes at any time unless the Allow search engine customization policy is disabled, which restricts users from making changes. With this policy, you can either remove or use the policy-set search engine. When you remove the policy-set search engine, Microsoft Edge uses the specified search engine for the market, which lets users make changes to the default search engine. You can use the policy-set search engine specified in the OpenSearch XML, which prevents users from making changes.
diff --git a/windows/client-management/includes/set-home-button-url-shortdesc.md b/windows/client-management/includes/set-home-button-url-shortdesc.md
index 863cfdf84a..67e62738a6 100644
--- a/windows/client-management/includes/set-home-button-url-shortdesc.md
+++ b/windows/client-management/includes/set-home-button-url-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, Microsoft Edge shows the home button and loads the Start page, and locks down the home button to prevent users from changing what page loads. Enabling this policy loads a custom URL for the home button. When you enable this policy, and enable the Configure Home Button policy with the _Show home button & set a specific page_ option selected, a custom URL loads when the user clicks the home button.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge shows the home button and loads the Start page, and locks down the home button to prevent users from changing what page loads. Enabling this policy loads a custom URL for the home button. When you enable this policy, and enable the Configure Home Button policy with the _Show home button & set a specific page_ option selected, a custom URL loads when the user clicks the home button.
diff --git a/windows/client-management/includes/set-new-tab-url-shortdesc.md b/windows/client-management/includes/set-new-tab-url-shortdesc.md
index 5062d322e4..a909cbbdc7 100644
--- a/windows/client-management/includes/set-new-tab-url-shortdesc.md
+++ b/windows/client-management/includes/set-new-tab-url-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-Microsoft Edge loads the default New Tab page by default. Enabling this policy lets you set a New Tab page URL in Microsoft Edge, preventing users from changing it. When you enable this policy, and you disable the Allow web content on New Tab page policy, Microsoft Edge ignores any URL specified in this policy and opens about:blank.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge loads the default New Tab page by default. Enabling this policy lets you set a New Tab page URL in Microsoft Edge, preventing users from changing it. When you enable this policy, and you disable the Allow web content on New Tab page policy, Microsoft Edge ignores any URL specified in this policy and opens about:blank.
diff --git a/windows/client-management/includes/show-message-when-opening-sites-in-ie-shortdesc.md b/windows/client-management/includes/show-message-when-opening-sites-in-ie-shortdesc.md
index 1dc59094fd..5fda91f3db 100644
--- a/windows/client-management/includes/show-message-when-opening-sites-in-ie-shortdesc.md
+++ b/windows/client-management/includes/show-message-when-opening-sites-in-ie-shortdesc.md
@@ -1,10 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-Microsoft Edge does not show a notification before opening sites in Internet Explorer 11. However, with this policy, you can configure Microsoft Edge to display a notification before a site opens in IE11 or let users continue in Microsoft Edge. If you want users to continue in Microsoft Edge, enable this policy to show the _Keep going in Microsoft Edge_ link in the notification. For this policy to work correctly, you must also enable the Configure the Enterprise Mode Site List or Send all intranet sites to Internet Explorer 11, or both.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge does not show a notification before opening sites in Internet Explorer 11. However, with this policy, you can configure Microsoft Edge to display a notification before a site opens in IE11 or let users continue in Microsoft Edge. If you want users to continue in Microsoft Edge, enable this policy to show the _Keep going in Microsoft Edge_ link in the notification. For this policy to work correctly, you must also enable the Configure the Enterprise Mode Site List or Send all intranet sites to Internet Explorer 11, or both.
diff --git a/windows/client-management/includes/unlock-home-button-shortdesc.md b/windows/client-management/includes/unlock-home-button-shortdesc.md
index 0dd37009b6..722998c5bf 100644
--- a/windows/client-management/includes/unlock-home-button-shortdesc.md
+++ b/windows/client-management/includes/unlock-home-button-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, when you enable the Configure Home Button policy or provide a URL in the Set Home Button URL policy, Microsoft Edge locks down the home button to prevent users from changing the settings. When you enable this policy, users can make changes to the home button even if you enabled the Configure Home Button or Set Home Button URL policies.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, when you enable the Configure Home Button policy or provide a URL in the Set Home Button URL policy, Microsoft Edge locks down the home button to prevent users from changing the settings. When you enable this policy, users can make changes to the home button even if you enabled the Configure Home Button or Set Home Button URL policies.
diff --git a/windows/client-management/introduction-page-file.md b/windows/client-management/introduction-page-file.md
index be5ce9c487..af10628683 100644
--- a/windows/client-management/introduction-page-file.md
+++ b/windows/client-management/introduction-page-file.md
@@ -2,7 +2,6 @@
title: Introduction to the page file
description: Learn about the page files in Windows. A page file is an optional, hidden system file on a hard disk.
ms.prod: w10
-ms.sitesec: library
ms.topic: troubleshooting
author: Deland-Han
ms.localizationpriority: medium
diff --git a/windows/client-management/manage-corporate-devices.md b/windows/client-management/manage-corporate-devices.md
index 100a615574..36da3dfcc9 100644
--- a/windows/client-management/manage-corporate-devices.md
+++ b/windows/client-management/manage-corporate-devices.md
@@ -1,15 +1,11 @@
---
title: Manage corporate devices
description: You can use the same management tools to manage all device types running Windows 10 or Windows 11 desktops, laptops, tablets, and phones.
-ms.assetid: 62D6710C-E59C-4077-9C7E-CE0A92DFC05D
ms.reviewer:
manager: dansimp
ms.author: dansimp
keywords: ["MDM", "device management"]
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: devices
author: dansimp
ms.localizationpriority: medium
ms.date: 09/14/2021
@@ -49,11 +45,5 @@ You can use the same management tools to manage all device types running Windows
[Windows 10 (and Windows 11) and Azure Active Directory: Embracing the Cloud](https://go.microsoft.com/fwlink/p/?LinkId=615768)
-Microsoft Virtual Academy course: [System Center 2012 R2 Configuration Manager & Windows Intune](/learn/)
-
-
-
-
-
-
+Microsoft Virtual Academy course: [Configuration Manager & Windows Intune](/learn/)
\ No newline at end of file
diff --git a/windows/client-management/manage-device-installation-with-group-policy.md b/windows/client-management/manage-device-installation-with-group-policy.md
index 29a9358bf0..79544bf12c 100644
--- a/windows/client-management/manage-device-installation-with-group-policy.md
+++ b/windows/client-management/manage-device-installation-with-group-policy.md
@@ -2,8 +2,6 @@
title: Manage Device Installation with Group Policy (Windows 10 and Windows 11)
description: Find out how to manage Device Installation Restrictions with Group Policy.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.date: 09/14/2021
ms.reviewer:
diff --git a/windows/client-management/manage-settings-app-with-group-policy.md b/windows/client-management/manage-settings-app-with-group-policy.md
index 56a3adc040..4914694065 100644
--- a/windows/client-management/manage-settings-app-with-group-policy.md
+++ b/windows/client-management/manage-settings-app-with-group-policy.md
@@ -2,8 +2,6 @@
title: Manage the Settings app with Group Policy (Windows 10 and Windows 11)
description: Find out how to manage the Settings app with Group Policy so you can hide specific pages from users.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: dansimp
ms.date: 09/14/2021
ms.reviewer:
diff --git a/windows/client-management/manage-windows-10-in-your-organization-modern-management.md b/windows/client-management/manage-windows-10-in-your-organization-modern-management.md
index cc38c493dd..0f27f3d1d1 100644
--- a/windows/client-management/manage-windows-10-in-your-organization-modern-management.md
+++ b/windows/client-management/manage-windows-10-in-your-organization-modern-management.md
@@ -1,140 +1,136 @@
---
title: Manage Windows 10 in your organization - transitioning to modern management
-description: This topic offers strategies for deploying and managing Windows 10, including deploying Windows 10 in a mixed environment.
-keywords: ["MDM", "device management", "group policy", "Azure Active Directory"]
+description: This article offers strategies for deploying and managing Windows 10, including deploying Windows 10 in a mixed environment.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: devices
-author: dansimp
ms.localizationpriority: medium
-ms.date: 04/26/2018
+ms.date: 06/03/2022
+author: aczechowski
+ms.author: aaroncz
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-ms.topic: article
+manager: dougeby
+ms.topic: overview
---
# Manage Windows 10 in your organization - transitioning to modern management
Use of personal devices for work, and employees working outside the office, may be changing how your organization manages devices. Certain parts of your organization might require deep, granular control over devices, while other parts might seek lighter, scenario-based management that empowers the modern workforce. Windows 10 offers the flexibility to respond to these changing requirements, and can easily be deployed in a mixed environment. You can shift the percentage of Windows 10 devices gradually, following the normal upgrade schedules used in your organization.
-Your organization might have considered bringing in Windows 10 devices and downgrading them to Windows 7 until everything is in place for a formal upgrade process. While this downgrade may appear to save costs due to standardization, greater savings can come from avoiding the downgrade and immediately taking advantage of the cost reductions Windows 10 can provide. Because Windows 10 devices can be managed using the same processes and technology as other previous Windows versions, it’s easy for versions to coexist.
+Your organization might have considered bringing in Windows 10 devices and downgrading them to an earlier version of Windows until everything is in place for a formal upgrade process. While this downgrade may appear to save costs due to standardization, greater savings can come from avoiding the downgrade and immediately taking advantage of the cost reductions Windows 10 can provide. Because Windows 10 devices can be managed using the same processes and technology as other previous Windows versions, it's easy for versions to coexist.
-Your organization can support various operating systems across a wide range of device types, and manage them through a common set of tools such as Microsoft Endpoint Configuration Manager, Microsoft Intune, or other third-party products. This “managed diversity” enables you to empower your users to benefit from the productivity enhancements available on their new Windows 10 devices (including rich touch and ink support), while still maintaining your standards for security and manageability. It can help you and your organization benefit from Windows 10 much faster.
+Your organization can support various operating systems across a wide range of device types, and manage them through a common set of tools such as Microsoft Endpoint Configuration Manager, Microsoft Intune, or other third-party products. This "managed diversity" enables you to empower your users to benefit from the productivity enhancements available on their new Windows 10 devices (including rich touch and ink support), while still maintaining your standards for security and manageability. It can help you and your organization benefit from Windows 10 much faster.
This six-minute video demonstrates how users can bring in a new retail device and be up and working with their personalized settings and a managed experience in a few minutes, without being on the corporate network. It also demonstrates how IT can apply policies and configurations to ensure device compliance.
> [!VIDEO https://www.youtube.com/embed/g1rIcBhhxpA]
- >[!NOTE]
- >The video demonstrates the configuration process using the classic Azure portal, which is retired. Customers should use the new Azure portal. [Learn how use the new Azure portal to perform tasks that you used to do in the classic Azure portal.](/information-protection/deploy-use/migrate-portal)
+> [!NOTE]
+> The video demonstrates the configuration process using the classic Azure portal, which is retired. Customers should use the new Azure portal. [Learn how use the new Azure portal to perform tasks that you used to do in the classic Azure portal.](/information-protection/deploy-use/migrate-portal)
-This topic offers guidance on strategies for deploying and managing Windows 10, including deploying Windows 10 in a mixed environment. The topic covers [management options](#reviewing-the-management-options-with-windows-10) plus the four stages of the device lifecycle:
+This article offers guidance on strategies for deploying and managing Windows 10, including deploying Windows 10 in a mixed environment. It covers [management options](#reviewing-the-management-options-with-windows-10) plus the four stages of the device lifecycle:
-- [Deployment and Provisioning](#deployment-and-provisioning)
+- [Deployment and Provisioning](#deployment-and-provisioning)
-- [Identity and Authentication](#identity-and-authentication)
+- [Identity and Authentication](#identity-and-authentication)
-- [Configuration](#settings-and-configuration)
+- [Configuration](#settings-and-configuration)
-- [Updating and Servicing](#updating-and-servicing)
+- [Updating and Servicing](#updating-and-servicing)
## Reviewing the management options with Windows 10
Windows 10 offers a range of management options, as shown in the following diagram:
-
+:::image type="content" source="images/windows-10-management-range-of-options.png" alt-text="Diagram of the path to modern IT." lightbox="images/windows-10-management-range-of-options.png":::
-As indicated in the diagram, Microsoft continues to provide support for deep manageability and security through technologies like Group Policy, Active Directory, and Microsoft Configuration Manager. It also delivers a “mobile-first, cloud-first” approach of simplified, modern management using cloud-based device management solutions such as Microsoft Enterprise Mobility + Security (EMS). Future Windows innovations, delivered through Windows as a Service, are complemented by cloud services like Microsoft Intune, Azure Active Directory, Azure Information Protection, Office 365, and the Microsoft Store for Business.
+As indicated in the diagram, Microsoft continues to provide support for deep manageability and security through technologies like group Policy, Active Directory, and Configuration Manager. It also delivers a "mobile-first, cloud-first" approach of simplified, modern management using cloud-based device management solutions such as Microsoft Enterprise Mobility + Security (EMS). Future Windows innovations, delivered through Windows as a Service, are complemented by cloud services like Microsoft Intune, Azure Active Directory, Azure Information Protection, Office 365, and the Microsoft Store for Business.
-## Deployment and Provisioning
+## Deployment and provisioning
-With Windows 10, you can continue to use traditional OS deployment, but you can also “manage out of the box.” To transform new devices into fully configured, fully managed devices, you can:
+With Windows 10, you can continue to use traditional OS deployment, but you can also "manage out of the box." To transform new devices into fully configured, fully managed devices, you can:
+- Avoid reimaging by using dynamic provisioning, enabled by a cloud-based device management service such as [Windows Autopilot](/mem/autopilot/windows-autopilot) or [Microsoft Intune](/mem/intune/fundamentals/).
-- Avoid reimaging by using dynamic provisioning, enabled by a cloud-based device management services such as [Microsoft Autopilot](/windows/deployment/windows-10-auto-pilot) or [Microsoft Intune](/mem/intune/fundamentals/).
+- Create self-contained provisioning packages built with the Windows Configuration Designer. For more information, see [Provisioning packages for Windows](/windows/configuration/provisioning-packages/provisioning-packages).
-- Create self-contained provisioning packages built with the [Windows Configuration Designer](/windows/configuration/provisioning-packages/provisioning-packages).
+- Use traditional imaging techniques such as deploying custom images using [Configuration Manager](/mem/configmgr/core/understand/introduction).
-- Use traditional imaging techniques such as deploying custom images using [Microsoft Endpoint Configuration Manager](/configmgr/core/understand/introduction).
+You have multiple options for [upgrading to Windows 10](/windows/deployment/windows-10-deployment-scenarios). For existing devices running Windows 8.1, you can use the robust in-place upgrade process for a fast, reliable move to Windows 10 while automatically preserving all the existing apps, data, and settings. This process usage can mean lower deployment costs, and improved productivity as end users can be immediately productive - everything is right where they left it. You can also use a traditional wipe-and-load approach if you prefer, using the same tools that you use today.
-You have multiple options for [upgrading to Windows 10](/windows/deployment/windows-10-deployment-scenarios). For existing devices running Windows 7 or Windows 8.1, you can use the robust in-place upgrade process for a fast, reliable move to Windows 10 while automatically preserving all the existing apps, data, and settings. This process usage can mean lower deployment costs, and improved productivity as end users can be immediately productive – everything is right where they left it. You can also use a traditional wipe-and-load approach if you prefer, using the same tools that you use today with Windows 7.
+## Identity and authentication
-## Identity and Authentication
-
-You can use Windows 10 and services like [Azure Active Directory](/azure/active-directory/fundamentals/active-directory-whatis) in new ways for cloud-based identity, authentication, and management. You can offer your users the ability to **“bring your own device” (BYOD)** or to **“choose your own device” (CYOD)** from a selection you make available. At the same time, you might be managing PCs and tablets that must be domain-joined because of specific applications or resources that are used on them.
+You can use Windows 10 and services like [Azure Active Directory](/azure/active-directory/fundamentals/active-directory-whatis) in new ways for cloud-based identity, authentication, and management. You can offer your users the ability to **"bring your own device" (BYOD)** or to **"choose your own device" (CYOD)** from a selection you make available. At the same time, you might be managing PCs and tablets that must be domain-joined because of specific applications or resources that are used on them.
You can envision user and device management as falling into these two categories:
-- **Corporate (CYOD) or personal (BYOD) devices used by mobile users for SaaS apps such as Office 365.** With Windows 10, your employees can self-provision their devices:
+- **Corporate (CYOD) or personal (BYOD) devices used by mobile users for SaaS apps such as Office 365.** With Windows 10, your employees can self-provision their devices:
- - For corporate devices, they can set up corporate access with [Azure AD Join](/azure/active-directory/devices/overview). When you offer them Azure AD Join with automatic Intune MDM enrollment, they can bring devices into a corporate-managed state in [*one step*](https://techcommunity.microsoft.com/t5/azure-active-directory-identity/windows-10-azure-ad-and-microsoft-intune-automatic-mdm/ba-p/244067), all from the cloud. Azure AD Join is also a great solution for temporary staff, partners, or other part-time employees. These accounts can be kept separate from the on-premises AD domain but still access needed corporate resources.
+ - For corporate devices, they can set up corporate access with [Azure AD join](/azure/active-directory/devices/overview). When you offer them Azure AD Join with automatic Intune MDM enrollment, they can bring devices into a corporate-managed state in [*one step*](https://techcommunity.microsoft.com/t5/azure-active-directory-identity/windows-10-azure-ad-and-microsoft-intune-automatic-mdm/ba-p/244067), all from the cloud.
- - Likewise, for personal devices, employees can use a new, simplified [BYOD experience](/azure/active-directory/devices/overview) to add their work account to Windows, then access work resources on the device.
+ Azure AD join is also a great solution for temporary staff, partners, or other part-time employees. These accounts can be kept separate from the on-premises AD domain but still access needed corporate resources.
-- **Domain joined PCs and tablets used for traditional applications and access to important resources.** These applications and resources may be traditional ones that require authentication or accessing highly sensitive or classified resources on-premises.
- With Windows 10, if you have an on-premises [Active Directory](/windows-server/identity/whats-new-active-directory-domain-services) domain that’s [integrated with Azure AD](/azure/active-directory/devices/hybrid-azuread-join-plan), when employee devices are joined, they automatically register with Azure AD. This registration provides:
+ - Likewise, for personal devices, employees can use a new, simplified [BYOD experience](/azure/active-directory/devices/overview) to add their work account to Windows, then access work resources on the device.
- - Single sign-on to cloud and on-premises resources from everywhere
+- **Domain joined PCs and tablets used for traditional applications and access to important resources.** These applications and resources may be traditional ones that require authentication or accessing highly sensitive or classified resources on-premises.
- - [Enterprise roaming of settings](/azure/active-directory/devices/enterprise-state-roaming-overview)
+ With Windows 10, if you have an on-premises [Active Directory](/windows-server/identity/whats-new-active-directory-domain-services) domain that's [integrated with Azure AD](/azure/active-directory/devices/hybrid-azuread-join-plan), when employee devices are joined, they automatically register with Azure AD. This registration provides:
- - [Conditional access](/azure/active-directory/conditional-access/overview) to corporate resources based on the health or configuration of the device
+ - Single sign-on to cloud and on-premises resources from everywhere
- - [Windows Hello for Business](/windows/security/identity-protection/hello-for-business/hello-identity-verification)
+ - [Enterprise roaming of settings](/azure/active-directory/devices/enterprise-state-roaming-enable)
- - Windows Hello
+ - [Conditional access](/azure/active-directory/conditional-access/overview) to corporate resources based on the health or configuration of the device
- Domain joined PCs and tablets can continue to be managed with the [Configuration Manager](/configmgr/core/understand/introduction) client or Group Policy.
+ - [Windows Hello for Business](/windows/security/identity-protection/hello-for-business/hello-identity-verification)
+
+ - Windows Hello
+
+ Domain joined PCs and tablets can continue to be managed with the [Configuration Manager](/mem/configmgr/core/understand/introduction) client or group policy.
For more information about how Windows 10 and Azure AD optimize access to work resources across a mix of devices and scenarios, see [Using Windows 10 devices in your workplace](/azure/active-directory/devices/overview).
As you review the roles in your organization, you can use the following generalized decision tree to begin to identify users or devices that require domain join. Consider switching the remaining users to Azure AD.
-
+:::image type="content" source="images/windows-10-management-cyod-byod-flow.png" alt-text="Diagram of decision tree for device authentication options." lightbox="images/windows-10-management-cyod-byod-flow.png":::
-## Settings and Configuration
+## Settings and configuration
-Your configuration requirements are defined by multiple factors, including the level of management needed, the devices and data managed, and your industry requirements. Meanwhile, employees are frequently concerned about IT applying strict policies to their personal devices, but they still want access to corporate email and documents. With Windows 10, you can create a consistent set of configurations across PCs, tablets, and phones through the common MDM layer.
+Your configuration requirements are defined by multiple factors, including the level of management needed, the devices and data managed, and your industry requirements. Meanwhile, employees are frequently concerned about IT applying strict policies to their personal devices, but they still want access to corporate email and documents. With Windows 10, you can create a consistent set of configurations across PCs, tablets, and phones through the common MDM layer.
-**MDM**: [MDM](https://www.microsoft.com/cloud-platform/mobile-device-management) gives you a way to configure settings that achieve your administrative intent without exposing every possible setting. (In contrast, Group Policy exposes fine-grained settings that you control individually.) One benefit of MDM is that it enables you to apply broader privacy, security, and application management settings through lighter and more efficient tools. MDM also allows you to target Internet-connected devices to manage policies without using GP that requires on-premises domain-joined devices. This provision makes MDM the best choice for devices that are constantly on the go.
+**MDM**: MDM gives you a way to configure settings that achieve your administrative intent without exposing every possible setting. (In contrast, group policy exposes fine-grained settings that you control individually.) One benefit of MDM is that it enables you to apply broader privacy, security, and application management settings through lighter and more efficient tools. MDM also allows you to target Internet-connected devices to manage policies without using group policy that requires on-premises domain-joined devices. This provision makes MDM the best choice for devices that are constantly on the go.
-**Group Policy** and **Microsoft Endpoint Configuration Manager**: Your organization might still need to manage domain joined computers at a granular level such as Internet Explorer’s 1,500 configurable Group Policy settings. If so, Group Policy and Configuration Manager continue to be excellent management choices:
+**Group policy** and **Configuration Manager**: Your organization might still need to manage domain joined computers at a granular level such as Internet Explorer's 1,500 configurable group policy settings. If so, group policy and Configuration Manager continue to be excellent management choices:
-- Group Policy is the best way to granularly configure domain joined Windows PCs and tablets connected to the corporate network using Windows-based tools. Microsoft continues to add Group Policy settings with each new version of Windows.
+- Group policy is the best way to granularly configure domain joined Windows PCs and tablets connected to the corporate network using Windows-based tools. Microsoft continues to add group policy settings with each new version of Windows.
-- Configuration Manager remains the recommended solution for granular configuration with robust software deployment, Windows updates, and OS deployment.
+- Configuration Manager remains the recommended solution for granular configuration with robust software deployment, Windows updates, and OS deployment.
+## Updating and servicing
-## Updating and Servicing
+With Windows as a Service, your IT department no longer needs to perform complex imaging (wipe-and-load) processes with each new Windows release. Whether on current branch (CB) or current branch for business (CBB), devices receive the latest feature and quality updates through simple - often automatic - patching processes. For more information, see [Windows 10 deployment scenarios](/windows/deployment/windows-10-deployment-scenarios).
-With Windows as a Service, your IT department no longer needs to perform complex imaging (wipe-and-load) processes with each new Windows release. Whether on current branch (CB) or current branch for business (CBB), devices receive the latest feature and quality updates through simple – often automatic – patching processes. For more information, see [Windows 10 deployment scenarios](/windows/deployment/windows-10-deployment-scenarios).
-
-MDM with Intune provide tools for applying Windows updates to client computers in your organization. Configuration Manager allows rich management and tracking capabilities of these updates, including maintenance windows and automatic deployment rules.
+MDM with Intune provide tools for applying Windows updates to client computers in your organization. Configuration Manager allows rich management and tracking capabilities of these updates, including maintenance windows and automatic deployment rules.
## Next steps
There are various steps you can take to begin the process of modernizing device management in your organization:
-**Assess current management practices, and look for investments you might make today.** Which of your current practices need to stay the same, and which can you change? Specifically, what elements of traditional management do you need to retain and where can you modernize? Whether you take steps to minimize custom imaging, re-evaluate settings management, or reassesses authentication and compliance, the benefits can be immediate. You can use the [MDM Migration Analysis Tool (MMAT)](https://aka.ms/mmat) to help determine which Group Policies are set for a target user/computer and cross-reference them against the list of available MDM policies.
+**Assess current management practices, and look for investments you might make today.** Which of your current practices need to stay the same, and which can you change? Specifically, what elements of traditional management do you need to retain and where can you modernize? Whether you take steps to minimize custom imaging, reevaluate settings management, or reassesses authentication and compliance, the benefits can be immediate. You can use [Group policy analytics in Microsoft Endpoint Manager](/mem/intune/configuration/group-policy-analytics) to help determine which group policies supported by cloud-based MDM providers, including Microsoft Intune.
**Assess the different use cases and management needs in your environment.** Are there groups of devices that could benefit from lighter, simplified management? BYOD devices, for example, are natural candidates for cloud-based management. Users or devices handling more highly regulated data might require an on-premises Active Directory domain for authentication. Configuration Manager and EMS provide you the flexibility to stage implementation of modern management scenarios while targeting different devices the way that best suits your business needs.
**Review the decision trees in this article.** With the different options in Windows 10, plus Configuration Manager and Enterprise Mobility + Security, you have the flexibility to handle imaging, authentication, settings, and management tools for any scenario.
-**Take incremental steps.** Moving towards modern device management doesn’t have to be an overnight transformation. New operating systems and devices can be brought in while older ones remain. With this “managed diversity,” users can benefit from productivity enhancements on new Windows 10 devices, while you continue to maintain older devices according to your standards for security and manageability. Starting with Windows 10, version 1803, the new policy [MDMWinsOverGP](./mdm/policy-csp-controlpolicyconflict.md#controlpolicyconflict-mdmwinsovergp) was added to allow MDM policies to take precedence over GP when both GP and its equivalent MDM policies are set on the device. You can start implementing MDM policies while keeping your GP environment. Here's the list of MDM policies with equivalent GP - [Policies supported by GP](./mdm/policy-configuration-service-provider.md)
+**Take incremental steps.** Moving towards modern device management doesn't have to be an overnight transformation. New operating systems and devices can be brought in while older ones remain. With this "managed diversity," users can benefit from productivity enhancements on new Windows 10 devices, while you continue to maintain older devices according to your standards for security and manageability. The CSP policy [MDMWinsOverGP](./mdm/policy-csp-controlpolicyconflict.md#controlpolicyconflict-mdmwinsovergp) allows MDM policies to take precedence over group policy when both group policy and its equivalent MDM policies are set on the device. You can start implementing MDM policies while keeping your group policy environment. For more information, including the list of MDM policies with equivalent group policies, see [Policies supported by group policy](./mdm/policy-configuration-service-provider.md).
+**Optimize your existing investments**. On the road from traditional on-premises management to modern cloud-based management, take advantage of the flexible, hybrid architecture of Configuration Manager and Intune. Co-management enables you to concurrently manage Windows 10 devices by using both Configuration Manager and Intune. For more information, see the following articles:
-**Optimize your existing investments**. On the road from traditional on-premises management to modern cloud-based management, take advantage of the flexible, hybrid architecture of Configuration Manager and Intune. Configuration Manager 1710 onward, co-management enables you to concurrently manage Windows 10 devices by using both Configuration Manager and Intune. See these topics for details:
+- [Co-management for Windows devices](/mem/configmgr/comanage/overview)
+- [Prepare Windows devices for co-management](/mem/configmgr/comanage/how-to-prepare-Win10)
+- [Switch Configuration Manager workloads to Intune](/mem/configmgr/comanage/how-to-switch-workloads)
+- [Co-management dashboard in Configuration Manager](/mem/configmgr/comanage/how-to-monitor)
-- [Co-management for Windows 10 devices](/configmgr/core/clients/manage/co-management-overview)
-- [Prepare Windows 10 devices for co-management](/configmgr/core/clients/manage/co-management-prepare)
-- [Switch Configuration Manager workloads to Intune](/configmgr/core/clients/manage/co-management-switch-workloads)
-- [Co-management dashboard in Configuration Manager](/configmgr/core/clients/manage/co-management-dashboard)
+## Related articles
-## Related topics
-
-- [What is Intune?](/mem/intune/fundamentals/what-is-intune)
-- [Windows 10 Policy CSP](./mdm/policy-configuration-service-provider.md)
-- [Windows 10 Configuration service Providers](./mdm/configuration-service-provider-reference.md)
+- [What is Intune?](/mem/intune/fundamentals/what-is-intune)
+- [Windows 10 policy CSP](./mdm/policy-configuration-service-provider.md)
+- [Windows 10 configuration service providers](./mdm/configuration-service-provider-reference.md)
diff --git a/windows/client-management/mandatory-user-profile.md b/windows/client-management/mandatory-user-profile.md
index d45e85d719..18aaf583be 100644
--- a/windows/client-management/mandatory-user-profile.md
+++ b/windows/client-management/mandatory-user-profile.md
@@ -1,10 +1,7 @@
---
title: Create mandatory user profiles (Windows 10 and Windows 11)
description: A mandatory user profile is a special type of pre-configured roaming user profile that administrators can use to specify settings for users.
-keywords: [".man","ntuser"]
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: dansimp
ms.author: dansimp
ms.date: 09/14/2021
diff --git a/windows/client-management/mdm/Language-pack-management-csp.md b/windows/client-management/mdm/Language-pack-management-csp.md
index 25a95f6c0b..6e1bc0d9c6 100644
--- a/windows/client-management/mdm/Language-pack-management-csp.md
+++ b/windows/client-management/mdm/Language-pack-management-csp.md
@@ -19,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|No|No|
|Pro|No|Yes|
+|Windows SE|No|Yes|
|Business|No|No|
|Enterprise|No|Yes|
|Education|No|Yes|
diff --git a/windows/client-management/mdm/accountmanagement-csp.md b/windows/client-management/mdm/accountmanagement-csp.md
index 7be2cf47f8..b55a87941f 100644
--- a/windows/client-management/mdm/accountmanagement-csp.md
+++ b/windows/client-management/mdm/accountmanagement-csp.md
@@ -13,7 +13,6 @@ manager: dansimp
# AccountManagement CSP
-
AccountManagement CSP is used to configure setting in the Account Manager service in Windows Holographic for Business edition. Added in Windows 10, version 1803.
> [!NOTE]
@@ -41,7 +40,9 @@ Interior node.
**UserProfileManagement/EnableProfileManager**
Enable profile lifetime management for shared or communal device scenarios. Default value is false.
-Supported operations are Add, Get, Replace, and Delete. Value type is bool.
+Supported operations are Add, Get, Replace, and Delete.
+
+Value type is bool.
**UserProfileManagement/DeletionPolicy**
Configures when profiles will be deleted. Default value is 1.
@@ -52,19 +53,29 @@ Valid values:
- 1 - delete at storage capacity threshold
- 2 - delete at both storage capacity threshold and profile inactivity threshold
-Supported operations are Add, Get, Replace, and Delete. Value type is integer.
+Supported operations are Add, Get, Replace, and Delete.
+
+Value type is integer.
**UserProfileManagement/StorageCapacityStartDeletion**
Start deleting profiles when available storage capacity falls below this threshold, given as percent of total storage available for profiles. Profiles that have been inactive the longest will be deleted first. Default value is 25.
-Supported operations are Add, Get, Replace, and Delete. Value type is integer.
+Supported operations are Add, Get, Replace, and Delete.
+
+Value type is integer.
**UserProfileManagement/StorageCapacityStopDeletion**
Stop deleting profiles when available storage capacity is brought up to this threshold, given as percent of total storage available for profiles. Default value is 50.
-Supported operations are Add, Get, Replace, and Delete. Value type is integer.
+Supported operations are Add, Get, Replace, and Delete.
+
+Value type is integer.
**UserProfileManagement/ProfileInactivityThreshold**
Start deleting profiles when they haven't been logged on during the specified period, given as number of days. Default value is 30.
Supported operations are Add, Get, Replace, and Delete. Value type is integer.
+
+## Related topics
+
+[Configuration service provider reference](configuration-service-provider-reference.md)
diff --git a/windows/client-management/mdm/accountmanagement-ddf.md b/windows/client-management/mdm/accountmanagement-ddf.md
index c4c26237bc..51380b7ed8 100644
--- a/windows/client-management/mdm/accountmanagement-ddf.md
+++ b/windows/client-management/mdm/accountmanagement-ddf.md
@@ -13,7 +13,6 @@ manager: dansimp
# AccountManagement DDF file
-
This topic shows the OMA DM device description framework (DDF) for the **AccountManagement** configuration service provider.
The XML below is for Windows 10, version 1803.
@@ -74,7 +73,7 @@ The XML below is for Windows 10, version 1803.
false
- Enable profile lifetime mangement for shared or communal device scenarios.
+ Enable profile lifetime management for shared or communal device scenarios.
@@ -198,3 +197,7 @@ The XML below is for Windows 10, version 1803.
```
+
+## Related topics
+
+[AccountManagement configuration service provider](accountmanagement-csp.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/accounts-csp.md b/windows/client-management/mdm/accounts-csp.md
index badfb5ccd9..95689e3b8f 100644
--- a/windows/client-management/mdm/accounts-csp.md
+++ b/windows/client-management/mdm/accounts-csp.md
@@ -11,15 +11,24 @@ ms.reviewer:
manager: dansimp
---
-# Accounts Configuration Service Provider
+# Accounts CSP
+The table below shows the applicability of Windows:
-The Accounts configuration service provider (CSP) is used by the enterprise (1) to rename a device, (2) to create a new local Windows account and join it to a local user group. This CSP was added in Windows 10, version 1803.
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+The Accounts configuration service provider (CSP) is used by the enterprise (1) to rename a device, (2) to create a new local Windows account and join it to a local user group. This CSP was added in Windows 10, version 1803, and later.
The following syntax shows the Accounts configuration service provider in tree format.
-```
+```console
./Device/Vendor/MSFT
Accounts
----Domain
@@ -55,10 +64,10 @@ Supported operation is Add.
Interior node for the user account information.
**Users/_UserName_**
-This node specifies the username for a new local user account. This setting can be managed remotely.
+This node specifies the username for a new local user account. This setting can be managed remotely.
**Users/_UserName_/Password**
-This node specifies the password for a new local user account. This setting can be managed remotely.
+This node specifies the password for a new local user account. This setting can be managed remotely.
Supported operation is Add.
GET operation isn't supported. This setting will report as failed when deployed from the Endpoint Manager.
@@ -67,3 +76,7 @@ GET operation isn't supported. This setting will report as failed when deployed
This optional node specifies the local user group that a local user account should be joined to. If the node isn't set, the new local user account is joined just to the Standard Users group. Set the value to 2 for Administrators group. This setting can be managed remotely.
Supported operation is Add.
+
+## Related topics
+
+[Configuration service provider reference](configuration-service-provider-reference.md)
diff --git a/windows/client-management/mdm/accounts-ddf-file.md b/windows/client-management/mdm/accounts-ddf-file.md
index 9d91061818..e522821656 100644
--- a/windows/client-management/mdm/accounts-ddf-file.md
+++ b/windows/client-management/mdm/accounts-ddf-file.md
@@ -1,6 +1,6 @@
---
title: Accounts DDF file
-description: XML file containing the device description framework (DDF) for the Accounts configuration service provider.
+description: View the XML file containing the device description framework (DDF) for the Accounts configuration service provider.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -11,12 +11,11 @@ ms.reviewer:
manager: dansimp
---
-# Accounts CSP
-
+# Accounts DDF file
This topic shows the OMA DM device description framework (DDF) for the **Accounts** configuration service provider.
-The XML below is for Windows 10, version 1803.
+The XML below is for Windows 10, version 1803 and later.
```xml
@@ -157,7 +156,7 @@ The XML below is for Windows 10, version 1803.
1
- This optional node specifies the local user group that a local user account should be joined to. If the node is not set, the new local user account is joined just to the Standard Users group. Set the value to 2 for Administrators group. This setting can be managed remotely.
+ This optional node specifies the local user group that a local user account should be joined. If the node is not set, the new local user account is joined just to the Standard Users group. Set the value to 2 for Administrators group. This setting can be managed remotely.
@@ -177,3 +176,7 @@ The XML below is for Windows 10, version 1803.
```
+
+## Related topics
+
+[Accounts configuration service provider](accounts-csp.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/activesync-csp.md b/windows/client-management/mdm/activesync-csp.md
index 307391743a..929b2dc46a 100644
--- a/windows/client-management/mdm/activesync-csp.md
+++ b/windows/client-management/mdm/activesync-csp.md
@@ -1,7 +1,6 @@
---
title: ActiveSync CSP
description: Learn how the ActiveSync configuration service provider is used to set up and change settings for Exchange ActiveSync.
-ms.assetid: c65093ef-bd36-4f32-9dab-edb7bcfb3188
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,23 +13,31 @@ ms.date: 06/26/2017
# ActiveSync CSP
+The table below shows the applicability of Windows:
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
The ActiveSync configuration service provider is used to set up and change settings for Exchange ActiveSync. After an Exchange account has been updated over-the-air by the ActiveSync configuration service provider, the device must be powered off and then powered back on to see sync status.
Configuring Windows Live ActiveSync accounts through this configuration service provider isn't supported.
> [!NOTE]
-> The target user must be logged in for the CSP to succeed. The correct way to configure an account is to use the ./User/Vendor/MSFT/ActiveSync path.
+> The target user must be logged in for the CSP to succeed. The correct way to configure an account is to use the `./User/Vendor/MSFT/ActiveSync` path.
-On the desktop, only per user configuration (./User/Vendor/MSFT/ActiveSync) is supported. However, the ./Vendor/MSFT/ActiveSync path will work if the user is logged in. The CSP fails when no user is logged in.
+On the desktop, only per user configuration `./User/Vendor/MSFT/ActiveSync` is supported. However, the `./Vendor/MSFT/ActiveSync` path will work if the user is logged in. The CSP fails when no user is logged in.
-The ./Vendor/MSFT/ActiveSync path is deprecated, but will continue to work in the short term.
-
-
+The `./Vendor/MSFT/ActiveSync path` is deprecated, but will continue to work in the short term.
The following example shows the ActiveSync configuration service provider management objects in tree format as used by Open Mobile Alliance Device Management (OMA DM), OMA Client Provisioning, and Enterprise DM.
-```
+```console
./Vendor/MSFT
ActiveSync
----Accounts
@@ -66,13 +73,11 @@ ActiveSync
The root node for the ActiveSync configuration service provider.
> [!NOTE]
-> The target user must be logged in for the CSP to succeed. The correct way to configure an account is to use the ./User/Vendor/MSFT/ActiveSync path.
+> The target user must be logged in for the CSP to succeed. The correct way to configure an account is to use the `./User/Vendor/MSFT/ActiveSync` path.
-On the desktop, only per user configuration (./User/Vendor/MSFT/ActiveSync) is supported. However, the ./Vendor/MSFT/ActiveSync will work if the user is logged in. The CSP fails when no user is logged in.
+On the desktop, only per user configuration `./User/Vendor/MSFT/ActiveSync` is supported. However, the ./Vendor/MSFT/ActiveSync will work if the user is logged in. The CSP fails when no user is logged in.
-The ./Vendor/MSFT/ActiveSync path is deprecated, but will continue to work in the short term.
-
-
+The `./Vendor/MSFT/ActiveSync` path is deprecated, but will continue to work in the short term.
The supported operation is Get.
@@ -264,7 +269,6 @@ Required. A character string that specifies the name of the content type.
> [!NOTE]
> In Windows 10, this node is currently not working.
-
Supported operations are Get, Replace, and Add (can't Add after the account is created).
When you use Add or Replace inside an atomic block in the SyncML, the CSP returns an error and provisioning fails. When you use Add or Replace outside of the atomic block, the error is ignored and the account is provisioned as expected.
@@ -275,7 +279,9 @@ Node for mail body type and email age filter.
**Policies/MailBodyType**
Required. Specifies the email body type: HTML or plain.
-Value type is string. Supported operations are Add, Get, Replace, and Delete.
+Value type is string.
+
+Supported operations are Add, Get, Replace, and Delete.
**Policies/MaxMailAgeFilter**
Required. Specifies the time window used for syncing mail items to the device.
@@ -284,7 +290,6 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
## Related topics
-
[Configuration service provider reference](configuration-service-provider-reference.md)
diff --git a/windows/client-management/mdm/activesync-ddf-file.md b/windows/client-management/mdm/activesync-ddf-file.md
index dae70c2133..216550b80b 100644
--- a/windows/client-management/mdm/activesync-ddf-file.md
+++ b/windows/client-management/mdm/activesync-ddf-file.md
@@ -1,7 +1,6 @@
---
title: ActiveSync DDF file
description: Learn about the OMA DM device description framework (DDF) for the ActiveSync configuration service provider.
-ms.assetid: c4cd4816-ad8f-45b2-9b81-8abb18254096
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,7 +13,6 @@ ms.date: 12/05/2017
# ActiveSync DDF file
-
This topic shows the OMA DM device description framework (DDF) for the **ActiveSync** configuration service provider. DDF files are used only with OMA DM provisioning XML.
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
@@ -533,7 +531,7 @@ The XML below is the current version for this CSP.
- Enables or disables syncing email, contacts, task, and calendar.Each is represented by a GUID.Email: {c6d47067-6e92-480e-b0fc-4ba82182fac7}. Contacts: {0dd8685c-e272-4fcb-9ecf-2ead7ea2497b}.Calendar: {4a5d9fe0-f139-4a63-a5a4-4f31ceea02ad}. Tasks:{783ae4f6-4c12-4423-8270-66361260d4f1}
+ Enables or disables syncing email, contacts, task, and calendar. Each is represented by a GUID.Email: {c6d47067-6e92-480e-b0fc-4ba82182fac7}. Contacts: {0dd8685c-e272-4fcb-9ecf-2ead7ea2497b}.Calendar: {4a5d9fe0-f139-4a63-a5a4-4f31ceea02ad}. Tasks:{783ae4f6-4c12-4423-8270-66361260d4f1}
@@ -679,15 +677,4 @@ The XML below is the current version for this CSP.
## Related topics
-
[ActiveSync configuration service provider](activesync-csp.md)
-
-
-
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md b/windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md
index 3328f5ca2a..85a599abb8 100644
--- a/windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md
+++ b/windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md
@@ -1,7 +1,6 @@
---
title: Add an Azure AD tenant and Azure AD subscription
description: Here's a step-by-step guide to adding an Azure Active Directory tenant, adding an Azure AD subscription, and registering your subscription.
-ms.assetid: 36D94BEC-A6D8-47D2-A547-EBD7B7D163FA
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/alljoynmanagement-csp.md b/windows/client-management/mdm/alljoynmanagement-csp.md
index de7482b72d..b8a280a346 100644
--- a/windows/client-management/mdm/alljoynmanagement-csp.md
+++ b/windows/client-management/mdm/alljoynmanagement-csp.md
@@ -1,7 +1,6 @@
---
title: AllJoynManagement CSP
description: The AllJoynManagement configuration service provider (CSP) allows an IT administrator to enumerate the AllJoyn devices that are connected to the AllJoyn bus.
-ms.assetid: 468E0EE5-EED3-48FF-91C0-89F9D159AA8C
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,21 +13,18 @@ ms.date: 06/26/2017
# AllJoynManagement CSP
-
-The AllJoynManagement configuration service provider (CSP) allows an IT administrator to enumerate the AllJoyn devices that are connected to the AllJoyn bus. The devices must support the Microsoft AllJoyn configuration interface (com.microsoft.alljoynmanagement.config). You can also push configuration files to the same devices. To populate the various nodes when setting new configuration, we recommend that you do a query first, to get the actual values for all the nodes in all the attached devices. You can then use the information from the query to set the node values when pushing the new configuration.
+The AllJoynManagement configuration service provider (CSP) allows an IT administrator to enumerate the AllJoyn devices that are connected to the AllJoyn bus. The devices must support the Microsoft AllJoyn configuration interface (`com.microsoft.alljoynmanagement.config`). You can also push configuration files to the same devices. To populate the various nodes when setting new configuration, we recommend that you do a query first, to get the actual values for all the nodes in all the attached devices. You can then use the information from the query to set the node values when pushing the new configuration.
> [!NOTE]
> The AllJoynManagement configuration service provider (CSP) is only supported in Windows 10 IoT Core (IoT Core).
This CSP was added in Windows 10, version 1511.
-
-
-For the firewall settings, note that PublicProfile and PrivateProfile are mutually exclusive. The Private Profile must be set on the directly on the device itself, and the only supported operation is Get. For PublicProfile, both Add and Get are supported. This CSP is intended to be used in conjunction with the AllJoyn Device System Bridge, and an understanding of the bridge will help when determining when and how to use this CSP. For more information, see [Device System Bridge (DSB)](https://wikipedia.org/wiki/AllJoyn). For more information, see [AllJoyn - Wikipedia](https://wikipedia.org/wiki/AllJoyn).
+For the firewall settings, note that PublicProfile and PrivateProfile are mutually exclusive. The Private Profile must be set directly on the device itself, and the only supported operation is Get. For PublicProfile, both Add and Get are supported. This CSP is intended to be used with the AllJoyn Device System Bridge, and an understanding of the bridge will help when determining when and how to use this CSP. For more information, see [Device System Bridge (DSB)](https://wikipedia.org/wiki/AllJoyn). For more information, see [AllJoyn - Wikipedia](https://wikipedia.org/wiki/AllJoyn).
The following example shows the AllJoynManagement configuration service provider in tree format
-```
+```console
./Vendor/MSFT
AllJoynManagement
----Configurations
@@ -64,7 +60,7 @@ The following list describes the characteristics and parameters.
The root node for the AllJoynManagement configuration service provider.
**Services**
-List of all AllJoyn objects that are discovered on the AllJoyn bus. All AllJoyn objects that expose the "com.microsoft.alljoynmanagement.config" are included.
+List of all AllJoyn objects that are discovered on the AllJoyn bus. All AllJoyn objects that expose the "`com.microsoft.alljoynmanagement.config`" are included.
**Services/***Node name*
The unique AllJoyn device ID (a GUID) that hosts one or more configurable objects.
@@ -81,7 +77,7 @@ The set of configurable interfaces that are available on the port of the AllJoyn
**Services/*Node name*/Port/*Node name*/CfgObject/***Node name*
The remainder of this URI is an escaped path to the configurable AllJoyn object hosted by the parent ServiceID and accessible by the parent PortNum.
-For example an AllJoyn Bridge with the Microsoft specific AllJoyn configuration interface "\\FabrikamService\\BridgeConfig" would be specified in the URI as: %2FFabrikamService%2FBridgeConfig.
+For example an AllJoyn Bridge with the Microsoft specific AllJoyn configuration interface "`\\FabrikamService\\BridgeConfig`" would be specified in the URI as: `%2FFabrikamService%2FBridgeConfig`.
**Credentials**
This is the credential store. An administrator can set credentials for each AllJoyn device that requires authentication at this node.
@@ -105,7 +101,6 @@ Boolean value indicating whether AllJoyn router service (AJRouter.dll) is enable
## Examples
-
Set adapter configuration
```xml
@@ -167,7 +162,9 @@ Get the firewall PrivateProfile
```
-
+## Related topics
+
+[Configuration service provider reference](configuration-service-provider-reference.md)
diff --git a/windows/client-management/mdm/alljoynmanagement-ddf.md b/windows/client-management/mdm/alljoynmanagement-ddf.md
index 77494eaf9f..bcb19ed0cd 100644
--- a/windows/client-management/mdm/alljoynmanagement-ddf.md
+++ b/windows/client-management/mdm/alljoynmanagement-ddf.md
@@ -1,7 +1,6 @@
---
title: AllJoynManagement DDF
description: Learn the OMA DM device description framework (DDF) for the AllJoynManagement configuration service provider.
-ms.assetid: 540C2E60-A041-4749-A027-BBAF0BB046E4
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,7 +13,6 @@ ms.date: 12/05/2017
# AllJoynManagement DDF
-
This topic shows the OMA DM device description framework (DDF) for the **AllJoynManagement** configuration service provider. This CSP was added in Windows 10, version 1511.
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
@@ -238,7 +236,7 @@ It is typically implemented as a GUID.
- An Alphanumeric KEY value that conforms to the AllJoyn SRP KEYX Authentication Standard
+ An Alphanumeric KEY value that conforms to the AllJoyn SRP KEYX Authentication Standard.
@@ -328,15 +326,4 @@ It is typically implemented as a GUID.
## Related topics
-
[AllJoynManagement configuration service provider](alljoynmanagement-csp.md)
-
-
-
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/application-csp.md b/windows/client-management/mdm/application-csp.md
index 728e4dcda3..4502b38c2c 100644
--- a/windows/client-management/mdm/application-csp.md
+++ b/windows/client-management/mdm/application-csp.md
@@ -1,7 +1,6 @@
---
-title: APPLICATION configuration service provider
+title: APPLICATION CSP
description: Learn how the APPLICATION configuration service provider is used to configure an application transport using Open Mobile Alliance (OMA) Client Provisioning.
-ms.assetid: 0705b5e9-a1e7-4d70-a73d-7f758ffd8099
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -12,16 +11,28 @@ author: dansimp
ms.date: 06/26/2017
---
-# APPLICATION configuration service provider
+# APPLICATION CSP
+The table below shows the applicability of Windows:
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
The APPLICATION configuration service provider is used to configure an application transport using Open Mobile Alliance (OMA) Client Provisioning.
-OMA considers each transport to be an application and requires a corresponding APPLICATION configuration service provider. The following list shows the supported transports.
+OMA considers each transport to be an application and requires a corresponding APPLICATION configuration service provider.
-- w7, for bootstrapping a device with an OMA Device Management (OMA DM) account. For more information, see [w7 APPLICATION configuration service provider](w7-application-csp.md)
+The following list shows the supported transports:
-- w4, for configuring Multimedia Messaging Service (MMS). For more information, see [w4 APPLICATION configuration service provider](w4-application-csp.md)
+- w7, for bootstrapping a device with an OMA Device Management (OMA DM) account. For more information, see [w7 APPLICATION configuration service provider](w7-application-csp.md).
+
+- w4, for configuring Multimedia Messaging Service (MMS). For more information, see [w4 APPLICATION configuration service provider](w4-application-csp.md).
The APPID parameter differentiates these application transports. Each APPID must be registered with OMA, and any APPLICATION configuration service provider must be in the root of the provisioning document.
@@ -29,15 +40,5 @@ For the device to decode correctly, provisioning XML that contains the APPLICATI
## Related topics
-
[Configuration service provider reference](configuration-service-provider-reference.md)
-
-
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/applicationcontrol-csp-ddf.md b/windows/client-management/mdm/applicationcontrol-csp-ddf.md
index 5c44ba2dc1..2c91bf430b 100644
--- a/windows/client-management/mdm/applicationcontrol-csp-ddf.md
+++ b/windows/client-management/mdm/applicationcontrol-csp-ddf.md
@@ -11,13 +11,10 @@ ms.date: 07/10/2019
# ApplicationControl CSP DDF
-
This topic shows the OMA DM device description framework (DDF) for the **ApplicationControl** configuration service provider. DDF files are used only with OMA DM provisioning XML.
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
-### ApplicationControl CSP
-
```xml
- Root Node of the ApplicationControl CSP
+ Root Node of the ApplicationControl CSP.
@@ -73,7 +70,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
- The GUID of the Policy
+ The GUID of the Policy.
@@ -97,7 +94,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
- The policy binary encoded as base64
+ The policy binary encoded as base64.
@@ -119,7 +116,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
- Information Describing the Policy indicated by the GUID
+ Information Describing the Policy indicated by the GUID.
@@ -140,7 +137,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
- Version of the Policy indicated by the GUID, as a string. When parsing use a uint64 as the containing data type
+ Version of the Policy indicated by the GUID, as a string. When parsing, use a uint64 as the containing data type.
@@ -162,7 +159,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
- Whether the Policy indicated by the GUID is Effective on the system (loaded by the enforcement engine and in effect)
+ Whether the Policy indicated by the GUID is effective on the system (loaded by the enforcement engine and in effect).
@@ -184,7 +181,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
- Whether the Policy indicated by the GUID is deployed on the system (on the physical machine)
+ Whether the Policy indicated by the GUID is deployed on the system (on the physical machine).
@@ -206,7 +203,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
- Whether the Policy indicated by the GUID is authorized to be loaded by the enforcement engine on the system
+ Whether the Policy indicated by the GUID is authorized to be loaded by the enforcement engine on the system.
@@ -228,7 +225,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
- The Current Status of the Policy Indicated by the Policy GUID
+ The Current Status of the Policy Indicated by the Policy GUID.
@@ -250,7 +247,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
- The FriendlyName of the Policy Indicated by the Policy GUID
+ The FriendlyName of the Policy Indicated by the Policy GUID.
@@ -271,4 +268,8 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
-```
\ No newline at end of file
+```
+
+## Related topics
+
+[ApplicationControl configuration service provider](applicationcontrol-csp.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/applicationcontrol-csp.md b/windows/client-management/mdm/applicationcontrol-csp.md
index d18a0ebd70..970bfa5103 100644
--- a/windows/client-management/mdm/applicationcontrol-csp.md
+++ b/windows/client-management/mdm/applicationcontrol-csp.md
@@ -1,7 +1,6 @@
---
title: ApplicationControl CSP
description: The ApplicationControl CSP allows you to manage multiple Windows Defender Application Control (WDAC) policies from an MDM server.
-keywords: security, malware
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -13,12 +12,24 @@ ms.date: 09/10/2020
# ApplicationControl CSP
-Windows Defender Application Control (WDAC) policies can be managed from an MDM server or locally using PowerShell via the WMI Bridge through the ApplicationControl configuration service provider (CSP). The ApplicationControl CSP was added in Windows 10, version 1903. This CSP provides expanded diagnostic capabilities and support for [multiple policies](/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies) (introduced in Windows 10, version 1903). It also provides support for rebootless policy deployment (introduced in Windows 10, version 1709). Unlike the [AppLocker CSP](applocker-csp.md), the ApplicationControl CSP correctly detects the presence of no-reboot option and hence doesn't schedule a reboot.
-Existing WDAC policies deployed using the AppLocker CSP's CodeIntegrity node can now be deployed using the ApplicationControl CSP URI. Although WDAC policy deployment via the AppLocker CSP will continue to be supported, all new feature work will be done in the ApplicationControl CSP only.
+The table below shows the applicability of Windows:
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+Windows Defender Application Control (WDAC) policies can be managed from an MDM server, or locally by using PowerShell via the WMI Bridge through the ApplicationControl configuration service provider (CSP). The ApplicationControl CSP was added in Windows 10, version 1903. This CSP provides expanded diagnostic capabilities and support for [multiple policies](/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies) (introduced in Windows 10, version 1903). It also provides support for rebootless policy deployment (introduced in Windows 10, version 1709). Unlike the [AppLocker CSP](applocker-csp.md), the ApplicationControl CSP correctly detects the presence of no-reboot option and consequently doesn't schedule a reboot.
+
+Existing Windows Defender Application Control (WDAC) policies deployed using the AppLocker CSP's CodeIntegrity node can now be deployed using the ApplicationControl CSP URI. Although, WDAC policy deployment via the AppLocker CSP will continue to be supported, all new feature work will be done in the ApplicationControl CSP only.
The following example shows the ApplicationControl CSP in tree format.
-```
+```console
./Vendor/MSFT
ApplicationControl
----Policies
@@ -43,6 +54,7 @@ ApplicationControl
----TenantID
----DeviceID
```
+
**./Vendor/MSFT/ApplicationControl**
Defines the root node for the ApplicationControl CSP.
@@ -73,7 +85,7 @@ An interior node that contains the nodes that describe the policy indicated by t
Scope is dynamic. Supported operation is Get.
**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/Version**
-This node provides the version of the policy indicated by the GUID. Stored as a string, but when parsing use a uint64 as the containing data type.
+This node provides the version of the policy indicated by the GUID. Stored as a string, but when parsing uses a uint64 as the containing data type.
Scope is dynamic. Supported operation is Get.
@@ -113,7 +125,7 @@ The following table provides the result of this policy based on different values
|IsAuthorized | IsDeployed | IsEffective | Resultant |
|------------ | ---------- | ----------- | --------- |
-|True|True|True|Policy is currently running and in effect.|
+|True|True|True|Policy is currently running and is in effect.|
|True|True|False|Policy requires a reboot to take effect.|
|True|False|True|Policy requires a reboot to unload from CI.|
|False|True|True|Not Reachable.|
@@ -122,14 +134,14 @@ The following table provides the result of this policy based on different values
|False|False|True|Not Reachable.|
|False|False|False|*Not Reachable.|
-\* denotes a valid intermediary state; however, if an MDM transaction results in this state configuration, the END_COMMAND_PROCESSING will result in a fail.
+\* denotes a valid intermediary state; however, if an MDM transaction results in this state configuration, the `END_COMMAND_PROCESSING` will result in a fail.
**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/Status**
This node specifies whether the deployment of the policy indicated by the GUID was successful.
Scope is dynamic. Supported operation is Get.
-Value type is integer. Default value is 0 == OK.
+Value type is integer. Default value is 0 = OK.
**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/FriendlyName**
This node provides the friendly name of the policy indicated by the policy GUID.
@@ -138,17 +150,17 @@ Scope is dynamic. Supported operation is Get.
Value type is char.
-## Microsoft Endpoint Manager (MEM) Intune Usage Guidance
+## Microsoft Endpoint Manager Intune Usage Guidance
-For customers using Intune standalone or hybrid management with Configuration Manager (MEMCM) to deploy custom policies via the ApplicationControl CSP, refer to [Deploy Windows Defender Application Control policies by using Microsoft Intune](/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune).
+For customers using Intune standalone or hybrid management with Microsoft Endpoint Configuration Manager to deploy custom policies via the ApplicationControl CSP, refer to [Deploy Windows Defender Application Control policies by using Microsoft Intune](/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune).
## Generic MDM Server Usage Guidance
In order to use the ApplicationControl CSP without using Intune, you must:
1. Know a generated policy's GUID, which can be found in the policy xml as `` or `` for pre-1903 systems.
-2. Convert the policies to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned.
-3. Create a policy node (a Base64-encoded blob of the binary policy representation) using the certutil -encode command-line tool.
+2. Convert the policies to binary format using the `ConvertFrom-CIPolicy` cmdlet in order to be deployed. The binary policy may be signed or unsigned.
+3. Create a policy node (a Base64-encoded blob of the binary policy representation) using the `certutil -encode` command-line tool.
Below is a sample certutil invocation:
@@ -289,12 +301,12 @@ An example of Delete command is:
## PowerShell and WMI Bridge Usage Guidance
-The ApplicationControl CSP can also be managed locally from PowerShell or via Microsoft Endpoint Manager Configuration Manager's (MEMCM, formerly known as SCCM) task sequence scripting by using the [WMI Bridge Provider](./using-powershell-scripting-with-the-wmi-bridge-provider.md).
+The ApplicationControl CSP can also be managed locally from PowerShell or via Configuration Manager's task sequence scripting by using the [WMI Bridge Provider](./using-powershell-scripting-with-the-wmi-bridge-provider.md).
### Setup for using the WMI Bridge
-1. Convert your WDAC policy to Base64
-2. Open PowerShell in Local System context (through PSExec or something similar)
+1. Convert your WDAC policy to Base64.
+2. Open PowerShell in Local System context (through PSExec or something similar).
3. Use WMI Interface:
```powershell
@@ -315,4 +327,8 @@ New-CimInstance -Namespace $namespace -ClassName $policyClassName -Property @{Pa
```powershell
Get-CimInstance -Namespace $namespace -ClassName $policyClassName
-```
\ No newline at end of file
+```
+
+## Related topics
+
+[Configuration service provider reference](configuration-service-provider-reference.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/applocker-csp.md b/windows/client-management/mdm/applocker-csp.md
index 4d6a2a787f..7ed2500275 100644
--- a/windows/client-management/mdm/applocker-csp.md
+++ b/windows/client-management/mdm/applocker-csp.md
@@ -1,7 +1,6 @@
---
title: AppLocker CSP
description: Learn how the AppLocker configuration service provider is used to specify which applications are allowed or disallowed.
-ms.assetid: 32FEA2C9-3CAD-40C9-8E4F-E3C69637580F
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,6 +13,16 @@ ms.date: 11/19/2019
# AppLocker CSP
+The table below shows the applicability of Windows:
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
The AppLocker configuration service provider is used to specify which applications are allowed or disallowed. There's no user interface shown for apps that are blocked.
@@ -74,13 +83,11 @@ Defines restrictions for applications.
> [!NOTE]
> When you create a list of allowed apps, all [inbox apps](#inboxappsandcomponents) are also blocked, and you must include them in your list of allowed apps. Don't forget to add the inbox apps for Phone, Messaging, Settings, Start, Email and accounts, Work and school, and other apps that you need.
-
+>
> Delete/unenrollment is not properly supported unless Grouping values are unique across enrollments. If multiple enrollments use the same Grouping value, then unenrollment will not work as expected since there are duplicate URIs that get deleted by the resource manager. To prevent this problem, the Grouping value should include some randomness. The best practice is to use a randomly generated GUID. However, there's no requirement on the exact value of the node.
> [!NOTE]
-> The AppLocker CSP will schedule a reboot when a policy is applied or a deletion occurs using the AppLocker/ApplicationLaunchRestrictions/Grouping/CodeIntegrity/Policy URI.
-
-Additional information:
+> The AppLocker CSP will schedule a reboot when a policy is applied or when a deletion occurs using the AppLocker/ApplicationLaunchRestrictions/Grouping/CodeIntegrity/Policy URI.
**AppLocker/ApplicationLaunchRestrictions/_Grouping_**
Grouping nodes are dynamic nodes, and there may be any number of them for a given enrollment (or a given context). The actual identifiers are selected by the management endpoint, whose job it's to determine what their purpose is, and to not conflict with other identifiers that they define.
@@ -96,14 +103,14 @@ Supported operations are Get, Add, Delete, and Replace.
**AppLocker/ApplicationLaunchRestrictions/_Grouping_/EXE/Policy**
Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.
-Data type is string.
+Data type is string.
Supported operations are Get, Add, Delete, and Replace.
**AppLocker/ApplicationLaunchRestrictions/_Grouping_/EXE/EnforcementMode**
The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) doesn't affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection).
-The data type is a string.
+The data type is a string.
Supported operations are Get, Add, Delete, and Replace.
@@ -206,22 +213,25 @@ Data type is Base64.
Supported operations are Get, Add, Delete, and Replace.
> [!NOTE]
-> To use Code Integrity Policy, you first need to convert the policies to binary format using the ConvertFrom-CIPolicy cmdlet. Then a Base64-encoded blob of the binary policy representation should be created (for example, using the [certutil -encode](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc732443(v=ws.11)) command line tool) and added to the Applocker-CSP.
+> To use Code Integrity Policy, you first need to convert the policies to binary format using the `ConvertFrom-CIPolicy` cmdlet. Then a Base64-encoded blob of the binary policy representation should be created (for example, using the [certutil -encode](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc732443(v=ws.11)) command line tool) and added to the Applocker-CSP.
**AppLocker/EnterpriseDataProtection**
-Captures the list of apps that are allowed to handle enterprise data. Should be used in conjunction with the settings in **./Device/Vendor/MSFT/EnterpriseDataProtection** in [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md).
+Captures the list of apps that are allowed to handle enterprise data. Should be used with the settings in **./Device/Vendor/MSFT/EnterpriseDataProtection** in [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md).
In Windows 10, version 1607 the Windows Information Protection has a concept for allowed and exempt applications. Allowed applications can access enterprise data and the data handled by those applications are protected with encryption. Exempt applications can also access enterprise data, but the data handled by those applications aren't protected. This is because some critical enterprise applications may have compatibility problems with encrypted data.
You can set the allowed list using the following URI:
+
- ./Vendor/MSFT/AppLocker/EnterpriseDataProtection/_Grouping_/EXE/Policy
- ./Vendor/MSFT/AppLocker/EnterpriseDataProtection/_Grouping_/StoreApps/Policy
You can set the exempt list using the following URI. The _Grouping_ string must contain the keyword "EdpExempt" anywhere to help distinguish the exempt list from the allowed list. The "EdpExempt" keyword is also evaluated in a case-insensitive manner:
+
- ./Vendor/MSFT/AppLocker/EnterpriseDataProtection/_Grouping includes "EdpExempt"_/EXE/Policy
- ./Vendor/MSFT/AppLocker/EnterpriseDataProtection/_Grouping includes "EdpExempt"_/StoreApps/Policy
Exempt examples:
+
- ./Vendor/MSFT/AppLocker/EnterpriseDataProtection/ContosoEdpExempt/EXE/Policy
- ./Vendor/MSFT/AppLocker/EnterpriseDataProtection/xxxxxEdpExemptxxxxx/EXE/Policy
@@ -259,15 +269,15 @@ Data type is string.
Supported operations are Get, Add, Delete, and Replace.
-1. On your phone under **Device discovery**, tap **Pair**. You'll get a code (case sensitive).
-2. On the browser on the **Set up access page**, enter the code (case sensitive) into the text box and click **Submit**.
+1. On your phone under **Device discovery**, tap **Pair**. You'll get a code (case sensitive).
+2. On the browser on the **Set up access page**, enter the code (case sensitive) into the text box and click **Submit**.
The **Device Portal** page opens on your browser.
-3. On the desktop **Device Portal** page, click **Apps** to open the **App Manager**.
-4. On the **App Manager** page under **Running apps**, you'll see the **Publisher** and **PackageFullName** of apps.
+3. On the desktop **Device Portal** page, click **Apps** to open the **App Manager**.
+4. On the **App Manager** page under **Running apps**, you'll see the **Publisher** and **PackageFullName** of apps.
@@ -279,7 +289,7 @@ The following table shows the mapping of information to the AppLocker publisher
|Device portal data|AppLocker publisher rule field|
|--- |--- |
-|PackageFullName|ProductName
The product name is first part of the PackageFullName followed by the version number. In the Windows Camera example, the ProductName is Microsoft.WindowsCamera.|
+|PackageFullName|ProductName: The product name is first part of the PackageFullName followed by the version number. In the Windows Camera example, the ProductName is Microsoft.WindowsCamera.|
|Publisher|Publisher|
|Version|Version
The version can be used either in the HighSection or LowSection of the BinaryVersionRange.
HighSection defines the highest version number and LowSection defines the lowest version number that should be trusted. You can use a wildcard for both versions to make a version- independent rule. Using a wildcard for one of the values will provide higher than or lower than a specific version semantics.|
@@ -293,13 +303,13 @@ Here's an example AppLocker publisher rule:
You can get the publisher name and product name of apps using a web API.
-**To find publisher and product name for Microsoft apps in Microsoft Store for Business**
+**To find publisher and product name for Microsoft apps in Microsoft Store for Business:**
-1. Go to the Microsoft Store for Business website, and find your app. For example, Microsoft OneNote.
+1. Go to the Microsoft Store for Business website, and find your app. For example, Microsoft OneNote.
-2. Copy the ID value from the app URL. For example, Microsoft OneNote's ID URL is https://www.microsoft.com/store/apps/onenote/9wzdncrfhvjl, and you'd copy the ID value, **9wzdncrfhvjl**.
+2. Copy the ID value from the app URL. For example, Microsoft OneNote's ID URL is [https://www.microsoft.com/store/apps/onenote/9wzdncrfhvjl](https://www.microsoft.com/store/apps/onenote/9wzdncrfhvjl), and you'd copy the ID value: **9wzdncrfhvjl**.
-3. In your browser, run the Store for Business portal web API, to return a JavaScript Object Notation (JSON) file that includes the publisher and product name values.
+3. In your browser, run the Store for Business portal web API, to return a JavaScript Object Notation (JSON) file that includes the publisher and product name values.
Request URI:
@@ -359,17 +369,13 @@ The product name is first part of the PackageFullName followed by the version nu
| SettingsPagePhoneNfc | b0894dfd-4671-4bb9-bc17-a8b39947ffb6\_1.0.0.0\_neutral\_\_1prqnbg33c1tj | b0894dfd-4671-4bb9-bc17-a8b39947ffb6 |
-
## Inbox apps and components
-
The following list shows the apps that may be included in the inbox.
> [!NOTE]
> This list identifies system apps that ship as part of Windows that you can add to your AppLocker policy to ensure proper functioning of the operating system. If you decide to block some of these apps, we recommend a thorough testing before deploying to your production environment. Failure to do so may result in unexpected failures and can significantly degrade the user experience.
-
-
|App|Product ID|Product name|
|--- |--- |--- |
|3D Viewer|f41647c9-d567-4378-b2ab-7924e5a152f3|Microsoft.Microsoft3DViewer (Added in Windows 10, version 1703)|
@@ -1277,6 +1283,7 @@ The following example for Windows 10 Holographic for Business denies all apps an
```
## Recommended blocklist for Windows Information Protection
+
The following example for Windows 10, version 1607 denies known unenlightened Microsoft apps from accessing enterprise data as an allowed app. (An administrator might still use an exempt rule, instead.) This prevention ensures an administrator doesn't accidentally make these apps Windows Information Protection allowed, and avoid known compatibility issues related to automatic file encryption with these applications.
In this example, Contoso is the node name. We recommend using a GUID for this node.
@@ -1460,5 +1467,4 @@ In this example, Contoso is the node name. We recommend using a GUID for this no
## Related topics
-
[Configuration service provider reference](configuration-service-provider-reference.md)
diff --git a/windows/client-management/mdm/applocker-ddf-file.md b/windows/client-management/mdm/applocker-ddf-file.md
index 7bde68650f..38e2c8e7bc 100644
--- a/windows/client-management/mdm/applocker-ddf-file.md
+++ b/windows/client-management/mdm/applocker-ddf-file.md
@@ -1,7 +1,6 @@
---
title: AppLocker DDF file
description: Learn about the OMA DM device description framework (DDF) for the AppLocker DDF file configuration service provider.
-ms.assetid: 79E199E0-5454-413A-A57A-B536BDA22496
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,7 +13,6 @@ ms.date: 12/05/2017
# AppLocker DDF file
-
This topic shows the OMA DM device description framework (DDF) for the **AppLocker** configuration service provider. DDF files are used only with OMA DM provisioning XML.
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
@@ -672,15 +670,4 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
## Related topics
-
-[AppLocker configuration service provider](applocker-csp.md)
-
-
-
-
-
-
-
-
-
-
+[AppLocker configuration service provider](applocker-csp.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/applocker-xsd.md b/windows/client-management/mdm/applocker-xsd.md
index bf80bc1d61..9eedf4f812 100644
--- a/windows/client-management/mdm/applocker-xsd.md
+++ b/windows/client-management/mdm/applocker-xsd.md
@@ -1,7 +1,6 @@
---
title: AppLocker XSD
description: View the XSD for the AppLocker CSP. The AppLocker CSP XSD provides an example of how the schema is organized.
-ms.assetid: 70CF48DD-AD7D-4BCF-854F-A41BFD95F876
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,7 +13,6 @@ ms.date: 06/26/2017
# AppLocker XSD
-
Here's the XSD for the AppLocker CSP.
```xml
diff --git a/windows/client-management/mdm/assign-seats.md b/windows/client-management/mdm/assign-seats.md
index e99f6fb7de..d8c68d15e5 100644
--- a/windows/client-management/mdm/assign-seats.md
+++ b/windows/client-management/mdm/assign-seats.md
@@ -1,7 +1,6 @@
---
title: Assign seat
description: The Assign seat operation assigns seat for a specified user in the Microsoft Store for Business.
-ms.assetid: B42BF490-35C9-405C-B5D6-0D9F0E377552
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/assignedaccess-csp.md b/windows/client-management/mdm/assignedaccess-csp.md
index 0b28cf30d1..cf61a9f2c1 100644
--- a/windows/client-management/mdm/assignedaccess-csp.md
+++ b/windows/client-management/mdm/assignedaccess-csp.md
@@ -13,7 +13,18 @@ ms.date: 05/03/2022
# AssignedAccess CSP
-The AssignedAccess configuration service provider (CSP) is used to set the device to run in kiosk mode. Once the CSP has been executed, then the next user sign in that is associated with the kiosk mode puts the device into the kiosk mode running the application specified in the CSP configuration.
+The table below shows the applicability of Windows:
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+The AssignedAccess configuration service provider (CSP) is used to set the device to run in kiosk mode. Once the CSP has been executed, the next user login that is associated with the kiosk mode puts the device into the kiosk mode running the application specified in the CSP configuration.
For a step-by-step guide for setting up devices to run in kiosk mode, see [Set up a kiosk on Windows 10 Pro, Enterprise, or Education.](/windows/configuration/kiosk-single-app)
@@ -23,14 +34,14 @@ In Windows 10, version 1709, the AssignedAccess configuration service provider (
> You can only assign one single app kiosk profile to an individual user account on a device. The single app profile does not support domain groups.
> [!Note]
-> If the application calls KeyCredentialManager.IsSupportedAsync when it is running in assigned access mode and it returns false on the first run, invoke the settings screen and select a appropriate PIN to use with Windows Hello. This is the settings screen that is hidden by the application running in assigned access mode. You can only use Windows Hello if you first leave assigned access mode, select your convenience pin, and then go back into assigned access mode again.
+> If the application calls `KeyCredentialManager.IsSupportedAsync` when it is running in assigned access mode and it returns false on the first run, invoke the settings screen and select an appropriate PIN to use with Windows Hello. This is the settings screen that is hidden by the application running in assigned access mode. You can only use Windows Hello if you first leave assigned access mode, select your convenience pin, and then go back into assigned access mode again.
> [!Note]
> The AssignedAccess CSP is supported in Windows 10 Enterprise and Windows 10 Education. Starting from Windows 10, version 1709, it is supported in Windows 10 Pro and Windows 10 S. Starting from Windows 10, version 1803, it is also supported in Windows Holographic for Business edition.
The following example shows the AssignedAccess configuration service provider in tree format
-```
+```console
./Vendor/MSFT
AssignedAccess
----KioskModeApp
@@ -44,14 +55,14 @@ AssignedAccess
Root node for the CSP.
**./Device/Vendor/MSFT/AssignedAccess/KioskModeApp**
-A JSON string that contains the user account name and Application User Model ID (AUMID) of the Kiosk mode app. For more information about how to get the AUMID, see [Find the Application User Model ID of an installed app](/windows-hardware/customize/enterprise/find-the-application-user-model-id-of-an-installed-app).
+A JSON string that contains the user account name and Application User Model ID (AUMID) of the Kiosk mode app. For more information about how to get the AUMID, see [Find the Application User Model ID of an installed app](/windows/configuration/find-the-application-user-model-id-of-an-installed-app).
For more information, see [Set up a kiosk on Windows 10 Pro, Enterprise, or Education.](/windows/configuration/kiosk-single-app)
> [!Note]
-> In Windows 10, version 1803 the Configuration node introduces single app kiosk profile to replace KioskModeApp CSP node. KioskModeApp node will be deprecated soon, so you should use the single app kiosk profile in config xml for Configuration node to configure public-facing single app Kiosk.
+> In Windows 10, version 1803, the Configuration node introduces single app kiosk profile to replace KioskModeApp CSP node. KioskModeApp node will be deprecated soon, so you should use the single app kiosk profile in config xml for Configuration node to configure public-facing single app Kiosk.
>
-> Starting in Windows 10, version 1803 the KioskModeApp node becomes No-Op if Configuration node is configured on the device. That Add/Replace/Delete command on KioskModeApp node always returns SUCCESS to the MDM server if Configuration node is set, but the data of KioskModeApp will not take any effect on the device. Get command on KioskModeApp will return the configured JSON string even it’s not effective.
+> Starting in Windows 10, version 1803, the KioskModeApp node becomes No-Op if Configuration node is configured on the device. That Add/Replace/Delete command on KioskModeApp node always returns SUCCESS to the MDM server if Configuration node is set, but the data of KioskModeApp will not take any effect on the device. Get command on KioskModeApp will return the configured JSON string even it’s not effective.
> [!Note]
> You can't set both KioskModeApp and ShellLauncher at the same time on the device.
@@ -453,7 +464,7 @@ The schema below is for AssignedAccess Configuration up to Windows 10 20H2 relea
);
```
-Here's the schema for new features introduced in Windows 10 1809 release
+Here's the schema for new features introduced in Windows 10 1809 release:
```xml
@@ -500,6 +511,7 @@ Here's the schema for new features introduced in Windows 10 1809 release
```
Schema for Windows 10 prerelease
+
```xml
- This read only node contains kiosk health event in xml
+ This read only node contains kiosk health event in xml.
@@ -196,14 +195,4 @@ This node supports Add, Delete, Replace and Get methods. When there's no configu
## Related topics
-
[AssignedAccess configuration service provider](assignedaccess-csp.md)
-
-
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md
index a0a4883d44..5430991444 100644
--- a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md
+++ b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md
@@ -1,7 +1,6 @@
---
title: Azure Active Directory integration with MDM
description: Azure Active Directory is the world largest enterprise cloud identity management service.
-ms.assetid: D03B0765-5B5F-4C7B-9E2B-18E747D504EE
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -359,7 +358,7 @@ With Azure integrated MDM enrollment, there's no discovery phase and the discove
There are two different MDM enrollment types that integrate with Azure AD, and use Azure AD user and device identities. Depending on the enrollment type, the MDM service may need to manage a single user or multiple users.
-**Multiple user management for Azure AD joined devices**
+**Multiple user management for Azure AD-joined devices**
In this scenario the MDM enrollment applies to every Azure AD user who signs in to the Azure AD joined device - call this enrollment type a device enrollment or a multi-user enrollment. The management server can determine the user identity, determine what policies are targeted for this user, and send corresponding policies to the device. To allow management server to identify current user that is logged on to the device, the OMA DM client uses the Azure AD user tokens. Each management session contains an extra HTTP header that contains an Azure AD user token. This information is provided in the DM package sent to the management server. However, in some circumstances Azure AD user token isn't sent over to the management server. One such scenario happens immediately after MDM enrollments completes during Azure AD join process. Until Azure AD join process is finished and Azure AD user signs on to the machine, Azure AD user token isn't available to OMA-DM process. Typically, MDM enrollment completes before Azure AD user sign in to machine and the initial management session doesn't contain an Azure AD user token. The management server should check if the token is missing and only send device policies in such case. Another possible reason for a missing Azure AD token in the OMA-DM payload is when a guest user is logged on to the device.
**Adding a work account and MDM enrollment to a device**
diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md
index b4564bd96c..7af651d2c0 100644
--- a/windows/client-management/mdm/bitlocker-csp.md
+++ b/windows/client-management/mdm/bitlocker-csp.md
@@ -12,6 +12,7 @@ ms.reviewer:
manager: dansimp
ms.collection: highpri
---
+
# BitLocker CSP
The BitLocker configuration service provider (CSP) is used by the enterprise to manage encryption of PCs and devices. This CSP was added in Windows 10, version 1703. Starting in Windows 10, version 1809, it's also supported in Windows 10 Pro.
@@ -76,6 +77,7 @@ Allows the administrator to require encryption that needs to be turned on by usi
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -136,6 +138,7 @@ Allows you to set the default encryption method for each of the different drive
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -209,6 +212,7 @@ Allows you to associate unique organizational identifiers to a new drive that is
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -266,6 +270,7 @@ Allows users on devices that are compliant with InstantGo or the Microsoft Hardw
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -305,6 +310,7 @@ Allows users to configure whether or not enhanced startup PINs are used with Bit
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -347,6 +353,7 @@ Allows you to configure whether standard users are allowed to change BitLocker P
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -389,6 +396,7 @@ Allows users to enable authentication options that require user input from the p
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -438,6 +446,7 @@ Allows you to configure the encryption type that is used by BitLocker.
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -485,6 +494,7 @@ This setting is a direct mapping to the BitLocker Group Policy "Require addition
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -582,6 +592,7 @@ This setting is a direct mapping to the BitLocker Group Policy "Configure minimu
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -648,6 +659,7 @@ This setting is a direct mapping to the BitLocker Group Policy "Configure pre-bo
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -724,6 +736,7 @@ This setting is a direct mapping to the BitLocker Group Policy "Choose how BitLo
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -812,6 +825,7 @@ This setting is a direct mapping to the BitLocker Group Policy "Choose how BitLo
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -903,6 +917,7 @@ This setting is a direct mapping to the BitLocker Group Policy "Deny write acces
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -960,6 +975,7 @@ Allows you to configure the encryption type on fixed data drives that is used by
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1007,6 +1023,7 @@ This setting is a direct mapping to the BitLocker Group Policy "Deny write acces
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1073,6 +1090,7 @@ Allows you to configure the encryption type that is used by BitLocker.
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1114,6 +1132,7 @@ Allows you to control the use of BitLocker on removable data drives.
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1160,7 +1179,7 @@ If you don't configure this policy setting, users can use BitLocker on removable
Allows the admin to disable the warning prompt for other disk encryption on the user machines that are targeted when the RequireDeviceEncryption policy is set to 1.
> [!IMPORTANT]
-> Starting in Windows 10, version 1803, the value 0 can only be set for Azure Active Directory joined devices. When RequireDeviceEncryption is set to 1 and AllowWarningForOtherDiskEncryption is set to 0, Windows will attempt to silently enable [BitLocker](/windows/device-security/bitlocker/bitlocker-overview).
+> Starting in Windows 10, version 1803, the value 0 can only be set for Azure Active Directory-joined devices. When RequireDeviceEncryption is set to 1 and AllowWarningForOtherDiskEncryption is set to 0, Windows will attempt to silently enable [BitLocker](/windows/device-security/bitlocker/bitlocker-overview).
> [!Warning]
> When you enable BitLocker on a device with third-party encryption, it may render the device unusable and require you to reinstall Windows.
@@ -1170,6 +1189,7 @@ Allows the admin to disable the warning prompt for other disk encryption on the
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1178,7 +1198,7 @@ Allows the admin to disable the warning prompt for other disk encryption on the
The following list shows the supported values:
-- 0 – Disables the warning prompt. Starting in Windows 10, version 1803, the value 0 can only be set for Azure Active Directory joined devices. Windows will attempt to silently enable BitLocker for value 0.
+- 0 – Disables the warning prompt. Starting in Windows 10, version 1803, the value 0 can only be set for Azure Active Directory-joined devices. Windows will attempt to silently enable BitLocker for value 0.
- 1 (default) – Warning prompt allowed.
```xml
@@ -1224,6 +1244,7 @@ If "AllowWarningForOtherDiskEncryption" isn't set, or is set to "1", "RequireDev
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1268,6 +1289,7 @@ This setting initiates a client-driven recovery password refresh after an OS dri
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1315,6 +1337,7 @@ Each server-side recovery key rotation is represented by a request ID. The serve
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1353,6 +1376,7 @@ This node reports compliance state of device encryption on the system.
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1413,6 +1437,7 @@ Status code can be one of the following values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1439,6 +1464,7 @@ This node needs to be queried in synchronization with RotateRecoveryPasswordsSta
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/bitlocker-ddf-file.md b/windows/client-management/mdm/bitlocker-ddf-file.md
index 06e6fdd613..b40819c5e8 100644
--- a/windows/client-management/mdm/bitlocker-ddf-file.md
+++ b/windows/client-management/mdm/bitlocker-ddf-file.md
@@ -646,7 +646,7 @@ The XML below is the current version for this CSP.
1 = This is the default, when the policy is not set. Warning prompt and encryption notification is allowed.
0 = Disables the warning prompt and encryption notification. Starting in Windows 10, next major update,
- the value 0 only takes affect on Azure Active Directory joined devices.
+ the value 0 only takes affect on Azure Active Directory-joined devices.
Windows will attempt to silently enable BitLocker for value 0.
If you want to disable this policy use the following SyncML:
@@ -744,15 +744,15 @@ The XML below is the current version for this CSP.
- Allows Admin to configure Numeric Recovery Password Rotation upon use for OS and fixed drives on AAD and Hybrid domain joined devices.
- When not configured, Rotation is turned on by default for AAD only and off on Hybrid. The Policy will be effective only when
+ Allows Admin to configure Numeric Recovery Password Rotation upon use for OS and fixed drives on Azure Active Directory and Hybrid domain joined devices.
+ When not configured, Rotation is turned on by default for Azure AD only and off on Hybrid. The Policy will be effective only when
Active Directory back up for recovery password is configured to required.
For OS drive: Turn on "Do not enable Bitlocker until recovery information is stored to AD DS for operating system drives"
For Fixed drives: Turn on "Do not enable Bitlocker until recovery information is stored to AD DS for fixed data drives"
Supported Values: 0 - Numeric Recovery Passwords rotation OFF.
- 1 - Numeric Recovery Passwords Rotation upon use ON for AAD joined devices. Default value
- 2 - Numeric Recovery Passwords Rotation upon use ON for both AAD and Hybrid devices
+ 1 - Numeric Recovery Passwords Rotation upon use ON for Azure Active Directory-joined devices. Default value
+ 2 - Numeric Recovery Passwords Rotation upon use ON for both Azure AD and Hybrid devices
If you want to disable this policy use the following SyncML:
@@ -783,7 +783,7 @@ The XML below is the current version for this CSP.
-
+
@@ -937,3 +937,7 @@ Supported Values: String form of request ID. Example format of request ID is GUI
```
+
+## Related topics
+
+[BitLocker configuration service provider](bitlocker-csp.md)
diff --git a/windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md b/windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md
index a47e4f4613..19a2fa944c 100644
--- a/windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md
+++ b/windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md
@@ -1,7 +1,6 @@
---
title: Bulk assign and reclaim seats from users
description: The Bulk assign and reclaim seats from users operation returns reclaimed or assigned seats in the Microsoft Store for Business.
-ms.assetid: 99E2F37D-1FF3-4511-8969-19571656780A
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md b/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md
index 0309b24aad..a6d69bff48 100644
--- a/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md
+++ b/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md
@@ -4,7 +4,6 @@ description: Bulk enrollment is an efficient way to set up a large number of dev
MS-HAID:
- 'p\_phdevicemgmt.bulk\_enrollment'
- 'p\_phDeviceMgmt.bulk\_enrollment\_using\_Windows\_provisioning\_tool'
-ms.assetid: DEB98FF3-CC5C-47A1-9277-9EF939716C87
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -15,7 +14,6 @@ author: dansimp
ms.date: 06/26/2017
---
-
# Bulk enrollment
Bulk enrollment is an efficient way to set up a large number of devices to be managed by an MDM server without the need to reimage the devices. In Windows 10 and 11 desktop devices, you can use the [Provisioning CSP](provisioning-csp.md) for bulk enrollment, except for the Azure Active Directory Join (Cloud Domain Join) enrollment scenario.
diff --git a/windows/client-management/mdm/cellularsettings-csp.md b/windows/client-management/mdm/cellularsettings-csp.md
index 5605ebe1f4..8e5f9ebac8 100644
--- a/windows/client-management/mdm/cellularsettings-csp.md
+++ b/windows/client-management/mdm/cellularsettings-csp.md
@@ -1,7 +1,6 @@
---
title: CellularSettings CSP
description: Learn how the CellularSettings configuration service provider is used to configure cellular settings on a mobile device.
-ms.assetid: ce8b6f16-37ca-4aaf-98b0-306d12e326df
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,10 +13,21 @@ ms.date: 06/26/2017
# CellularSettings CSP
+The table below shows the applicability of Windows:
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
The CellularSettings configuration service provider is used to configure cellular settings on a mobile device.
> [!Note]
-> Starting in Windows 10, version 1703 the CellularSettings CSP is supported in Windows 10 Home, Pro, Enterprise, and Education editions.
+> Starting in Windows 10, version 1703, the CellularSettings CSP is supported in Windows 10 and Windows 11 Home, Pro, Enterprise, and Education editions.
The following example shows the CellularSettings CSP in tree format as used by Open Mobile Alliance Client Provisioning (OMA CP). The OMA DM protocol isn't supported with this configuration service provider.
diff --git a/windows/client-management/mdm/certificate-authentication-device-enrollment.md b/windows/client-management/mdm/certificate-authentication-device-enrollment.md
index 1d2eebc12f..f7af4adf18 100644
--- a/windows/client-management/mdm/certificate-authentication-device-enrollment.md
+++ b/windows/client-management/mdm/certificate-authentication-device-enrollment.md
@@ -1,7 +1,6 @@
---
title: Certificate authentication device enrollment
description: This section provides an example of the mobile device enrollment protocol using certificate authentication policy.
-ms.assetid: 57DB3C9E-E4C9-4275-AAB5-01315F9D3910
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/certificate-renewal-windows-mdm.md b/windows/client-management/mdm/certificate-renewal-windows-mdm.md
index 758b284713..078523d5fb 100644
--- a/windows/client-management/mdm/certificate-renewal-windows-mdm.md
+++ b/windows/client-management/mdm/certificate-renewal-windows-mdm.md
@@ -4,7 +4,6 @@ description: Learn how to find all the resources that you need to provide contin
MS-HAID:
- 'p\_phdevicemgmt.certificate\_renewal'
- 'p\_phDeviceMgmt.certificate\_renewal\_windows\_mdm'
-ms.assetid: F910C50C-FF67-40B0-AAB0-CA7CE02A9619
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/certificatestore-csp.md b/windows/client-management/mdm/certificatestore-csp.md
index 0ef7d8606c..423745bbf6 100644
--- a/windows/client-management/mdm/certificatestore-csp.md
+++ b/windows/client-management/mdm/certificatestore-csp.md
@@ -1,7 +1,6 @@
---
title: CertificateStore CSP
description: Use the CertificateStore configuration service provider (CSP) to add secure socket layers (SSL), intermediate, and self-signed certificates.
-ms.assetid: 0fe28629-3cc3-42a0-91b3-3624c8462fd3
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,6 +13,17 @@ ms.date: 02/28/2020
# CertificateStore CSP
+The table below shows the applicability of Windows:
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
The CertificateStore configuration service provider is used to add secure socket layers (SSL), intermediate, and self-signed certificates.
> [!Note]
@@ -24,7 +34,7 @@ For the CertificateStore CSP, you can't use the Replace command unless the node
The following example shows the CertificateStore configuration service provider management object in tree format as used by both Open Mobile Alliance Device Management (OMA DM) and OMA Client Provisioning.
-```
+```console
./Vendor/MSFT
CertificateStore
----ROOT
@@ -259,7 +269,7 @@ Optional. OID of certificate template name.
Supported operations are Get, Add, and Delete.
**My/SCEP/*UniqueID*/Install/KeyLength**
-Required for enrollment. Specify private key length (RSA). Value type is an integer. Valid values are 1024, 2048, 4096. NGC key lengths supported should be specified.
+Required for enrollment. Specifies private key length (RSA). Value type is an integer. Valid values are 1024, 2048, 4096. NGC key lengths supported should be specified.
Supported operations are Get, Add, Delete, and Replace.
@@ -343,7 +353,7 @@ Required. Returns the URL of the SCEP server that responded to the enrollment re
Supported operation is Get.
**My/WSTEP**
-Required for MDM enrolled device. The parent node that hosts the MDM enrollment client certificate related settings that are enrolled via WSTEP. The nodes under WSTEP are mostly for MDM client certificate renew requests. Value type is node.
+Required for MDM enrolled device. Specifies the parent node that hosts the MDM enrollment client certificate related settings that are enrolled via WSTEP. The nodes under WSTEP are mostly for MDM client certificate renew requests. Value type is node.
Supported operation is Get.
@@ -358,8 +368,6 @@ Optional. Specifies the URL of certificate renewal server. If this node doesn't
> [!NOTE]
> The renewal process follows the same steps as device enrollment, which means that it starts with Discovery service, followed by Enrollment policy service, and then Enrollment web service.
-
-
Supported operations are Add, Get, Delete, and Replace.
**My/WSTEP/Renew/RenewalPeriod**
@@ -414,7 +422,7 @@ Optional. If certificate renewal fails, this integer value indicates the HRESULT
Supported operation is Get.
**My/WSTEP/Renew/LastRenewalAttemptTime**
-Added in Windows 10, version 1607. Time of the last attempted renewal.
+Added in Windows 10, version 1607. Specifies the time of the last attempted renewal.
Supported operation is Get.
@@ -424,7 +432,7 @@ Added in Windows 10, version 1607. Initiates a renewal now.
Supported operation is Execute.
**My/WSTEP/Renew/RetryAfterExpiryInterval**
-Added in Windows 10, version 1703. How long after the enrollment certificate has expired before trying to renew.
+Added in Windows 10, version 1703. Specifies how long after the enrollment certificate has expired before trying to renew.
Supported operations are Add, Get, and Replace.
@@ -698,7 +706,6 @@ Configure the device to automatically renew an MDM client certificate with the s
## Related topics
-
[Configuration service provider reference](configuration-service-provider-reference.md)
diff --git a/windows/client-management/mdm/certificatestore-ddf-file.md b/windows/client-management/mdm/certificatestore-ddf-file.md
index da503f9902..d05b283472 100644
--- a/windows/client-management/mdm/certificatestore-ddf-file.md
+++ b/windows/client-management/mdm/certificatestore-ddf-file.md
@@ -1,7 +1,6 @@
---
title: CertificateStore DDF file
description: Learn about OMA DM device description framework (DDF) for the CertificateStore configuration service provider. DDF files are used with OMA DM provisioning XML.
-ms.assetid: D9A12D4E-3122-45C3-AD12-CC4FFAEC08B8
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,7 +13,6 @@ ms.date: 12/05/2017
# CertificateStore DDF file
-
This topic shows the OMA DM device description framework (DDF) for the **CertificateStore** configuration service provider. DDF files are used only with OMA DM provisioning XML.
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
@@ -458,7 +456,7 @@ The XML below is the current version for this CSP.
- The base64 Encoded X.509 certificate. Note that though during MDM enrollment, enrollment server could use WAP XML format to add public part of MDM client cert via EncodedCertificate node, properly enroll a client certificate including private needs a cert enroll protocol handle it or user installs it manually. In WP, the server cannot purely rely on CertificateStore CSP to install a client certificate including private key.
+ The base64 Encoded X.509 certificate. Note that during MDM enrollment, enrollment server could use WAP XML format to add public part of MDM client cert via EncodedCertificate node and properly enroll a client certificate including private needs a cert enroll protocol to handle it or user installs it manually. In WP, the server cannot purely rely on CertificateStore CSP to install a client certificate including private key.
@@ -585,7 +583,7 @@ The XML below is the current version for this CSP.
- This store holds the SCEP portion of the MY store and handle operations related to SCEP certificate enrollment.
+ This store holds the SCEP portion of the MY store and handles operations related to SCEP certificate enrollment.
@@ -627,7 +625,7 @@ The XML below is the current version for this CSP.
- The group to represent the install request
+ The group to represent the install request.
@@ -1241,7 +1239,7 @@ The XML below is the current version for this CSP.
- If certificate renew fails, this node provide the last hresult code during renew process.
+ If certificate renew fails, this node provides the last hresult code during renew process.
@@ -1262,7 +1260,7 @@ The XML below is the current version for this CSP.
- Time of last attempted renew
+ Time of last attempted renew.
@@ -1283,7 +1281,7 @@ The XML below is the current version for this CSP.
- Initiate a renew now
+ Initiate a renew now.
@@ -1305,7 +1303,7 @@ The XML below is the current version for this CSP.
- How long after the enrollment cert has expiried to keep trying to renew
+ How long after the enrollment cert has expired to keep trying to renew.
@@ -1372,7 +1370,7 @@ The XML below is the current version for this CSP.
- The base64 Encoded X.509 certificate
+ The base64 Encoded X.509 certificate.
@@ -1667,11 +1665,6 @@ The XML below is the current version for this CSP.
```
-
-
-
-
-
-
-
+## Related topics
+[CertificateStore configuration service provider](certificatestore-csp.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/change-history-for-mdm-documentation.md b/windows/client-management/mdm/change-history-for-mdm-documentation.md
index ef943cbe35..5eb147ea0c 100644
--- a/windows/client-management/mdm/change-history-for-mdm-documentation.md
+++ b/windows/client-management/mdm/change-history-for-mdm-documentation.md
@@ -1,13 +1,13 @@
---
title: Change history for MDM documentation
description: This article lists new and updated articles for Mobile Device Management.
+author: aczechowski
+ms.author: aaroncz
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: dougeby
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
ms.localizationpriority: medium
ms.date: 10/19/2020
---
@@ -174,7 +174,6 @@ This article lists new and updated articles for the Mobile Device Management (MD
|New or updated article | Description|
|--- | ---|
-|[Mobile device management](index.md#mmat) | Added information about the MDM Migration Analysis Tool (MMAT).|
|[Policy CSP - DeviceGuard](policy-csp-deviceguard.md) | Updated ConfigureSystemGuardLaunch policy and replaced EnableSystemGuard with it.|
## August 2018
@@ -227,7 +226,6 @@ This article lists new and updated articles for the Mobile Device Management (MD
|[WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)|Added the following node in Windows 10, version 1803:
Settings/AllowVirtualGPU
Settings/SaveFilesToHost|
|[NetworkProxy CSP](networkproxy-csp.md)|Added the following node in Windows 10, version 1803:
ProxySettingsPerUser|
|[Accounts CSP](accounts-csp.md)|Added a new CSP in Windows 10, version 1803.|
-|[MDM Migration Analysis Tool (MMAT)](https://aka.ms/mmat)|Updated version available. MMAT is a tool you can use to determine which Group Policies are set on a target user/computer and cross-reference them against the list of supported MDM policies.|
|[CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download)|Added the DDF download of Windows 10, version 1803 configuration service providers.|
|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1803:
LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers|
diff --git a/windows/client-management/mdm/cleanpc-csp.md b/windows/client-management/mdm/cleanpc-csp.md
index 57298ac676..3c615c5b08 100644
--- a/windows/client-management/mdm/cleanpc-csp.md
+++ b/windows/client-management/mdm/cleanpc-csp.md
@@ -13,6 +13,17 @@ manager: dansimp
# CleanPC CSP
+The table below shows the applicability of Windows:
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Windows SE|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
The CleanPC configuration service provider (CSP) allows removal of user-installed and pre-installed applications, with the option to persist user data. This CSP was added in Windows 10, version 1703.
The following shows the CleanPC configuration service provider in tree format.
diff --git a/windows/client-management/mdm/cleanpc-ddf.md b/windows/client-management/mdm/cleanpc-ddf.md
index 1f2c1fa3f7..d5f5924627 100644
--- a/windows/client-management/mdm/cleanpc-ddf.md
+++ b/windows/client-management/mdm/cleanpc-ddf.md
@@ -1,7 +1,6 @@
---
title: CleanPC DDF
description: Learn about the OMA DM device description framework (DDF) for the CleanPC configuration service provider. DDF files are used only with OMA DM provisioning XML.
-ms.assetid: A2182898-1577-4675-BAE5-2A3A9C2AAC9B
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -34,7 +33,7 @@ The XML below is the current version for this CSP.
- Allow removal of user installed and pre-installed applications, with option to persist user data
+ Allow removal of user installed and pre-installed applications, with option to persist user data.
@@ -54,7 +53,7 @@ The XML below is the current version for this CSP.
- CleanPC operation without any retention of User data
+ CleanPC operation without any retention of User data.
@@ -75,7 +74,7 @@ The XML below is the current version for this CSP.
- CleanPC operation with retention of User data
+ CleanPC operation with retention of User data.
@@ -94,12 +93,6 @@ The XML below is the current version for this CSP.
```
-
-
-
-
-
-
-
-
+## Related topics
+[CleanPC configuration service provider](cleanpc-csp.md)
diff --git a/windows/client-management/mdm/clientcertificateinstall-csp.md b/windows/client-management/mdm/clientcertificateinstall-csp.md
index de295098f3..8d30b4114c 100644
--- a/windows/client-management/mdm/clientcertificateinstall-csp.md
+++ b/windows/client-management/mdm/clientcertificateinstall-csp.md
@@ -1,7 +1,6 @@
---
title: ClientCertificateInstall CSP
description: The ClientCertificateInstall configuration service provider (CSP) enables the enterprise to install client certificates.
-ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,18 +13,29 @@ ms.date: 07/30/2021
# ClientCertificateInstall CSP
+The table below shows the applicability of Windows:
+
+|Edition|Windows 10|Windows 11|
+|---|---|---|
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
The ClientCertificateInstall configuration service provider enables the enterprise to install client certificates. A client certificate has a unique ID, which is the *\[UniqueID\]* for this configuration. Each client certificate must have different UniqueIDs for the SCEP enrollment request.
For PFX certificate installation and SCEP installation, the SyncML commands must be wrapped in atomic commands to ensure that enrollment execution isn't triggered until all settings are configured. The Enroll command must be the last item in the atomic block.
> [!Note]
-> Currently in Windows 10, version 1511, when using the ClientCertificateInstall to install certificates to the device store and the user store and both certificates are sent to the device in the same MDM payload, the certificate intended for the device store will also get installed in the user store. This may cause issues with Wi-Fi or VPN when choosing the correct certificate to establish a connection. We are working to fix this issue.
+> Currently in Windows 10, version 1511, when using the ClientCertificateInstall to install certificates to the device store and the user store, both certificates are sent to the device in the same MDM payload and the certificate intended for the device store will also get installed in the user store. This may cause issues with Wi-Fi or VPN when choosing the correct certificate to establish a connection. We are working to fix this issue.
You can only set PFXKeyExportable to true if KeyLocation=3. For any other KeyLocation value, the CSP will fail.
The following example shows the ClientCertificateInstall configuration service provider in tree format.
-```
+```console
./Vendor/MSFT
ClientCertificateInstall
----PFXCertInstall
@@ -99,7 +109,7 @@ The data type is an integer corresponding to one of the following values:
| 1 | Install to TPM if present, fail if not present. |
| 2 | Install to TPM if present. If not present, fall back to software. |
| 3 | Install to software. |
-| 4 | Install to Windows Hello for Business (formerly known as Microsoft Passport for Work) whose name is specified |
+| 4 | Install to Windows Hello for Business (formerly known as Microsoft Passport for Work) whose name is specified. |
**ClientCertificateInstall/PFXCertInstall/*UniqueID*/ContainerName**
Optional. Specifies the Windows Hello for Business (formerly known as Microsoft Passport for Work) container name (if Windows Hello for Business storage provider (KSP) is chosen for the KeyLocation). If this node isn't specified when Windows Hello for Business KSP is chosen, enrollment will fail.
@@ -119,7 +129,7 @@ If a blob already exists, the Add operation will fail. If Replace is called on t
If Add is called on this node for a new PFX, the certificate will be added. When a certificate doesn't exist, Replace operation on this node will fail.
-In other words, using Replace or Add will result in the effect of either overwriting the old certificate or adding a new certificate CRYPT_DATA_BLOB, which can be found in CRYPT_INTEGER_BLOB.
+In other words, using Replace or Add will result in the effect of either overwriting the old certificate or adding a new certificate CRYPT_DATA_BLOB, which can be found in [CRYPT\_INTEGER\_BLOB](/previous-versions/windows/desktop/legacy/aa381414(v=vs.85)).
**ClientCertificateInstall/PFXCertInstall/*UniqueID*/PFXCertPassword**
Password that protects the PFX blob. This is required if the PFX is password protected.
@@ -133,9 +143,9 @@ Optional. Used to specify whether the PFX certificate password is encrypted with
The data type is int. Valid values:
-- 0 - Password isn't encrypted.
-- 1 - Password is encrypted with the MDM certificate.
-- 2 - Password is encrypted with custom certificate.
+- 0 - Password isn't encrypted.
+- 1 - Password is encrypted with the MDM certificate.
+- 2 - Password is encrypted with custom certificate.
When PFXCertPasswordEncryptionType =2, you must specify the store name in PFXCertPasswordEncryptionStore setting.
@@ -322,9 +332,9 @@ Data type is string.
Valid values are:
-- Days (Default)
-- Months
-- Years
+- Days (Default)
+- Months
+- Years
> [!NOTE]
> The device only sends the MDM server expected certificate validation period (ValidPeriodUnits + ValidPeriod) to the SCEP server as part of certificate enrollment request. Depending on the server configuration, the server defines how to use this valid period to create the certificate.
@@ -366,7 +376,7 @@ The date type format is Null, meaning this node doesn’t contain a value.
The only supported operation is Execute.
**ClientCertificateInstall/SCEP/*UniqueID*/Install/AADKeyIdentifierList**
-Optional. Specify the Azure AD Key Identifier List as a list of semicolon separated values. On Enroll, the values in this list are validated against the Azure AD Key present on the device. If no match is found, enrollment will fail.
+Optional. Specify the Azure Active Directory Key Identifier List as a list of semicolon separated values. On Enroll, the values in this list are validated against the Azure AD Key present on the device. If no match is found, enrollment will fail.
Data type is string.
@@ -608,7 +618,7 @@ Enroll a client certificate through SCEP.
```
-Add a PFX certificate. The PFX certificate password is encrypted with a custom certificate fro "My" store.
+Add a PFX certificate. The PFX certificate password is encrypted with a custom certificate from "My" store.
```xml
diff --git a/windows/client-management/mdm/clientcertificateinstall-ddf-file.md b/windows/client-management/mdm/clientcertificateinstall-ddf-file.md
index 46bb00affa..da749c41ae 100644
--- a/windows/client-management/mdm/clientcertificateinstall-ddf-file.md
+++ b/windows/client-management/mdm/clientcertificateinstall-ddf-file.md
@@ -1,7 +1,6 @@
---
title: ClientCertificateInstall DDF file
description: Learn about the OMA DM device description framework (DDF) for the ClientCertificateInstall configuration service provider.
-ms.assetid: 7F65D045-A750-4CDE-A1CE-7D152AA060CA
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,7 +13,6 @@ ms.date: 12/05/2017
# ClientCertificateInstall DDF file
-
This topic shows the OMA DM device description framework (DDF) for the **ClientCertificateInstall** configuration service provider. DDF files are used only with OMA DM provisioning XML.
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
@@ -107,7 +105,7 @@ Calling Delete on the this node, should delete the certificates and the keys tha
- Required for PFX certificate installation. Indicates the KeyStorage provider to target the private key installation to. Supported operations are Get, Add
+ Required for PFX certificate installation. Indicates the KeyStorage provider to target the private key installation. Supported operations are Get, Add.
Datatype will be int
1- Install to TPM, fail if not present
2 – Install to TPM if present, if not present fallback to Software
@@ -138,8 +136,8 @@ Calling Delete on the this node, should delete the certificates and the keys tha
Optional.
Specifies the NGC container name (if NGC KSP is chosen for above node). If this node is not specified when NGC KSP is chosen, enrollment will fail.
-Format is chr
-Supported operations are Get, Add, Delete and Replace
+Format is chr.
+Supported operations are Get, Add, Delete and Replace.
@@ -165,8 +163,8 @@ Supported operations are Get, Add, Delete and Replace
Required.
CRYPT_DATA_BLOB structure that contains a PFX packet with the exported and encrypted certificates and keys. Add on this node will trigger the addition to the PFX certificate. This requires that all the other nodes under UniqueID that are parameters for PFX installation (Container Name, KeyLocation, CertPassword, fKeyExportable) are present before this is called. This will also set the Status node to the current Status of the operation.
-Format is Binary64
-Supported operations are Get, Add, Replace
+Format is Binary64.
+Supported operations are Get, Add, Replace.
If Add is called on this node and a blob already exists, it will fail. If Replace is called on this node, the certificates will be overwritten.
If Add is called on this node for a new PFX, the certificate will be added. If Replace is called on this node when it does not exist, this will fail.
In other words, using Replace or Add will result in the effect of either overwriting the old certificate or adding a new certificate
@@ -197,7 +195,7 @@ CRYPT_DATA_BLOB on MSDN can be found at https://msdn.microsoft.com/library/windo
Required if PFX is password protected.
Password that protects the PFX blob.
-Format is chr. Supported operations are Add, Get
+Format is chr. Supported operations are Add, Get.
@@ -228,7 +226,7 @@ If the value is
1- Password is encrypted using the MDM certificate by the MDM server
2 - Password is encrypted by a Custom Certificate by the MDM server. When this value is used here, also specify the custom store name in the PFXCertPasswordEncryptionStore node.
The datatype for this node is int.
-Supported operations are Add, Replace
+Supported operations are Add, Replace.
@@ -254,7 +252,7 @@ Supported operations are Add, Replace
trueOptional. Used to specify if the private key installed is exportable (can be exported later). The datatype for this node is bool.
-Supported operations are Add, Get
+Supported operations are Add, Get.
@@ -299,7 +297,7 @@ Supported operations are Add, Get
Returns the error code of the PFX installation from the GetLastError command called after the PfxImportCertStore. Datatype is int.
-Support operations are Get
+Support operations are Get.
@@ -374,7 +372,7 @@ Support operation are Add, Get and Replace.
Required for SCEP certificate installation. A unique ID to differentiate different certificate install requests.
Format is node.
-Supported operations are Get, Add, Delete
+Supported operations are Get, Add, Delete.
Calling Delete on the this node, should delete the corresponding SCEP certificate
@@ -401,7 +399,7 @@ Calling Delete on the this node, should delete the corresponding SCEP certificat
Required for SCEP certificate enrollment. Parent node to group SCEP cert install related request. Format is node. Supported operation is Add, Delete.
-NOTE: though the children nodes under Install support Replace commands, once the Exec command is sent to the device, the device will take the values which are set when the Exec command is accepted. The server should not expect the node value change after Exec command is accepted will impact the current undergoing enrollment. The server should check the Status node value and make sure the device is not at unknown stage before changing children node values.
+NOTE: Though the children nodes under Install support Replace commands, once the Exec command is sent to the device, the device will take the values which are set when the Exec command is accepted. The server should not expect the node value change after Exec command is accepted will impact the current undergoing enrollment. The server should check the Status node value and make sure the device is not at unknown stage before changing children node values.
@@ -570,7 +568,7 @@ SCEP enrolled cert doesn’t support TPM PIN protection. Supported values:
Format is int.
-Supported operations are Get, Add, Delete, Replace
+Supported operations are Get, Add, Delete, Replace.
@@ -604,7 +602,7 @@ The min value is 1.
Format is int.
-Supported operations are Get, Add, Delete noreplace
+Supported operations are Get, Add, Delete noreplace.
@@ -654,7 +652,7 @@ The min value is 0 which means no retry. Supported operations are Get, Add, Dele
- Optional. OID of certificate template name. Note that this name is typically ignored by the SCEP server, therefore the MDM server typically doesn’t need to provide it. Format is chr. Supported operations are Get, Add, Delete.noreplace
+ Optional. OID of certificate template name. Note that this name is typically ignored by the SCEP server, therefore the MDM server typically doesn’t need to provide it. Format is chr. Supported operations are Get, Add, Delete.noreplace.
@@ -819,7 +817,7 @@ NOTE: The device only sends the MDM server expected certificate validation perio
0
- Optional. Specify desired number of units used in validity period. Subjected to SCEP server configuration. Default is 0. The units are defined in ValidPeriod node. Note the valid period specified by MDM will overwrite the valid period specified in cert template. For example, if ValidPeriod is days and ValidPeriodUnits is 30, it means the total valid duration is 30 days.
+ Optional. Specify desired number of units used in validity period. Subjected to SCEP server configuration. Default is 0. The units are defined in ValidPeriod node. Note that the valid period specified by MDM will overwrite the valid period specified in cert template. For example, if ValidPeriod is days and ValidPeriodUnits is 30, it means the total valid duration is 30 days.
Format is int.
@@ -852,9 +850,9 @@ NOTE: The device only sends the MDM server expected certificate validation perio
Optional.
Specifies the NGC container name (if NGC KSP is chosen for above node). If this node is not specified when NGC KSP is chosen, enrollment will fail.
-Format is chr
+Format is chr.
-Supported operations are Get, Add, Delete and Replace
+Supported operations are Get, Add, Delete and Replace.
@@ -880,9 +878,9 @@ Supported operations are Get, Add, Delete and ReplaceOptional. Specifies the custom text to show on the NGC PIN prompt during certificate enrollment. The admin can choose to provide more contextual information for why the user needs to enter the PIN and what the certificate will be used for through this.
-Format is chr
+Format is chr.
-Supported operations are Get, Add, Delete and Replace
+Supported operations are Get, Add, Delete and Replace.
@@ -931,7 +929,7 @@ Supported operation is Exec.
- Optional. Specify the AAD Key Identifier List as a semicolon separated values. On Enroll, the values in this list are validated against the AAD Key present on the device. If no match is found, enrollment will fail.
+ Optional. Specify the Azure Active Directory Key Identifier List as a semicolon separated values. On Enroll, the values in this list are validated against the Azure AD Key present on the device. If no match is found, enrollment will fail.
@@ -1029,9 +1027,9 @@ Supported operation is Get.
Required. Returns the URL of the SCEP server that responded to the enrollment request.
-Format is String
+Format is String.
-Supported operation is Get
+Supported operation is Get.
@@ -1054,15 +1052,4 @@ Supported operation is Get
## Related topics
-
[ClientCertificateInstall configuration service provider](clientcertificateinstall-csp.md)
-
-
-
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/cm-cellularentries-csp.md b/windows/client-management/mdm/cm-cellularentries-csp.md
index 06562d8462..2204143dfe 100644
--- a/windows/client-management/mdm/cm-cellularentries-csp.md
+++ b/windows/client-management/mdm/cm-cellularentries-csp.md
@@ -1,7 +1,6 @@
---
title: CM\_CellularEntries CSP
description: Learn how to configure the General Packet Radio Service (GPRS) entries using the CM\_CellularEntries CSP.
-ms.assetid: f8dac9ef-b709-4b76-b6f5-34c2e6a3c847
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,6 +13,17 @@ ms.date: 08/02/2017
# CM\_CellularEntries CSP
+The table below shows the applicability of Windows:
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
The CM\_CellularEntries configuration service provider is used to configure the General Packet Radio Service (GPRS) entries on the device. It defines each GSM data access point.
This configuration service provider requires the ID\_CAP\_NETWORKING\_ADMIN capability to be accessed from a network configuration application.
@@ -76,13 +86,13 @@ Optional. Type: String. Specifies the type of connection used for the APN. The f
|Cdma|Used for CDMA type connections (1XRTT + EVDO).|
|Lte|Used for LTE type connections (eHRPD + LTE) when the device is registered HOME.|
|Legacy|Used for GPRS + GSM + EDGE + UMTS connections.|
-|Lte_iwlan|Used for GPRS type connections that may be offloaded over WiFi|
-|Iwlan|Used for connections that are implemented over WiFi offload only|
+|Lte_iwlan|Used for GPRS type connections that may be offloaded over WiFi.|
+|Iwlan|Used for connections that are implemented over WiFi offload only.|
**Desc.langid**
Optional. Specifies the UI display string used by the defined language ID.
-A parameter name in the format of Desc.langid will be used as the language-specific identifier for the specified entry. For example, a parameter defined as Desc.0409 with a value of "GPRS Connection" will force "GPRS Connection" to be displayed in the UI to represent this connection when the device is set to English language (language ID 0409). Descriptions for multiple languages may be provisioned using this mechanism, and the system will automatically switch among them if the user changes language preferences on the device. If no Desc parameter is provisioned for a given language, the system will default to the name used to create the entry.
+A parameter name in the format of Desc.langid will be used as the language-specific identifier for the specified entry. For example, a parameter defined as `Desc.0409` with a value of `"GPRS Connection"` will force "GPRS Connection" to be displayed in the UI to represent this connection when the device is set to English language (language ID 0409). Descriptions for multiple languages may be provisioned using this mechanism, and the system will automatically switch among them if the user changes language preferences on the device. If no **Desc** parameter is provisioned for a given language, the system will default to the name used to create the entry.
**Enabled**
Specifies if the connection is enabled.
@@ -131,7 +141,7 @@ Optional. Type: Int. This parameter specifies the roaming conditions under which
- 5 - Roaming only.
**OEMConnectionID**
-Optional. Type: GUID. Specifies a GUID to use to identify a specific connection in the modem. If a value isn't specified, the default value is 00000000-0000-0000-0000-000000000000. This parameter is only used on LTE devices.
+Optional. Type: GUID. Specifies a GUID that is used to identify a specific connection in the modem. If a value isn't specified, the default value is 00000000-0000-0000-0000-000000000000. This parameter is only used on LTE devices.
**ApnId**
Optional. Type: Int. Specifies the purpose of the APN. If a value isn't specified, the default value is "0" (none). This parameter is only used on LTE devices.
@@ -174,7 +184,7 @@ Optional. Type: Int. Specifies how long an on-demand connection can be unused be
> If tear-down/activation requests occur too frequently, this value should be set to greater than 5 seconds.
**SimIccId**
-For single SIM phones, this parm isOptional. However, it is highly recommended to include this value when creating future updates. For dual SIM phones, this parm is required. Type: String. Specifies the SIM ICCID that services the connection.
+For single SIM phones, this parm is Optional. However, it is highly recommended to include this value when creating future updates. For dual SIM phones, this parm is required. Type: String. Specifies the SIM ICCID that services the connection.
**PurposeGroups**
Required. Type: String. Specifies the purposes of the connection by a comma-separated list of GUIDs representing purpose values. The following purpose values are available:
@@ -271,17 +281,7 @@ The following table shows the Microsoft custom elements that this configuration
|Characteristic-query|Yes|
|Parm-query|Yes|
-
## Related topics
-
[Configuration service provider reference](configuration-service-provider-reference.md)
-
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/cmpolicy-csp.md b/windows/client-management/mdm/cmpolicy-csp.md
index 333377d822..94b8c15c30 100644
--- a/windows/client-management/mdm/cmpolicy-csp.md
+++ b/windows/client-management/mdm/cmpolicy-csp.md
@@ -1,7 +1,6 @@
---
title: CMPolicy CSP
description: Learn how the CMPolicy configuration service provider (CSP) is used to define rules that the Connection Manager uses to identify correct connections.
-ms.assetid: 62623915-9747-4eb1-8027-449827b85e6b
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,13 +13,22 @@ ms.date: 06/26/2017
# CMPolicy CSP
+The table below shows the applicability of Windows:
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
The CMPolicy configuration service provider defines rules that the Connection Manager uses to identify the correct connection for a connection request.
> [!NOTE]
> This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_NETWORKING\_ADMIN capabilities to be accessed from a network configuration application.
-
Each policy entry identifies one or more applications in combination with a host pattern. The policy entry is assigned a list of connection details that Connection Manager uses to satisfy connection requests matching the application and host patterns. CMPolicy configuration service provider can have multiple policies
**Policy Ordering**: There's no explicit ordering of policies. The general rule is that the most concrete or specific policy mappings take a higher precedence.
@@ -134,7 +142,6 @@ Specifies the type of connection being referenced. The following list describes
## OMA client provisioning examples
-
Adding an application-based mapping policy. In this example, the ConnectionId for type CMST\_CONNECTION\_NAME is set to the name of the connection (“GPRSConn1”) that is configured with the CM\_CellularEntries configuration service provider.
```xml
@@ -180,7 +187,9 @@ Adding an application-based mapping policy. In this example, the ConnectionId fo
```
-Adding a host-based mapping policy. In this example, the ConnectionId for type CMST\_CONNECTION\_NAME is set to the name of the connection (“GPRSConn1”) that is configured with the CM\_CellularEntries configuration service provider.
+Adding a host-based mapping policy:
+
+In this example, the ConnectionId for type CMST\_CONNECTION\_NAME is set to the name of the connection (“GPRSConn1”) that is configured with the CM\_CellularEntries configuration service provider.
```xml
@@ -364,7 +373,6 @@ Adding a host-based mapping policy:
## Microsoft Custom Elements
-
|Element|Available|
|--- |--- |
|parm-query|Yes|
@@ -373,7 +381,6 @@ Adding a host-based mapping policy:
## Related topics
-
[Configuration service provider reference](configuration-service-provider-reference.md)
diff --git a/windows/client-management/mdm/cmpolicyenterprise-csp.md b/windows/client-management/mdm/cmpolicyenterprise-csp.md
index e8f9de1f33..a2858ed680 100644
--- a/windows/client-management/mdm/cmpolicyenterprise-csp.md
+++ b/windows/client-management/mdm/cmpolicyenterprise-csp.md
@@ -1,7 +1,6 @@
---
title: CMPolicyEnterprise CSP
description: Learn how the CMPolicyEnterprise CSP is used to define rules that the Connection Manager uses to identify the correct connection for a connection request.
-ms.assetid: A0BE3458-ABED-4F80-B467-F842157B94BF
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,6 +13,17 @@ ms.date: 06/26/2017
# CMPolicyEnterprise CSP
+The table below shows the applicability of Windows:
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Windows SE|No|No|
+|Business|No|No|
+|Enterprise|No|No|
+|Education|No|No|
+
The CMPolicyEnterprise configuration service provider is used by the enterprise to define rules that the Connection Manager uses to identify the correct connection for a connection request.
> [!NOTE]
@@ -21,9 +31,12 @@ The CMPolicyEnterprise configuration service provider is used by the enterprise
Each policy entry identifies one or more applications in combination with a host pattern. The policy entry is assigned a list of connection details that Connection Manager uses to satisfy connection requests matching the application and host patterns. CMPolicyEnterprise configuration service provider can have multiple policies
+Each policy entry identifies one or more applications in combination with a host pattern. The policy entry is assigned a list of connection details that Connection Manager uses to satisfy connection requests matching the application and host patterns. CMPolicyEnterprise configuration service provider can have multiple policies
+
+
**Policy Ordering**: There's no explicit ordering of policies. The general rule is that the most concrete or specific policy mappings take a higher precedence.
-**Default Policies**: Policies are applied in order of their scope with the most specific policies considered before the more general policies. The phone’s default behavior applies to all applications and all domains and is only used when no other, more specific policy is available. The default policy is to use any available Wi-Fi network first and then any available APN.
+**Default Policies**: Policies are applied in the order of their scope with the most specific policies considered before the more general policies. The phone’s default behavior applies to all applications and all domains and is only used when no other, more specific policy is available. The default policy is to use any available Wi-Fi network first and then any available APN.
The following shows the CMPolicyEnterprise configuration service provider management object in tree format as used by both Open Mobile Alliance (OMA) Client Provisioning and OMA Device Management.
@@ -72,7 +85,8 @@ Specifies whether the list of connections is in preference order.
A value of "0" specifies that the connections aren't listed in order of preference. A value of "1" indicates that the listed connections are in order of preference.
**Conn***XXX*
-Enumerates the connections associated with the policy. Element names begin with "Conn" followed by three digits that increment starting from "000". For example, a policy applied to five connections would have element entries named "Conn000", "Conn001", "Conn002", "Conn003", and "Conn004".
+
+Enumerates the connections associated with the policy. Element names begin with "Conn" followed by three-digits, which increment starting from "000". For example, a policy which applied to five connections would have element entries named "Conn000", "Conn001", "Conn002", "Conn003", and "Conn004".
**ConnectionID**
Specifies a unique identifier for a connection within a group of connections. The exact value is based on the Type parameter.
@@ -90,7 +104,6 @@ For `CMST_CONNECTION_TYPE`, specify the GUID for the desired connection type. Th
|Wi-Fi|{8568B401-858E-4B7B-B3DF-0FD4927F131B}|
|Wi-Fi hotspot|{072FC7DC-1D93-40D1-9BB0-2114D7D73434}|
-
For `CMST_CONNECTION_NETWORK_TYPE`, specify the GUID for the desired network type. The curly brackets {} around the GUID are required. The following network types are available:
@@ -133,7 +146,6 @@ Specifies the type of connection being referenced. The following list describes
## OMA client provisioning examples
-
Adding an application-based mapping policy. In this example, the ConnectionId for type CMST\_CONNECTION\_NAME is set to the name of the connection (“GPRSConn1”) that is configured with the CM\_CellularEntries configuration service provider.
```xml
@@ -227,7 +239,6 @@ Adding a host-based mapping policy. In this example, the ConnectionId for type C
## OMA DM examples
-
Adding an application-based mapping policy:
```xml
@@ -364,7 +375,6 @@ Adding a host-based mapping policy:
## Microsoft Custom Elements
-
|Element|Available|
|--- |--- |
|parm-query|Yes|
@@ -373,7 +383,6 @@ Adding a host-based mapping policy:
## Related topics
-
[Configuration service provider reference](configuration-service-provider-reference.md)
diff --git a/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md b/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md
index d0ca95bb1d..9714d6d292 100644
--- a/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md
+++ b/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md
@@ -1,7 +1,6 @@
---
title: CMPolicyEnterprise DDF file
description: Learn about the OMA DM device description framework (DDF) for the CMPolicyEnterprise configuration service provider.
-ms.assetid: 065EF07A-0CF3-4EE5-B620-3464A75B7EED
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,7 +13,6 @@ ms.date: 12/05/2017
# CMPolicyEnterprise DDF file
-
This topic shows the OMA DM device description framework (DDF) for the **CMPolicyEnterprise** configuration service provider. DDF files are used only with OMA DM provisioning XML.
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
diff --git a/windows/client-management/mdm/config-lock.md b/windows/client-management/mdm/config-lock.md
index 26a30c88a6..a2167e456e 100644
--- a/windows/client-management/mdm/config-lock.md
+++ b/windows/client-management/mdm/config-lock.md
@@ -1,93 +1,90 @@
---
-title: Secured-Core Configuration Lock
-description: A Secured-Core PC (SCPC) feature that prevents configuration drift from Secured-Core PC features (shown below) caused by unintentional misconfiguration.
+title: Secured-core configuration lock
+description: A secured-core PC (SCPC) feature that prevents configuration drift from secured-core PC features caused by unintentional misconfiguration.
manager: dansimp
-keywords: mdm,management,administrator,config lock
ms.author: v-lsaldanha
ms.topic: article
ms.prod: w11
ms.technology: windows
author: lovina-saldanha
-ms.date: 03/14/2022
+ms.date: 05/24/2022
---
-# Secured-Core PC Configuration Lock
+# Secured-core PC configuration lock
**Applies to**
-- Windows 11
+- Windows 11
-In an enterprise organization, IT administrators enforce policies on their corporate devices to keep the devices in a compliant state and protect the OS by preventing users from changing configurations and creating config drift. Config drift occurs when users with local admin rights change settings and put the device out of sync with security policies. Devices in a non-compliant state can be vulnerable until the next sync and configuration reset with the MDM. Windows 11 with Config Lock enables IT administrators to prevent config drift and keep the OS configuration in the desired state. With config lock, the OS monitors the registry keys that configure each feature and when it detects a drift, reverts to the IT-desired state in seconds.
+In an enterprise organization, IT administrators enforce policies on their corporate devices to keep the devices in a compliant state and protect the OS by preventing users from changing configurations and creating config drift. Config drift occurs when users with local admin rights change settings and put the device out of sync with security policies. Devices in a non-compliant state can be vulnerable until the next sync and configuration reset with the MDM. Windows 11 with config lock enables IT administrators to prevent config drift and keep the OS configuration in the desired state. With config lock, the OS monitors the registry keys that configure each feature and when it detects a drift, reverts to the IT-desired state in seconds.
-Secured-Core Configuration Lock (Config Lock) is a new [Secured-Core PC (SCPC)](/windows-hardware/design/device-experiences/oem-highly-secure) feature that prevents configuration drift from Secured-Core PC features caused by unintentional misconfiguration. In short, it ensures a device intended to be a Secured-Core PC remains a Secured-Core PC.
+Secured-core configuration lock (config lock) is a new [secured-core PC (SCPC)](/windows-hardware/design/device-experiences/oem-highly-secure) feature that prevents configuration drift from secured-core PC features caused by unintentional misconfiguration. In short, it ensures a device intended to be a secured-core PC remains a secured-core PC.
-To summarize, Config Lock:
+To summarize, config lock:
-- Enables IT to “lock” Secured-Core PC features when managed through MDM
+- Enables IT to "lock" secured-core PC features when managed through MDM
- Detects drift remediates within seconds
-- DOES NOT prevent malicious attacks
+- Doesn't prevent malicious attacks
## Configuration Flow
-After a Secured-Core PC reaches the desktop, Config Lock will prevent configuration drift by detecting if the device is a Secured-Core PC or not. When the device isn't a Secured-Core PC, the lock won't apply. If the device is a Secured-Core PC, config lock will lock the policies listed under [List of locked policies](#list-of-locked-policies).
+After a secured-core PC reaches the desktop, config lock will prevent configuration drift by detecting if the device is a secured-core PC or not. When the device isn't a secured-core PC, the lock won't apply. If the device is a secured-core PC, config lock will lock the policies listed under [List of locked policies](#list-of-locked-policies).
## System Requirements
-Config Lock will be available for all Windows Professional and Enterprise Editions running on [Secured-Core PCs](/windows-hardware/design/device-experiences/oem-highly-secure).
+Config lock will be available for all Windows Professional and Enterprise Editions running on [secured-core PCs](/windows-hardware/design/device-experiences/oem-highly-secure).
-## Enabling Config Lock using Microsoft Intune
+## Enabling config lock using Microsoft Intune
-Config Lock isn't enabled by default (or turned on by the OS during boot). Rather, an IT Admin must intentionally turn it on.
-
-The steps to turn on Config Lock using Microsoft Endpoint Manager (Microsoft Intune) are as follows:
+Config lock isn't enabled by default, or turned on by the OS during boot. Rather, you need to turn it on.
-1. Ensure that the device to turn on Config Lock is enrolled in Microsoft Intune.
+The steps to turn on config lock using Microsoft Endpoint Manager (Microsoft Intune) are as follows:
+
+1. Ensure that the device to turn on config lock is enrolled in Microsoft Intune.
1. From the Microsoft Intune portal main page, select **Devices** > **Configuration Profiles** > **Create a profile**.
1. Select the following and press **Create**:
- **Platform**: Windows 10 and later
- **Profile type**: Templates
- **Template name**: Custom
- :::image type="content" source="images/configlock-mem-createprofile.png" alt-text="In Configuration profiles, the Create a profile page is showing, with the Platform set to Windows 10 and later, and a Profile Type of Templates":::
+ :::image type="content" source="images/configlock-mem-createprofile.png" alt-text="In Configuration profiles, the Create a profile page is showing, with the Platform set to Windows 10 and later, and a Profile Type of Templates.":::
1. Name your profile.
-1. When you reach the Configuration Settings step, select “Add” and add the following information:
+1. When you reach the Configuration Settings step, select "Add" and add the following information:
- **OMA-URI**: ./Vendor/MSFT/DMClient/Provider/MS%20DM%20Server/ConfigLock/Lock
- **Data type**: Integer
- **Value**: 1
- To turn off Config Lock, change the value to 0.
+ To turn off config lock, change the value to 0.
- :::image type="content" source="images/configlock-mem-editrow.png" alt-text="In the Configuration settings step, the Edit Row page is shown with a Name of Config Lock, a Description of Turn on Config Lock and the OMA-URI set as above, along with a Data type of Integer set to a Value of 1":::
+ :::image type="content" source="images/configlock-mem-editrow.png" alt-text="In the Configuration settings step, the Edit Row page is shown with a Name of config lock, a Description of Turn on config lock and the OMA-URI set as above, along with a Data type of Integer set to a Value of 1.":::
-1. Select the devices to turn on Config Lock. If you're using a test tenant, you can select “+ Add all devices”.
+1. Select the devices to turn on config lock. If you're using a test tenant, you can select "+ Add all devices".
1. You'll not need to set any applicability rules for test purposes.
-1. Review the Configuration and select “Create” if everything is correct.
-1. After the device syncs with the Microsoft Intune server, you can confirm if the Config Lock was successfully enabled.
+1. Review the Configuration and select "Create" if everything is correct.
+1. After the device syncs with the Microsoft Intune server, you can confirm if the config lock was successfully enabled.
- :::image type="content" source="images/configlock-mem-dev.png" alt-text="The Profile assignment status dashboard when viewing the Config Lock device configuration profile, showing one device has succeeded in having this profile applied":::
+ :::image type="content" source="images/configlock-mem-dev.png" alt-text="The Profile assignment status dashboard when viewing the config lock device configuration profile, showing one device has succeeded in having this profile applied.":::
- :::image type="content" source="images/configlock-mem-devstatus.png" alt-text="The Device Status for the Config Lock Device Configuration Profile, showing one device with a Deployment Status as Succeeded and two with Pending":::
+ :::image type="content" source="images/configlock-mem-devstatus.png" alt-text="The Device Status for the config lock Device Configuration Profile, showing one device with a Deployment Status as Succeeded and two with Pending.":::
-## Configuring Secured-Core PC features
+## Configuring secured-core PC features
-Config Lock is designed to ensure that a Secured-Core PC isn't unintentionally misconfigured. IT Admins retain the ability to change (enable/disable) SCPC features (for example Firmware protection) via Group Policies and/or mobile device management (MDM) tools, such as Microsoft Intune.
+Config lock is designed to ensure that a secured-core PC isn't unintentionally misconfigured. You keep the ability to enable or disable SCPC features, for example, firmware protection. You can make these changes with group policies or MDM services like Microsoft Intune.
+
+:::image type="content" source="images/configlock-mem-firmwareprotect.png" alt-text="The Defender Firmware protection setting, with a description of Windows Defender System Guard protects your device from compromised firmware. The setting is set to Off.":::
-:::image type="content" source="images/configlock-mem-firmwareprotect.png" alt-text="The Defender Firmware protection setting, with a description of Windows Defender System Guard protects your device from compromised firmware. The setting is set to Off":::
-
## FAQ
-**Can an IT admins disable Config Lock ?**
- Yes. IT admins can use MDM to turn off Config Lock.
+- Can I disable config lock? Yes. You can use MDM to turn off config lock completely or put it in temporary unlock mode for helpdesk activities.
### List of locked policies
|**CSPs** |
|-----|
-|[BitLocker ](bitlocker-csp.md) |
+|[BitLocker](bitlocker-csp.md) |
|[PassportForWork](passportforwork-csp.md) |
|[WindowsDefenderApplicationGuard](windowsdefenderapplicationguard-csp.md) |
-|[ApplicationControl](applicationcontrol-csp.md)
-
+|[ApplicationControl](applicationcontrol-csp.md)
|**MDM policies** | **Supported by Group Policy** |
|-----|-----|
diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md
index 56bcf98029..6c7adbc949 100644
--- a/windows/client-management/mdm/configuration-service-provider-reference.md
+++ b/windows/client-management/mdm/configuration-service-provider-reference.md
@@ -1,7 +1,6 @@
---
title: Configuration service provider reference
description: A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device.
-ms.assetid: 71823658-951f-4163-9c40-c4d4adceaaec
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -438,18 +437,6 @@ Additional lists:
-
-[EnterpriseAppManagement CSP](enterpriseappmanagement-csp.md)
-
-
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|No|No|No|No|No|
-
-
-
-
[EnterpriseAppVManagement CSP](enterpriseappvmanagement-csp.md)
@@ -544,18 +531,6 @@ Additional lists:
-
-[Messaging CSP](messaging-csp.md)
-
-
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|No|No|No|No|No|
-
-
-
-
[MultiSIM CSP](multisim-csp.md)
@@ -640,18 +615,6 @@ Additional lists:
-
-[Proxy CSP](proxy-csp.md)
-
-
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|
-
-
-
-
[PXLogical CSP](pxlogical-csp.md)
@@ -700,18 +663,6 @@ Additional lists:
-
-[PolicyManager CSP](policymanager-csp.md)
-
-
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|No|No|No|No|No|
-
-
-
-
[Provisioning CSP](provisioning-csp.md)
@@ -748,18 +699,6 @@ Additional lists:
-
-[RemoteRing CSP](remotering-csp.md)
-
-
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-|No|No|No|No|No|
-
-
-
-
[RemoteWipe CSP](remotewipe-csp.md)
@@ -857,18 +796,15 @@ Additional lists:
+
[SurfaceHub](surfacehub-csp.md)
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-||||||
-
+
[TenantLockdown CSP](tenantlockdown-csp.md)
@@ -953,18 +889,16 @@ Additional lists:
+
[W4 Application CSP](w4-application-csp.md)
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-||||||
-
+
+
[WiFi CSP](wifi-csp.md)
@@ -1019,7 +953,7 @@ Additional lists:
|Home|Pro|Business|Enterprise|Education|
|--- |--- |--- |--- |--- |
-|No|Yes|Yes|Yes|Yes|
+|No|No|No|Yes|Yes|
@@ -1049,18 +983,15 @@ Additional lists:
+
[w7 Application CSP](w7-application-csp.md)
-
-|Home|Pro|Business|Enterprise|Education|
-|--- |--- |--- |--- |--- |
-||||||
-
+
@@ -1078,7 +1009,6 @@ You can download the DDF files for various CSPs from the links below:
## CSPs supported in HoloLens devices
-
The following list shows the CSPs supported in HoloLens devices:
| Configuration service provider | HoloLens (1st gen) Development Edition | HoloLens (1st gen) Commercial Suite | HoloLens 2 |
@@ -1163,7 +1093,6 @@ The following list shows the CSPs supported in HoloLens devices:
- [DiagnosticLog CSP](diagnosticlog-csp.md)
- [DMAcc CSP](dmacc-csp.md)
- [DMClient CSP](dmclient-csp.md)
-- [EnterpriseAppManagement CSP](enterpriseappmanagement-csp.md)
- [HealthAttestation CSP](healthattestation-csp.md)
- [NetworkProxy CSP](networkproxy-csp.md)
- [Policy CSP](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/customdeviceui-csp.md b/windows/client-management/mdm/customdeviceui-csp.md
index 1a0f77c9ed..de2896f574 100644
--- a/windows/client-management/mdm/customdeviceui-csp.md
+++ b/windows/client-management/mdm/customdeviceui-csp.md
@@ -1,7 +1,6 @@
---
title: CustomDeviceUI CSP
description: Learn how the CustomDeviceUI configuration service provider (CSP) allows OEMs to implement their custom foreground application.
-ms.assetid: 20ED1867-7B9E-4455-B397-53B8B15C95A3
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -42,7 +41,6 @@ Package Full Name of the application that needs to be launched in the background
## SyncML examples
-
**Set StartupAppID**
```xml
diff --git a/windows/client-management/mdm/customdeviceui-ddf.md b/windows/client-management/mdm/customdeviceui-ddf.md
index 40621f8a86..0433c22507 100644
--- a/windows/client-management/mdm/customdeviceui-ddf.md
+++ b/windows/client-management/mdm/customdeviceui-ddf.md
@@ -1,7 +1,6 @@
---
title: CustomDeviceUI DDF
description: Learn about the OMA DM device description framework (DDF) for the CustomDeviceUI configuration service provider.
-ms.assetid: E6D6B902-C57C-48A6-9654-CCBA3898455E
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,7 +13,6 @@ ms.date: 12/05/2017
# CustomDeviceUI DDF
-
This topic shows the OMA DM device description framework (DDF) for the **CustomDeviceUI** configuration service provider. DDF files are used only with OMA DM provisioning XML.
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
diff --git a/windows/client-management/mdm/data-structures-windows-store-for-business.md b/windows/client-management/mdm/data-structures-windows-store-for-business.md
index 4621e9a56d..138c6d80c8 100644
--- a/windows/client-management/mdm/data-structures-windows-store-for-business.md
+++ b/windows/client-management/mdm/data-structures-windows-store-for-business.md
@@ -4,7 +4,6 @@ description: Learn about the various data structures for Microsoft Store for Bus
MS-HAID:
- 'p\_phdevicemgmt.business\_store\_data\_structures'
- 'p\_phDeviceMgmt.data\_structures\_windows\_store\_for\_business'
-ms.assetid: ABE44EC8-CBE5-4775-BA8A-4564CB73531B
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md
index 22ee682cf2..6a6904fd19 100644
--- a/windows/client-management/mdm/defender-csp.md
+++ b/windows/client-management/mdm/defender-csp.md
@@ -1,7 +1,6 @@
---
title: Defender CSP
description: Learn how the Windows Defender configuration service provider is used to configure various Windows Defender actions across the enterprise.
-ms.assetid: 481AA74F-08B2-4A32-B95D-5A3FD05B335C
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -15,6 +14,15 @@ ms.date: 02/22/2022
# Defender CSP
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
> [!WARNING]
> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
@@ -355,7 +363,7 @@ Network Protection inspects DNS traffic that occurs over a UDP channel, to provi
**EnableNetworkProtection/DisableHttpParsing**
-Network Protection inspects HTTP traffic to see if a connection is being made to a malicious website, and to provide metadata to Behavior Monitoring. HTTP connections to malicious websites can also be blocked if -EnableNetworkProtection is set to enabled. HTTP inspection can be disabled by setting this value to "$true".
+Network Protection inspects HTTP traffic to see if a connection is being made to a malicious website, and to provide metadata to Behavior Monitoring. HTTP connections to malicious websites can also be blocked if Enable Network Protection is set to enabled. HTTP inspection can be disabled by setting this value to "$true".
- Type: Boolean
- Position: Named
@@ -365,7 +373,7 @@ Network Protection inspects HTTP traffic to see if a connection is being made to
**EnableNetworkProtection/DisableRdpParsing**
-Network Protection inspects RDP traffic so that it can block connections from known malicious hosts if -EnableNetworkProtection is set to be enabled, and to provide metadata to behavior monitoring. RDP inspection can be disabled by setting this value to "$true".
+Network Protection inspects RDP traffic so that it can block connections from known malicious hosts if Enable Network Protection is set to be enabled, and to provide metadata to behavior monitoring. RDP inspection can be disabled by setting this value to "$true".
- Type: Boolean
- Position: Named
@@ -375,7 +383,7 @@ Network Protection inspects RDP traffic so that it can block connections from kn
**EnableNetworkProtection/DisableSshParsing**
-Network Protection inspects SSH traffic, so that it can block connections from known malicious hosts. If -EnableNetworkProtection is set to be enabled, and to provide metadata to behavior monitoring. SSH inspection can be disabled by setting this value to "$true".
+Network Protection inspects SSH traffic, so that it can block connections from known malicious hosts. If Enable Network Protection is set to be enabled, and to provide metadata to behavior monitoring. SSH inspection can be disabled by setting this value to "$true".
- Type: Boolean
- Position: Named
@@ -385,7 +393,7 @@ Network Protection inspects SSH traffic, so that it can block connections from k
**EnableNetworkProtection/DisableTlsParsing**
-Network Protection inspects TLS traffic (also known as HTTPS traffic) to see if a connection is being made to a malicious website, and to provide metadata to Behavior Monitoring. TLS connections to malicious websites can also be blocked if -EnableNetworkProtection is set to enabled. HTTP inspection can be disabled by setting this value to "$true".
+Network Protection inspects TLS traffic (also known as HTTPS traffic) to see if a connection is being made to a malicious website, and to provide metadata to Behavior Monitoring. TLS connections to malicious websites can also be blocked if Enable Network Protection is set to enabled. HTTP inspection can be disabled by setting this value to "$true".
- Type: Boolean
- Position: Named
@@ -594,11 +602,13 @@ An interior node to group Windows Defender configuration information.
Supported operation is Get.
**Configuration/TamperProtection**
+
Tamper protection helps protect important security features from unwanted changes and interference. This protection includes real-time protection, behavior monitoring, and more. Accepts signed string to turn the feature on or off. Settings are configured with an MDM solution, such as Intune and is available in Windows 10 Enterprise E5 or equivalent subscriptions.
+
Send off blob to device to reset the tamper protection state before setting this configuration to "not configured" or "unassigned" in Intune.
-The data type is a Signed blob.
+The data type is a Signed BLOB.
Supported operations are Add, Delete, Get, Replace.
@@ -610,7 +620,7 @@ Intune tamper protection setting UX supports three states:
When enabled or disabled exists on the client and admin moves the setting to not configured, it won't have any impact on the device state. To change the state to either enabled or disabled would require to be set explicitly.
**Configuration/DisableLocalAdminMerge**
-This policy setting controls whether or not complex list settings configured by a local administrator are merged with managed settings. This setting applies to lists such as threats and exclusions.
+This policy setting controls whether or not complex list settings configured by a local administrator are merged with managed settings. This setting applies to lists such as threats and exclusion list.
If you disable or don't configure this setting, unique items defined in preference settings configured by the local administrator will be merged into the resulting effective policy. If conflicts occur, management settings will override preference settings.
@@ -630,6 +640,7 @@ Valid values are:
- 0 (default) – Disable.
**Configuration/HideExclusionsFromLocalAdmins**
+
This policy setting controls whether or not exclusions are visible to Local Admins. For end users (that aren't Local Admins) exclusions aren't visible, whether or not this setting is enabled.
If you disable or don't configure this setting, Local Admins will be able to see exclusions in the Windows Security App, in the registry, and via PowerShell.
@@ -639,22 +650,23 @@ If you enable this setting, Local Admins will no longer be able to see the exclu
> [!NOTE]
> Applying this setting won't remove exclusions, it will only prevent them from being visible to Local Admins. This is reflected in **Get-MpPreference**.
-Supported OS versions: Windows 10
+Supported OS versions: Windows 10
The data type is integer.
-Supported operations are Add, Delete, Get, Replace.
+Supported operations are Add, Delete, Get, and Replace.
Valid values are:
- 1 – Enable.
- 0 (default) – Disable.
**Configuration/DisableCpuThrottleOnIdleScans**
+
Indicates whether the CPU will be throttled for scheduled scans while the device is idle. This feature is enabled by default and won't throttle the CPU for scheduled scans performed when the device is otherwise idle, regardless of what ScanAvgCPULoadFactor is set to. For all other scheduled scans, this flag will have no impact and normal throttling will occur.
The data type is integer.
-Supported operations are Add, Delete, Get, Replace.
+Supported operations are Add, Delete, Get, and Replace.
Valid values are:
- 1 (default) – Enable.
@@ -665,7 +677,7 @@ Allow managed devices to update through metered connections. Data charges may ap
The data type is integer.
-Supported operations are Add, Delete, Get, Replace.
+Supported operations are Add, Delete, Get, and Replace.
Valid values are:
- 1 – Enable.
@@ -676,7 +688,7 @@ This settings controls whether Network Protection is allowed to be configured in
The data type is integer.
-Supported operations are Add, Delete, Get, Replace.
+Supported operations are Add, Delete, Get, and Replace.
Valid values are:
- 1 – Enable.
@@ -687,7 +699,7 @@ Allows an administrator to explicitly disable network packet inspection made by
The data type is string.
-Supported operations are Add, Delete, Get, Replace.
+Supported operations are Add, Delete, Get, and Replace.
**Configuration/EnableFileHashComputation**
Enables or disables file hash computation feature.
@@ -695,7 +707,7 @@ When this feature is enabled, Windows Defender will compute hashes for files it
The data type is integer.
-Supported operations are Add, Delete, Get, Replace.
+Supported operations are Add, Delete, Get, and Replace.
Valid values are:
- 1 – Enable.
@@ -706,7 +718,7 @@ The support log location setting allows the administrator to specify where the M
Data type is string.
-Supported operations are Add, Delete, Get, Replace.
+Supported operations are Add, Delete, Get, and Replace.
Intune Support log location setting UX supports three states:
@@ -714,7 +726,7 @@ Intune Support log location setting UX supports three states:
- 1 - Enabled. Enables the Support log location feature. Requires admin to set custom file path.
- 0 - Disabled. Turns off the Support log location feature.
-When enabled or disabled exists on the client and admin moves the setting to be configured not , it won't have any impact on the device state. To change the state to either enabled or disabled would require to be set explicitly.
+When enabled or disabled exists on the client and admin moves the setting to not configured, it won't have any impact on the device state. To change the state to either enabled or disabled would require to be set explicitly.
More details:
@@ -738,7 +750,7 @@ If you disable or don't configure this policy, the device will stay up to date a
The data type is integer.
-Supported operations are Add, Delete, Get, Replace.
+Supported operations are Add, Delete, Get, and Replace.
Valid values are:
- 0: Not configured (Default)
@@ -771,7 +783,7 @@ If you disable or don't configure this policy, the device will stay up to date a
The data type is integer.
-Supported operations are Add, Delete, Get, Replace.
+Supported operations are Add, Delete, Get, and Replace.
Valid values are:
- 0: Not configured (Default)
@@ -796,7 +808,7 @@ Current Channel (Broad): Devices will be offered updates only after the gradual
If you disable or don't configure this policy, the device will stay up to date automatically during the daily release cycle. Suitable for most devices.
The data type is integer.
-Supported operations are Add, Delete, Get, Replace.
+Supported operations are Add, Delete, Get, and Replace.
Valid Values are:
- 0: Not configured (Default)
@@ -819,7 +831,7 @@ If you disable or don't configure this policy, the device will remain in Current
The data type is integer.
-Supported operations are Add, Delete, Get, Replace.
+Supported operations are Add, Delete, Get, and Replace.
Valid values are:
- 1 – Enabled.
diff --git a/windows/client-management/mdm/defender-ddf.md b/windows/client-management/mdm/defender-ddf.md
index fe6514f5c2..9bf6463258 100644
--- a/windows/client-management/mdm/defender-ddf.md
+++ b/windows/client-management/mdm/defender-ddf.md
@@ -1,7 +1,6 @@
---
title: Defender DDF file
description: Learn how the OMA DM device description framework (DDF) for the Defender configuration service provider is used.
-ms.assetid: 39B9E6CF-4857-4199-B3C3-EC740A439F65
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/devdetail-csp.md b/windows/client-management/mdm/devdetail-csp.md
index 7a1c219d01..23a246c454 100644
--- a/windows/client-management/mdm/devdetail-csp.md
+++ b/windows/client-management/mdm/devdetail-csp.md
@@ -1,7 +1,6 @@
---
title: DevDetail CSP
description: Learn how the DevDetail configuration service provider handles the management object. This CSP provides device-specific parameters to the OMA DM server.
-ms.assetid: 719bbd2d-508d-439b-b175-0874c7e6c360
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,6 +13,16 @@ ms.date: 03/27/2020
# DevDetail CSP
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
The DevDetail configuration service provider handles the management object that provides device-specific parameters to the OMA DM server. These device parameters can be queried by servers using OMA DM commands. They aren't sent from the client to the server automatically.
> [!NOTE]
diff --git a/windows/client-management/mdm/devdetail-ddf-file.md b/windows/client-management/mdm/devdetail-ddf-file.md
index 29a697c6d8..e1d79c9308 100644
--- a/windows/client-management/mdm/devdetail-ddf-file.md
+++ b/windows/client-management/mdm/devdetail-ddf-file.md
@@ -1,7 +1,6 @@
---
title: DevDetail DDF file
description: Learn about the OMA DM device description framework (DDF) for the DevDetail configuration service provider.
-ms.assetid: 645fc2b5-2d2c-43b1-9058-26bedbe9f00d
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/developersetup-csp.md b/windows/client-management/mdm/developersetup-csp.md
index b27c178d3c..244e26d627 100644
--- a/windows/client-management/mdm/developersetup-csp.md
+++ b/windows/client-management/mdm/developersetup-csp.md
@@ -1,7 +1,6 @@
---
title: DeveloperSetup CSP
description: The DeveloperSetup configuration service provider (CSP) is used to configure developer mode on the device. This CSP was added in the Windows 10, version 1703.
-ms.assetid:
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/developersetup-ddf.md b/windows/client-management/mdm/developersetup-ddf.md
index 13d4a19b6a..4d959b186f 100644
--- a/windows/client-management/mdm/developersetup-ddf.md
+++ b/windows/client-management/mdm/developersetup-ddf.md
@@ -1,7 +1,6 @@
---
title: DeveloperSetup DDF file
description: This topic shows the OMA DM device description framework (DDF) for the DeveloperSetup configuration service provider. This CSP was added in Windows 10, version 1703.
-ms.assetid:
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/device-update-management.md b/windows/client-management/mdm/device-update-management.md
index 22f1b88991..030e89915c 100644
--- a/windows/client-management/mdm/device-update-management.md
+++ b/windows/client-management/mdm/device-update-management.md
@@ -1,10 +1,8 @@
---
title: Mobile device management MDM for device updates
description: Windows 10 provides several APIs to help mobile device management (MDM) solutions manage updates. Learn how to use these APIs to implement update management.
-ms.assetid: C27BAEE7-2890-4FB7-9549-A6EACC790777
ms.reviewer:
manager: dansimp
-keywords: mdm,management,administrator
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -14,7 +12,6 @@ ms.date: 11/15/2017
ms.collection: highpri
---
-
# Mobile device management (MDM) for device updates
>[!TIP]
@@ -861,7 +858,7 @@ Here's the list of corresponding Group Policy settings in HKLM\\Software\\Polici
|DeferFeatureUpdates|REG_DWORD|1: defer feature updates
Other value or absent: don’t defer feature updates|
|DeferFeatureUpdatesPeriodInDays|REG_DWORD|0-180: days to defer feature updates|
|PauseFeatureUpdates|REG_DWORD|1: pause feature updates
Other value or absent: don’t pause feature updates|
-|ExcludeWUDriversInQualityUpdate|REG_DWORD|1: exclude WU drivers
Other value or absent: offer WU drivers|
+|ExcludeWUDriversInQualityUpdate|REG_DWORD|1: exclude Windows Update drivers
Other value or absent: offer Windows Update drivers|
Here's the list of older policies that are still supported for backward compatibility. You can use these older policies for Windows 10, version 1511 devices.
diff --git a/windows/client-management/mdm/devicelock-csp.md b/windows/client-management/mdm/devicelock-csp.md
index f0d67e6950..2ee9b7eb60 100644
--- a/windows/client-management/mdm/devicelock-csp.md
+++ b/windows/client-management/mdm/devicelock-csp.md
@@ -1,7 +1,6 @@
---
title: DeviceLock CSP
description: Learn how the DeviceLock configuration service provider (CSP) is used by the enterprise management server to configure device lock related policies.
-ms.assetid: 9a547efb-738e-4677-95d3-5506d350d8ab
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/devicelock-ddf-file.md b/windows/client-management/mdm/devicelock-ddf-file.md
index c396396f46..75ec208587 100644
--- a/windows/client-management/mdm/devicelock-ddf-file.md
+++ b/windows/client-management/mdm/devicelock-ddf-file.md
@@ -1,7 +1,6 @@
---
title: DeviceLock DDF file
description: Learn about the OMA DM device description framework (DDF) for the DeviceLock configuration service provider (CSP).
-ms.assetid: 46a691b9-6350-4987-bfc7-f8b1eece3ad9
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/devicemanageability-csp.md b/windows/client-management/mdm/devicemanageability-csp.md
index a932bc0ed7..355ebdc632 100644
--- a/windows/client-management/mdm/devicemanageability-csp.md
+++ b/windows/client-management/mdm/devicemanageability-csp.md
@@ -1,7 +1,6 @@
---
title: DeviceManageability CSP
description: Learn how the DeviceManageability configuration service provider (CSP) is used to retrieve general information about MDM configuration capabilities on the device.
-ms.assetid: FE563221-D5B5-4EFD-9B60-44FE4066B0D2
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -20,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/devicemanageability-ddf.md b/windows/client-management/mdm/devicemanageability-ddf.md
index ca69075d3a..f57ca0aef2 100644
--- a/windows/client-management/mdm/devicemanageability-ddf.md
+++ b/windows/client-management/mdm/devicemanageability-ddf.md
@@ -1,7 +1,6 @@
---
title: DeviceManageability DDF
description: This topic shows the OMA DM device description framework (DDF) for the DeviceManageability configuration service provider. This CSP was added in Windows 10, version 1607.
-ms.assetid: D7FA8D51-95ED-40D2-AA84-DCC4BBC393AB
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/devicestatus-csp.md b/windows/client-management/mdm/devicestatus-csp.md
index 3f04f4495f..e804c7d30b 100644
--- a/windows/client-management/mdm/devicestatus-csp.md
+++ b/windows/client-management/mdm/devicestatus-csp.md
@@ -1,7 +1,6 @@
---
title: DeviceStatus CSP
description: Learn how the DeviceStatus configuration service provider keeps track of device inventory and queries the compliance state of devices within the enterprise.
-ms.assetid: 039B2010-9290-4A6E-B77B-B2469B482360
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -20,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/devicestatus-ddf.md b/windows/client-management/mdm/devicestatus-ddf.md
index 4b820066f6..5327b89015 100644
--- a/windows/client-management/mdm/devicestatus-ddf.md
+++ b/windows/client-management/mdm/devicestatus-ddf.md
@@ -1,7 +1,6 @@
---
title: DeviceStatus DDF
description: This topic shows the OMA DM device description framework (DDF) for the DeviceStatus configuration service provider. DDF files are used only with OMA DM provisioning XML.
-ms.assetid: 780DC6B4-48A5-4F74-9F2E-6E0D88902A45
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,7 +13,6 @@ ms.date: 03/12/2018
# DeviceStatus DDF
-
This topic shows the OMA DM device description framework (DDF) for the **DeviceStatus** configuration service provider. DDF files are used only with OMA DM provisioning XML.
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
diff --git a/windows/client-management/mdm/devinfo-csp.md b/windows/client-management/mdm/devinfo-csp.md
index e5dc49d8ee..c8403f3163 100644
--- a/windows/client-management/mdm/devinfo-csp.md
+++ b/windows/client-management/mdm/devinfo-csp.md
@@ -1,7 +1,6 @@
---
title: DevInfo CSP
description: Learn how the DevInfo configuration service provider handles the managed object that provides device information to the OMA DM server.
-ms.assetid: d3eb70db-1ce9-4c72-a13d-651137c1713c
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -20,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/devinfo-ddf-file.md b/windows/client-management/mdm/devinfo-ddf-file.md
index 3cf4154682..9d99d2d67b 100644
--- a/windows/client-management/mdm/devinfo-ddf-file.md
+++ b/windows/client-management/mdm/devinfo-ddf-file.md
@@ -1,7 +1,6 @@
---
title: DevInfo DDF file
description: Learn about the OMA DM device description framework (DDF) for the DevInfo configuration service provider (CSP).
-ms.assetid: beb07cc6-4133-4c0f-aa05-64db2b4a004f
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,7 +13,6 @@ ms.date: 12/05/2017
# DevInfo DDF file
-
This topic shows the OMA DM device description framework (DDF) for the **DevInfo** configuration service provider. DDF files are used only with OMA DM provisioning XML.
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
diff --git a/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md b/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md
index 057030f5f3..ea79a37fdb 100644
--- a/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md
+++ b/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md
@@ -1,7 +1,6 @@
---
title: Diagnose MDM failures in Windows 10
description: Learn how to collect MDM logs. Examining these logs can help diagnose enrollment or device management issues in Windows 10 devices managed by an MDM server.
-ms.assetid: 12D8263B-D839-4B19-9346-31E0CDD0CBF9
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/diagnosticlog-csp.md b/windows/client-management/mdm/diagnosticlog-csp.md
index 6476b2d5e2..cdf8c2917d 100644
--- a/windows/client-management/mdm/diagnosticlog-csp.md
+++ b/windows/client-management/mdm/diagnosticlog-csp.md
@@ -1,7 +1,6 @@
---
title: DiagnosticLog CSP
description: Learn about the feature areas of the DiagnosticLog configuration service provider (CSP), including the DiagnosticLog area and Policy area.
-ms.assetid: F76E0056-3ACD-48B2-BEA1-1048C96571C3
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -20,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/diagnosticlog-ddf.md b/windows/client-management/mdm/diagnosticlog-ddf.md
index 0f25053a37..38cf705e56 100644
--- a/windows/client-management/mdm/diagnosticlog-ddf.md
+++ b/windows/client-management/mdm/diagnosticlog-ddf.md
@@ -1,7 +1,6 @@
---
title: DiagnosticLog DDF
description: Learn about the the OMA DM device description framework (DDF) for the DiagnosticLog configuration service provider (CSP).
-ms.assetid: 9DD75EDA-5913-45B4-9BED-20E30CDEBE16
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,7 +13,6 @@ ms.date: 12/05/2017
# DiagnosticLog DDF
-
This topic shows the OMA DM device description framework (DDF) for the DiagnosticLog configuration service provider.
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
diff --git a/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md b/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md
index f3e3c24cf9..b3582457ad 100644
--- a/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md
+++ b/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md
@@ -4,7 +4,6 @@ description: Disconnecting is initiated either locally by the user using a phone
MS-HAID:
- 'p\_phdevicemgmt.disconnecting\_from\_the\_management\_infrastructure\_\_unenrollment\_'
- 'p\_phDeviceMgmt.disconnecting\_from\_mdm\_unenrollment'
-ms.assetid: 33B2B248-631B-451F-B534-5DA095C4C8E8
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -15,7 +14,6 @@ author: dansimp
ms.date: 06/26/2017
---
-
# Disconnecting from the management infrastructure (unenrollment)
The Disconnecting process is done either locally by the user who uses a phone or remotely by the IT administrator using management server. The user-initiated disconnection process is similar to the initial connection, wherein its initiation is from the same location in the Setting Control Panel as creating the workplace account.
@@ -125,7 +123,7 @@ When the server initiates disconnection, all undergoing sessions for the enrollm
## Unenrollment from Work Access settings page
-If the user is enrolled into MDM using an Azure Active Directory (AAD Join or by adding a Microsoft work account), the MDM account will show up under the Work Access page. However, the **Disconnect** button is greyed out and not accessible. Users can remove that MDM account by removing the AAD association to the device.
+If the user is enrolled into MDM using an Azure Active Directory (AAD Join or by adding a Microsoft work account), the MDM account will show up under the Work Access page. However, the **Disconnect** button is greyed out and not accessible. Users can remove that MDM account by removing the Azure AD association to the device.
You can only use the Work Access page to unenroll under the following conditions:
diff --git a/windows/client-management/mdm/dmacc-csp.md b/windows/client-management/mdm/dmacc-csp.md
index 50fd9dfd0d..9938c6c5dc 100644
--- a/windows/client-management/mdm/dmacc-csp.md
+++ b/windows/client-management/mdm/dmacc-csp.md
@@ -1,7 +1,6 @@
---
title: DMAcc CSP
description: Learn how the DMAcc configuration service provider (CSP) allows an OMA Device Management (DM) version 1.2 server to handle OMA DM account objects.
-ms.assetid: 43e73d8a-6617-44e7-8459-5c96f4422e63
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -20,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/dmacc-ddf-file.md b/windows/client-management/mdm/dmacc-ddf-file.md
index 2d1d256133..b967d91e87 100644
--- a/windows/client-management/mdm/dmacc-ddf-file.md
+++ b/windows/client-management/mdm/dmacc-ddf-file.md
@@ -1,7 +1,6 @@
---
title: DMAcc DDF file
description: Learn about the OMA DM device description framework (DDF) for the DMAcc configuration service provider (CSP).
-ms.assetid: 44dc99aa-2a85-498b-8f52-a81863765606
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,7 +13,6 @@ ms.date: 12/05/2017
# DMAcc DDF file
-
This topic shows the OMA DM device description framework (DDF) for the **DMAcc** configuration service provider. DDF files are used only with OMA DM provisioning XML.
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
diff --git a/windows/client-management/mdm/dmclient-csp.md b/windows/client-management/mdm/dmclient-csp.md
index 80655c5989..165584ee19 100644
--- a/windows/client-management/mdm/dmclient-csp.md
+++ b/windows/client-management/mdm/dmclient-csp.md
@@ -1,7 +1,6 @@
---
title: DMClient CSP
description: Understand how the DMClient configuration service provider (CSP) is used to specify enterprise-specific mobile device management (MDM) configuration settings.
-ms.assetid: a5cf35d9-ced0-4087-a247-225f102f2544
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -20,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -50,6 +50,8 @@ DMClient
------------Unenroll
------------AADResourceID
------------AADDeviceID
+------------AADSendDeviceToken
+------------ForceAadToken
------------EnrollmentType
------------EnableOmaDmKeepAliveMessage
------------HWDevID
@@ -72,6 +74,21 @@ DMClient
----------------NumberOfRemainingScheduledRetries
----------------PollOnLogin
----------------AllUsersPollOnFirstLogin
+------------LinkedEnrollment
+----------------Priority
+----------------Enroll
+----------------Unenroll
+----------------EnrollStatus
+----------------LastError
+------------Recovery
+----------------AllowRecovery
+----------------RecoveryStatus
+----------------InitiateRecovery
+------------MultipleSession
+----------------NumAllowedConcurrentUserSessionForBackgroundSync
+----------------NumAllowedConcurrentUserSessionAtUserLogonSync
+----------------IntervalForScheduledRetriesForUserSession
+----------------NumberOfScheduledRetriesForUserSession
----Unenroll
----UpdateManagementServiceAddress
```
@@ -325,6 +342,11 @@ Supported operations are Add, Delete, Get, and Replace.
Value type is bool.
+**Provider/*ProviderID*/ForceAadToken**
+The value type is integer/enum.
+
+The value is "1" and it means client should always send Azure Active Directory device token during check-in/sync.
+
**Provider/*ProviderID*/Poll**
Optional. Polling schedules must use the DMClient CSP. The Registry paths previously associated with polling using the Registry CSP are now deprecated.
@@ -443,6 +465,117 @@ Optional. Boolean value that allows the IT admin to require the device to start
Supported operations are Add, Get, and Replace.
+**Provider/*ProviderID*/LinkedEnrollment/Priority**
+This node is an integer, value is "0" or "1".
+
+Default is 1, meaning the MDM enrollment is the “winning” authority for conflicting policies/resources. Value 1 means MMP-C enrollment is the “winning” one.
+Support operations are Get and Set.
+
+**Provider/*ProviderID*/LinkedEnrollment/Enroll**
+This is an execution node and will trigger a silent MMP-C enrollment, using the Azure Active Directory device token pulled from the Azure AD-joined device. There is no user interaction needed.
+
+Support operation is Exec.
+
+**Provider/*ProviderID*/LinkedEnrollment/Unenroll**
+This is an execution node and will trigger a silent MMP-C unenroll, there is no user interaction needed. On un-enrollment, all the settings/resources set by MMPC will be rolled back(rollback details will be covered later).
+
+Support operation is Exec.
+
+**Provider/*ProviderID*/LinkedEnrollment/EnrollStatus**
+
+This node can be used to check both enroll and unenroll statuses.
+This will return the enroll action status and is defined as a enum class LinkedEnrollmentStatus. The values are aas follows:
+
+- Undefined = 0
+- EnrollmentNotStarted = 1
+- InProgress = 2
+- Failed = 3
+- Succeeded = 4
+- UnEnrollmentQueued = 5
+- UnEnrollmentSucceeded = 8
+
+Support operation is Get only.
+
+**Provider/*ProviderID*/LinkedEnrollment/LastError**
+
+This specifies the Hresult to report the enrollment/unenroll results.
+
+**Provider/*ProviderID*/Recovery/AllowRecovery**
+
+This node determines whether or not the client will automatically initiate a MDM Recovery operation when it detects issues with the MDM certificate.
+
+Supported operations are Get, Add, Replace and Delete.
+
+The supported values for this node are 1-true (allow) and 0-false(not allow). Default value is 0.
+
+**Provider/*ProviderID*/Recovery/RecoveryStatus**
+
+This node tracks the status of a Recovery request from the InitiateRecovery node. The values are as follows:
+
+0 - No Recovery request has been processed.
+1 - Recovery is in Process.
+2 - Recovery has finished successfully.
+3 - Recovery has failed to start because TPM is not available.
+4 - Recovery has failed to start because Azure Active Directory keys are not protected by the TPM.
+5 - Recovery has failed to start because the MDM keys are already protected by the TPM.
+6 - Recovery has failed to start because the TPM is not ready for attestation.
+7 - Recovery has failed because the client cannot authenticate to the server.
+8 - Recovery has failed because the server has rejected the client's request.
+
+Supported operation is Get only.
+
+**Provider/*ProviderID*/Recovery/InitiateRecovery**
+
+This node initiates an MDM Recovery operation on the client.
+
+If initiated with argument 0, it triggers MDM Recovery, no matter the state of the device.
+
+If initiated with argument 1, it triggers only if the MDM certificate’s private key isn’t already protected by the TPM, if there is a TPM to put the private key into, and if the TPM is ready for attestation.
+
+Supported operation is Exec only.
+
+**Provider/*ProviderID*/MultipleSession/NumAllowedConcurrentUserSessionForBackgroundSync**
+
+Optional. This node specifies maximum number of concurrent user sync sessions in background.
+
+The default value is dynamically decided by the client based on CPU usage.
+
+The values are : 0= none, 1= sequential, anything else= parallel.
+
+Supported operations are Get, Add, Replace and Delete.
+
+Value type is integer. Only applicable for Windows Enterprise multi-session.
+
+
+**Provider/*ProviderID*/MultipleSession/NumAllowedConcurrentUserSessionAtUserLogonSync**
+Optional. This node specifies maximum number of concurrent user sync sessions at User Login.
+
+The default value is dynamically decided by the client based on CPU usage.
+
+The values are : 0= none, 1= sequential, anything else= parallel.
+
+Supported operations are Get, Add, Replace and Delete.
+
+Value type is integer. Only applicable for Windows Enterprise multi-session.
+
+**Provider/*ProviderID*/MultipleSession/IntervalForScheduledRetriesForUserSession**
+Optional. This node specifies the waiting time (in minutes) for the initial set of retries as specified by the number of retries in `//Poll/NumberOfScheduledRetriesForUserSession`.
+
+If IntervalForScheduledRetriesForUserSession is not set, then the default value is used. The default value is 0. If the value is set to 0, this schedule is disabled.
+
+This configuration is only applicable for Windows Multi-session Editions.
+
+Supported operations are Get and Replace.
+
+**Provider/*ProviderID*/MultipleSession/NumberOfScheduledRetriesForUserSession**
+Optional. This node specifies the number of times the DM client should retry to connect to the server when the client is initially configured or enrolled to communicate with the server.
+
+If the value is set to 0 and the IntervalForScheduledRetriesForUserSession value is not 0, then the schedule will be set to repeat an infinite number of times.
+
+The default value is 0. This configuration is only applicable for Windows Multi-session Editions.
+
+Supported operations are Get and Replace.
+
**Provider/*ProviderID*/ConfigLock**
Optional. This node enables [Config Lock](config-lock.md) feature. If enabled, policies defined in the Config Lock document will be monitored and quickly remediated when a configuration drift is detected.
@@ -496,7 +629,7 @@ The status error mapping is listed below.
|--- |--- |
|0|Success|
|1|Failure: invalid PFN|
-|2|Failure: invalid or expired device authentication with MSA|
+|2|Failure: invalid or expired device authentication with Microsoft account|
|3|Failure: WNS client registration failed due to an invalid or revoked PFN|
|4|Failure: no Channel URI assigned|
|5|Failure: Channel URI has expired|
diff --git a/windows/client-management/mdm/dmclient-ddf-file.md b/windows/client-management/mdm/dmclient-ddf-file.md
index 9121cdc2b4..ca0753b5bc 100644
--- a/windows/client-management/mdm/dmclient-ddf-file.md
+++ b/windows/client-management/mdm/dmclient-ddf-file.md
@@ -1,7 +1,6 @@
---
title: DMClient DDF file
description: Learn about the OMA DM device description framework (DDF) for the DMClient configuration service provider (CSP).
-ms.assetid: A21B33AF-DB76-4059-8170-FADF2CB898A0
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -981,7 +980,7 @@ The XML below is for Windows 10, version 1803.
- Send the device AAD token, if the user one can't be returned
+ Send the device Azure Active Directory token, if the user one can't be returned
@@ -1661,7 +1660,7 @@ The XML below is for Windows 10, version 1803.
0
- Device Only. This node determines whether or not the MDM progress page is blocking in the AADJ or DJ++ case, as well as which remediation options are available.
+ Device Only. This node determines whether or not the MDM progress page is blocking in the Azure Active Directory-joined or DJ++ case, as well as which remediation options are available.
@@ -1740,7 +1739,7 @@ The XML below is for Windows 10, version 1803.
true
- Device only. This node decides wheter or not the MDM device progress page skips after AADJ or Hybrid AADJ in OOBE.
+ Device only. This node decides whether or not the MDM device progress page skips after Azure Active Directory-joined or Hybrid Azure AD-joined in OOBE.
@@ -1766,7 +1765,7 @@ The XML below is for Windows 10, version 1803.
false
- Device only. This node decides wheter or not the MDM user progress page skips after AADJ or DJ++ after user login.
+ Device only. This node decides wheter or not the MDM user progress page skips after Azure Active Directory-joined or DJ++ after user login.
diff --git a/windows/client-management/mdm/dmprocessconfigxmlfiltered.md b/windows/client-management/mdm/dmprocessconfigxmlfiltered.md
index 67d29f0ce3..27091ecd80 100644
--- a/windows/client-management/mdm/dmprocessconfigxmlfiltered.md
+++ b/windows/client-management/mdm/dmprocessconfigxmlfiltered.md
@@ -2,10 +2,8 @@
title: DMProcessConfigXMLFiltered function
description: Learn how the DMProcessConfigXMLFiltered function configures phone settings by using OMA Client Provisioning XML.
Search.Refinement.TopicID: 184
-ms.assetid: 31D79901-6206-454C-AE78-9B85A3B3487F
ms.reviewer:
manager: dansimp
-keywords: ["DMProcessConfigXMLFiltered function"]
topic_type:
- apiref
api_name:
diff --git a/windows/client-management/mdm/dmsessionactions-csp.md b/windows/client-management/mdm/dmsessionactions-csp.md
index 438ec54bdd..8a95673243 100644
--- a/windows/client-management/mdm/dmsessionactions-csp.md
+++ b/windows/client-management/mdm/dmsessionactions-csp.md
@@ -19,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/dynamicmanagement-csp.md b/windows/client-management/mdm/dynamicmanagement-csp.md
index bb204af81d..ce38bf29cd 100644
--- a/windows/client-management/mdm/dynamicmanagement-csp.md
+++ b/windows/client-management/mdm/dynamicmanagement-csp.md
@@ -20,6 +20,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/dynamicmanagement-ddf.md b/windows/client-management/mdm/dynamicmanagement-ddf.md
index 5bf20a535b..0bb1c75f3e 100644
--- a/windows/client-management/mdm/dynamicmanagement-ddf.md
+++ b/windows/client-management/mdm/dynamicmanagement-ddf.md
@@ -1,7 +1,6 @@
---
title: DynamicManagement DDF file
description: Learn about the OMA DM device description framework (DDF) for the DynamicManagement configuration service provider (CSP).
-ms.assetid: 7e266db0-2fd9-4412-b428-4550f41a1738
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/eap-configuration.md b/windows/client-management/mdm/eap-configuration.md
index 9f9d1ab88c..6eff7f2a44 100644
--- a/windows/client-management/mdm/eap-configuration.md
+++ b/windows/client-management/mdm/eap-configuration.md
@@ -1,7 +1,6 @@
---
title: EAP configuration
description: Learn how to create an Extensible Authentication Protocol (EAP) configuration XML for a VPN profile, including details about EAP certificate filtering in Windows 10.
-ms.assetid: DD3F2292-4B4C-4430-A57F-922FED2A8FAE
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,12 +13,10 @@ ms.date: 06/26/2017
# EAP configuration
-
This article provides a step-by-step guide for creating an Extensible Authentication Protocol (EAP) configuration XML for a VPN profile, including information about EAP certificate filtering in Windows 10.
## Create an EAP configuration XML for a VPN profile
-
To get the EAP configuration from your desktop using the rasphone tool that is shipped in the box:
1. Run rasphone.exe.
@@ -107,15 +104,13 @@ To get the EAP configuration from your desktop using the rasphone tool that is s
```
> [!NOTE]
- > You should check with mobile device management (MDM) vendor if you need to pass this XML in escaped format. The XSDs for all EAP methods are shipped in the box and can be found at the following locations:
- - C:\\Windows\\schemas\\EAPHost
- - C:\\Windows\\schemas\\EAPMethods
+ > You should check with Mobile Device Management (MDM) vendor, if you need to pass this XML in escaped format. The XSDs for all EAP methods are shipped in the box and can be found at the following locations:
+ > - C:\\Windows\\schemas\\EAPHost
+ > - C:\\Windows\\schemas\\EAPMethods
-
## EAP certificate filtering
-
In your deployment, if you have multiple certificates provisioned on the device and the Wi-Fi profile provisioned doesn't have a strict filtering criteria, you might see connection failures when connecting to Wi-Fi. The solution is to ensure that the Wi-Fi profile provisioned has strict filtering criteria so that it matches only one certificate.
Enterprises deploying certificate-based EAP authentication for VPN and Wi-Fi can encounter a situation where there are multiple certificates that meet the default criteria for authentication. This situation can lead to issues such as:
@@ -123,18 +118,18 @@ Enterprises deploying certificate-based EAP authentication for VPN and Wi-Fi can
- The user might be prompted to select the certificate.
- The wrong certificate might be auto-selected and cause an authentication failure.
-A production ready deployment must have the appropriate certificate details as part of the profile being deployed. The following information explains how to create or update an EAP configuration XML such that the extraneous certificates are filtered out and the appropriate certificate can be used for the authentication.
+A production ready deployment must have appropriate certificate details as part of the profile being deployed. The following information explains how to create or update an EAP configuration XML such that the extraneous certificates are filtered out and appropriate certificate can be used for the authentication.
-EAP XML must be updated with relevant information for your environment. This task can be done manually by editing the following XML sample, or by using the step-by-step UI guide. After the EAP XML is updated, refer to instructions from your MDM to deploy the updated configuration as follows:
+EAP XML must be updated with relevant information for your environment. This task can be done manually by editing the following XML sample or by using the step-by-step UI guide. After the EAP XML is updated, refer to instructions from your MDM to deploy the updated configuration as follows:
-- For Wi-Fi, look for the `` section of your current WLAN Profile XML. (This section is what you specify for the WLanXml node in the Wi-Fi CSP.) Within these tags you'll find the complete EAP configuration. Replace the section under `` with your updated XML and update your Wi-Fi profile. You can refer to your MDM’s guidance on how to deploy a new Wi-Fi profile.
+- For Wi-Fi, look for the `` section of your current WLAN Profile XML. (This section is what you specify for the WLanXml node in the Wi-Fi CSP.) Within these tags, you'll find the complete EAP configuration. Replace the section under `` with your updated XML and update your Wi-Fi profile. You can refer to your MDM’s guidance on how to deploy a new Wi-Fi profile.
- For VPN, EAP configuration is a separate field in the MDM configuration. Work with your MDM provider to identify and update the appropriate field.
For information about EAP settings, see .
For information about generating an EAP XML, see the EAP configuration article.
-For more information about extended key usage (EKU), see .
+For more information about extended key usage (EKU), see .
For information about adding EKU to a certificate, see .
@@ -142,9 +137,9 @@ The following list describes the prerequisites for a certificate to be used with
- The certificate must have at least one of the following EKU properties:
- - Client Authentication. As defined by RFC 5280, this property is a well-defined OID with value 1.3.6.1.5.5.7.3.2.
- - Any Purpose. This property is an EKU-defined one and is published by Microsoft, and is a well-defined OID with value 1.3.6.1.4.1.311.10.12.1. The inclusion of this OID implies that the certificate can be used for any purpose. The advantage of this EKU over the All Purpose EKU is that other non-critical or custom EKUs can still be added to the certificate for effective filtering.
- - All Purpose. As defined by RFC 5280, if a CA includes EKUs to satisfy some application needs, but doesn't want to restrict usage of the key, the CA can add an EKU value of 0. A certificate with such an EKU can be used for all purposes.
+ - Client Authentication: As defined by RFC 5280, this property is a well-defined OID with value 1.3.6.1.5.5.7.3.2.
+ - Any Purpose: This property is an EKU-defined one and is published by Microsoft. It is a well-defined OID with value 1.3.6.1.4.1.311.10.12.1. The inclusion of this OID implies that the certificate can be used for any purpose. The advantage of this EKU over the All Purpose EKU is that other non-critical or custom EKUs can still be added to the certificate for effective filtering.
+ - All Purpose: As defined by RFC 5280, if a CA includes EKUs to satisfy some application needs, but doesn't want to restrict usage of the key, the CA can add an EKU value of 0. A certificate with such an EKU can be used for all purposes.
- The user or the computer certificate on the client must chain to a trusted root CA.
- The user or the computer certificate doesn't fail any one of the checks that are performed by the CryptoAPI certificate store, and the certificate passes requirements in the remote access policy.
@@ -157,7 +152,6 @@ The following XML sample explains the properties for the EAP TLS XML, including
> For PEAP or TTLS profiles, the EAP TLS XML is embedded within some PEAP-specific or TTLS-specific elements.
-
```xml
@@ -261,7 +255,6 @@ The following XML sample explains the properties for the EAP TLS XML, including
> The EAP TLS XSD is located at %systemdrive%\\Windows\\schemas\\EAPMethods\\eaptlsconnectionpropertiesv3.xsd.
-
Alternatively, you can use the following procedure to create an EAP configuration XML:
1. Follow steps 1 through 7 in the EAP configuration article.
@@ -290,8 +283,7 @@ Alternatively, you can use the following procedure to create an EAP configuratio
> [!NOTE]
> You can also set all the other applicable EAP Properties through this UI as well. A guide for what these properties mean can be found in the [Extensible Authentication Protocol (EAP) Settings for Network Access](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh945104(v=ws.11)) article.
-
-
+## Related topics
-
+[Configuration service provider reference](configuration-service-provider-reference.md)
diff --git a/windows/client-management/mdm/email2-csp.md b/windows/client-management/mdm/email2-csp.md
index dab6f05a0e..2c03c1146b 100644
--- a/windows/client-management/mdm/email2-csp.md
+++ b/windows/client-management/mdm/email2-csp.md
@@ -1,7 +1,6 @@
---
title: EMAIL2 CSP
description: Learn how the EMAIL2 configuration service provider (CSP) is used to configure Simple Mail Transfer Protocol (SMTP) email accounts.
-ms.assetid: bcfc9d98-bc2e-42c6-9b81-0b5bf65ce2b8
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -20,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/email2-ddf-file.md b/windows/client-management/mdm/email2-ddf-file.md
index 11c6ba0946..7e3c271fc3 100644
--- a/windows/client-management/mdm/email2-ddf-file.md
+++ b/windows/client-management/mdm/email2-ddf-file.md
@@ -1,7 +1,6 @@
---
title: EMAIL2 DDF file
description: Learn how the OMA DM device description framework (DDF) for the EMAIL2 configuration service provider (CSP).
-ms.assetid: 7e266db0-2fd9-4412-b428-4550f41a1738
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,7 +13,6 @@ ms.date: 12/05/2017
# EMAIL2 DDF file
-
This topic shows the OMA DM device description framework (DDF) for the **EMAIL2** configuration service provider. DDF files are used only with OMA DM provisioning XML.
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
index 767c141d9a..8076b0a504 100644
--- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
+++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
@@ -127,7 +127,7 @@ Requirements:
> In Windows 10, version 1903, the MDM.admx file was updated to include an option to select which credential is used to enroll the device. **Device Credential** is a new option that will only have an effect on clients that have installed Windows 10, version 1903 or later. The default behavior for older releases is to revert to **User Credential**.
> **Device Credential** is only supported for Microsoft Intune enrollment in scenarios with Co-management or Azure Virtual Desktop because the Intune subscription is user centric.
- When a group policy refresh occurs on the client, a task is created and scheduled to run every 5 minutes for the duration of one day. The task is called "Schedule created by enrollment client for automatically enrolling in MDM from AAD."
+ When a group policy refresh occurs on the client, a task is created and scheduled to run every 5 minutes for the duration of one day. The task is called "Schedule created by enrollment client for automatically enrolling in MDM from Azure Active Directory."
To see the scheduled task, launch the [Task Scheduler app](#task-scheduler-app).
@@ -270,7 +270,7 @@ To collect Event Viewer logs:
> This task isn't visible to standard users, run Scheduled Tasks with administrative credentials to find the task.
This task runs every 5 minutes for the duration of one day. To confirm if the task succeeded, check the task scheduler event logs:
- **Applications and Services Logs > Microsoft > Windows > Task Scheduler > Operational**. Look for an entry where the task scheduler created by enrollment client for automatically enrolling in MDM from AAD is triggered by event ID 107.
+ **Applications and Services Logs > Microsoft > Windows > Task Scheduler > Operational**. Look for an entry where the task scheduler created by enrollment client for automatically enrolling in MDM from Azure Active Directory is triggered by event ID 107.
:::image type="content" alt-text="Event ID 107." source="images/auto-enrollment-event-id-107.png" lightbox="images/auto-enrollment-event-id-107.png":::
diff --git a/windows/client-management/mdm/enrollmentstatustracking-csp.md b/windows/client-management/mdm/enrollmentstatustracking-csp.md
index 6cf9e1ad93..d345f06255 100644
--- a/windows/client-management/mdm/enrollmentstatustracking-csp.md
+++ b/windows/client-management/mdm/enrollmentstatustracking-csp.md
@@ -11,14 +11,24 @@ ms.date: 05/21/2019
# EnrollmentStatusTracking CSP
-During Autopilot deployment, you can configure the Enrollment Status Page (ESP) to block the device usage until the required apps are installed. You can select the apps that must be installed before using the device. The EnrollmentStatusTracking configuration service provider (CSP) is used by Intune's agents, such as SideCar, to configure ESP for blocking the device usage until the required Win32 apps are installed. It tracks the installation status of the required policy providers and the apps they install and sends it to ESP, which displays the installation progress message to the user. For more information on ESP, see [Windows Autopilot Enrollment Status page](/windows/deployment/windows-autopilot/enrollment-status).
+The table below shows the applicability of Windows:
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+During Autopilot deployment, you can configure the Enrollment Status Page (ESP) to block the device use until the required apps are installed. You can select the apps that must be installed before using the device. The EnrollmentStatusTracking configuration service provider (CSP) is used by Intune's agents, such as SideCar to configure ESP for blocking the device use until the required Win32 apps are installed. It tracks the installation status of the required policy providers and the apps they install and sends it to ESP, which displays the installation progress message to the user. For more information on ESP, see [Windows Autopilot Enrollment Status page](/windows/deployment/windows-autopilot/enrollment-status).
ESP uses the EnrollmentStatusTracking CSP along with the DMClient CSP to track the installation of different apps. The EnrollmentStatusTracking CSP tracks Win32 apps installations and DMClient CSP tracks MSI and Universal Windows Platform apps installations. In DMClient CSP, the **FirstSyncStatus/ExpectedMSIAppPackages** and **FirstSyncStatus/ExpectedModernAppPackages** nodes list the apps to track their installation. For more information, see [DMClient CSP](dmclient-csp.md).
The EnrollmentStatusTracking CSP was added in Windows 10, version 1903.
-
-The following example shows the EnrollmentStatusTracking CSP in tree format.
+The following shows the EnrollmentStatusTracking CSP in tree format.
```
./User/Vendor/MSFT
EnrollmentStatusTracking
@@ -59,6 +69,7 @@ EnrollmentStatusTracking
------------------------RebootRequired
--------HasProvisioningCompleted
```
+
**./Vendor/MSFT**
For device context, use **./Device/Vendor/MSFT** path and for user context, use **./User/Vendor/MSFT** path.
@@ -93,10 +104,11 @@ Communicates the policy provider installation state back to ESP.
Scope is dynamic. Supported operations are Get, Add, Delete, and Replace.
Value type is integer. Expected values are as follows:
-- 1 — NotInstalled
-- 2 — NotRequired
-- 3 — Completed
-- 4 — Error
+
+- 1—NotInstalled
+- 2—NotRequired
+- 3—Completed
+- 4—Error
**EnrollmentStatusTracking/DevicePreparation/PolicyProviders/*ProviderName*/LastError**
Required. This node is supported only in device context.
@@ -127,8 +139,9 @@ This node specifies if the policy provider is registered for app provisioning.
Scope is dynamic. Supported operations are Get, Add, Delete, and Replace.
Value type is boolean. Expected values are as follows:
-- false — Indicates that the policy provider is not registered for app provisioning. This is the default.
-- true — Indicates that the policy provider is registered for app provisioning.
+
+- false—Indicates that the policy provider isn't registered for app provisioning. This is the default.
+- true—Indicates that the policy provider is registered for app provisioning.
**EnrollmentStatusTracking/Setup**
Required. This node is supported in both user context and device context.
@@ -150,7 +163,7 @@ Scope is permanent. Supported operation is Get.
**EnrollmentStatusTracking/Setup/Apps/PolicyProviders**/***ProviderName***
Optional. This node is supported in both user context and device context.
-Represents an app policy provider for the ESP. Existence of this node indicates to the ESP that it should not show the tracking status message until the TrackingPoliciesCreated node has been set to true.
+Represents an app policy provider for the ESP. Existence of this node indicates to the ESP that it shouldn't show the tracking status message until the TrackingPoliciesCreated node has been set to true.
Scope is dynamic. Supported operations are Get, Add, Delete, and Replace.
@@ -161,8 +174,9 @@ Indicates if the provider has created the required policies for the ESP to use f
Scope is dynamic. Supported operations are Get, Add, Delete, and Replace.
Value type is boolean. The expected values are as follows:
-- true — Indicates that the provider has created the required policies.
-- false — Indicates that the provider has not created the required policies. This is the default.
+
+- true—Indicates that the provider has created the required policies.
+- false—Indicates that the provider hasn't created the required policies. This is the default.
**EnrollmentStatusTracking/Setup/Apps/Tracking**
Required. This node is supported in both user context and device context.
@@ -178,7 +192,7 @@ Scope is dynamic. Supported operations are Get, Add, Delete, and Replace.
**EnrollmentStatusTracking/Setup/Apps/Tracking/*ProviderName*/_AppName_**
Optional. This node is supported in both user context and device context.
-Represents a unique name for the app whose progress should be tracked by the ESP. The policy provider can define any arbitrary app name as ESP does not use the app name directly.
+Represents a unique name for the app whose progress should be tracked by the ESP. The policy provider can define any arbitrary app name as ESP doesn't use the app name directly.
Scope is dynamic. Supported operations are Get, Add, Delete, and Replace.
@@ -189,21 +203,23 @@ Represents the installation state for the app. The policy providers (not the MDM
Scope is dynamic. Supported operations are Get, Add, Delete, and Replace.
Value type is integer. Expected values are as follows:
-- 1 — NotInstalled
-- 2 — InProgress
-- 3 — Completed
-- 4 — Error
+
+- 1—NotInstalled
+- 2—InProgress
+- 3—Completed
+- 4—Error
**EnrollmentStatusTracking/Setup/Apps/Tracking/*ProviderName*/*AppName*/RebootRequired**
Optional. This node is supported in both user context and device context.
-Indicates if the app installation requires ESP to issue a reboot. The policy providers installing the app (not the MDM server) must set this node. If the policy providers do not set this node, the ESP will not reboot the device for the app installation.
+Indicates if the app installation requires ESP to issue a reboot. The policy providers installing the app (not the MDM server) must set this node. If the policy providers don't set this node, the ESP won't reboot the device for the app installation.
Scope is dynamic. Supported operations are Get, Add, Delete, and Replace.
Value type is integer. Expected values are as follows:
-- 1 — NotRequired
-- 2 — SoftReboot
-- 3 — HardReboot
+
+- 1—NotRequired
+- 2—SoftReboot
+- 3—HardReboot
**EnrollmentStatusTracking/Setup/HasProvisioningCompleted**
Required. This node is supported in both user context and device context.
@@ -212,5 +228,10 @@ ESP sets this node when it completes. Providers can query this node to determine
Scope is permanent. Supported operation is Get.
Value type is boolean. Expected values are as follows:
-- true — Indicates that ESP has completed. This is the default.
-- false — Indicates that ESP is displayed, and provisioning is still going.
\ No newline at end of file
+
+- true—Indicates that ESP has completed. This is the default.
+- false—Indicates that ESP is displayed, and provisioning is still going.
+
+## Related topics
+
+[Configuration service provider reference](configuration-service-provider-reference.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/enterprise-app-management.md b/windows/client-management/mdm/enterprise-app-management.md
index d5a45549a2..c64c2d9ba3 100644
--- a/windows/client-management/mdm/enterprise-app-management.md
+++ b/windows/client-management/mdm/enterprise-app-management.md
@@ -1,7 +1,6 @@
---
title: Enterprise app management
description: This article covers one of the key mobile device management (MDM) features in Windows 10 for managing the lifecycle of apps across all of Windows.
-ms.assetid: 225DEE61-C3E3-4F75-BC79-5068759DFE99
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/enterpriseapn-csp.md b/windows/client-management/mdm/enterpriseapn-csp.md
index 8893e068c9..1e49e6f694 100644
--- a/windows/client-management/mdm/enterpriseapn-csp.md
+++ b/windows/client-management/mdm/enterpriseapn-csp.md
@@ -1,7 +1,6 @@
---
title: EnterpriseAPN CSP
description: The EnterpriseAPN configuration service provider is used by the enterprise to provision an APN for the Internet.
-ms.assetid: E125F6A5-EE44-41B1-A8CC-DF295082E6B2
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,10 +13,18 @@ ms.date: 09/22/2017
# EnterpriseAPN CSP
-The EnterpriseAPN configuration service provider (CSP) is used by the enterprise to provision an APN for the Internet.
+The table below shows the applicability of Windows:
-> [!Note]
-> Starting in Windows 10, version 1703 the EnterpriseAPN CSP is supported in Windows 10 Home, Pro, Enterprise, and Education editions.
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+The EnterpriseAPN configuration service provider (CSP) is used by the enterprise to provision an APN for the Internet.
The following example shows the EnterpriseAPN configuration service provider in tree format.
```
@@ -39,111 +46,112 @@ EnterpriseAPN
--------HideView
```
**EnterpriseAPN**
-
The root node for the EnterpriseAPN configuration service provider.
+The root node for the EnterpriseAPN configuration service provider.
**EnterpriseAPN/***ConnectionName*
-
Name of the connection as seen by Windows Connection Manager.
+Name of the connection as seen by Windows Connection Manager.
-
Supported operations are Add, Get, Delete, and Replace.
+Supported operations are Add, Get, Delete, and Replace.
**EnterpriseAPN/*ConnectionName*/APNName**
-
Enterprise APN name.
+Enterprise APN name.
-
Supported operations are Add, Get, Delete, and Replace.
+Supported operations are Add, Get, Delete, and Replace.
**EnterpriseAPN/*ConnectionName*/IPType**
-
This value can be one of the following values:
+This value can be one of the following:
-- IPv4 - only IPV4 connection type
-- IPv6 - only IPv6 connection type
-- IPv4v6 (default)- IPv4 and IPv6 concurrently.
-- IPv4v6xlat - IPv6 with IPv4 provided by 46xlat
+- IPv4 - only IPV4 connection type.
+- IPv6 - only IPv6 connection type.
+- IPv4v6 (default)- IPv4 and IPv6 concurrently.
+- IPv4v6xlat - IPv6 with IPv4 provided by 46xlat.
-
Supported operations are Add, Get, Delete, and Replace.
+Supported operations are Add, Get, Delete, and Replace.
**EnterpriseAPN/*ConnectionName*/IsAttachAPN**
-
Boolean value that indicates whether this APN should be requested as part of an LTE Attach. Default value is false.
+Boolean value that indicates whether this APN should be requested as part of an LTE Attach.
-
Supported operations are Add, Get, Delete, and Replace.
+Default value is false.
+
+Supported operations are Add, Get, Delete, and Replace.
**EnterpriseAPN/*ConnectionName*/ClassId**
-
GUID that defines the APN class to the modem. This GUID is the same as the OEMConnectionId in CM_CellularEntries CSP. Normally this setting isn't present. It's only required when IsAttachAPN is true and the attach APN isn't only used as the Internet APN.
+GUID that defines the APN class to the modem. This is the same as the OEMConnectionId in CM_CellularEntries CSP. Normally this setting isn't present. It's only required when IsAttachAPN is true and the attach APN isn't only used as the Internet APN.
-
Supported operations are Add, Get, Delete, and Replace.
+Supported operations are Add, Get, Delete, and Replace.
**EnterpriseAPN/*ConnectionName*/AuthType**
-
Authentication type. This value can be one of the following values:
+Authentication type. This value can be one of the following:
-- None (default)
-- Auto
-- PAP
-- CHAP
-- MSCHAPv2
+- None (default)
+- Auto
+- PAP
+- CHAP
+- MSCHAPv2
-
Supported operations are Add, Get, Delete, and Replace.
+Supported operations are Add, Get, Delete, and Replace.
**EnterpriseAPN/*ConnectionName*/UserName**
-
User name for use with PAP, CHAP, or MSCHAPv2 authentication.
+User name for use with PAP, CHAP, or MSCHAPv2 authentication.
-
Supported operations are Add, Get, Delete, and Replace.
+Supported operations are Add, Get, Delete, and Replace.
**EnterpriseAPN/*ConnectionName*/Password**
-
Password corresponding to the username.
+Password corresponding to the username.
-
Supported operations are Add, Get, Delete, and Replace.
+Supported operations are Add, Get, Delete, and Replace.
**EnterpriseAPN/*ConnectionName*/IccId**
-
Integrated Circuit Card ID (ICCID) associated with the cellular connection profile. If this node isn't present, the connection is created on a single-slot device using the ICCID of the UICC and on a dual-slot device using the ICCID of the UICC that is active for data.
+Integrated Circuit Card ID (ICCID) associated with the cellular connection profile. If this node isn't present, the connection is created on a single-slot device using the ICCID of the UICC and on a dual-slot device using the ICCID of the UICC that is active for data.
-
Supported operations are Add, Get, Delete, and Replace.
+Supported operations are Add, Get, Delete, and Replace.
**EnterpriseAPN/*ConnectionName*/AlwaysOn**
-
Added in Windows 10, version 1607. Boolean value that specifies whether the CM will automatically attempt to connect to the APN when a connection is available.
+Added in Windows 10, version 1607. Boolean value that specifies whether the CM will automatically attempt to connect to the APN when a connection is available.
-
The default value is true.
+The default value is true.
-
Supported operations are Add, Get, Delete, and Replace.
+Supported operations are Add, Get, Delete, and Replace.
**EnterpriseAPN/*ConnectionName*/Enabled**
-
Added in Windows 10, version 1607. Boolean that specifies whether the connection is enabled.
+Added in Windows 10, version 1607. Boolean that specifies whether the connection is enabled.
-
The default value is true.
+The default value is true.
-
Supported operations are Add, Get, Delete, and Replace.
+Supported operations are Add, Get, Delete, and Replace.
**EnterpriseAPN/*ConnectionName*/Roaming**
-
Added in Windows 10, version 1703. Specifies whether the connection should be activated when the device is roaming. Valid values:
+Added in Windows 10, version 1703. Specifies whether the connection should be activated when the device is roaming. Valid values are:
-
Value type is string. Supported operations are Add, Get, Delete, and Replace.
+Value type is string.
+Supported operations are Add, Get, Delete, and Replace.
**EnterpriseAPN/Settings**
-
Added in Windows 10, version 1607. Node that contains global settings.
+Added in Windows 10, version 1607. Node that contains global settings.
**EnterpriseAPN/Settings/AllowUserControl**
-
Added in Windows 10, version 1607. Boolean value that specifies whether the cellular UX will allow users to connect with other APNs other than the Enterprise APN.
+Added in Windows 10, version 1607. Boolean value that specifies whether the cellular UX will allow users to connect with other APNs other than the Enterprise APN.
-
The default value is false.
+The default value is false.
-
Supported operations are Get and Replace.
+Supported operations are Get and Replace.
**EnterpriseAPN/Settings/HideView**
-
Added in Windows 10, version 1607. Boolean that specifies whether the cellular UX will allow the user to view enterprise APNs. Only applicable if AllowUserControl is true.
+Added in Windows 10, version 1607. Boolean that specifies whether the cellular UX will allow the user to view enterprise APNs. Only applicable if AllowUserControl is true.
-
The default value is false.
+The default value is false.
-
Supported operations are Get and Replace.
+Supported operations are Get and Replace.
## Examples
@@ -290,15 +298,4 @@ atomicZ
## Related topics
-
[Configuration service provider reference](configuration-service-provider-reference.md)
-
-
-
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/enterpriseapn-ddf.md b/windows/client-management/mdm/enterpriseapn-ddf.md
index 60e6f5ba4a..2e81ae80fd 100644
--- a/windows/client-management/mdm/enterpriseapn-ddf.md
+++ b/windows/client-management/mdm/enterpriseapn-ddf.md
@@ -1,7 +1,6 @@
---
title: EnterpriseAPN DDF
description: Learn about the OMA DM device description framework (DDF) for the EnterpriseAPN configuration service provider (CSP).
-ms.assetid: A953ADEF-4523-425F-926C-48DA62EB9E21
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,7 +13,6 @@ ms.date: 12/05/2017
# EnterpriseAPN DDF
-
This topic shows the OMA DM device description framework (DDF) for the **EnterpriseAPN** configuration service provider. DDF files are used only with OMA DM provisioning XML.
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
diff --git a/windows/client-management/mdm/enterpriseappmanagement-csp.md b/windows/client-management/mdm/enterpriseappmanagement-csp.md
deleted file mode 100644
index b59fc137e1..0000000000
--- a/windows/client-management/mdm/enterpriseappmanagement-csp.md
+++ /dev/null
@@ -1,534 +0,0 @@
----
-title: EnterpriseAppManagement CSP
-description: Handle enterprise application management tasks using EnterpriseAppManagement configuration service provider (CSP).
-ms.assetid: 698b8bf4-652e-474b-97e4-381031357623
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: dansimp
-ms.date: 06/26/2017
----
-
-# EnterpriseAppManagement CSP
-
-
-The EnterpriseAppManagement enterprise configuration service provider is used to handle enterprise application management tasks such as installing an enterprise application token, the first auto-downloadable app link, querying installed enterprise applications (name and version), auto updating already installed enterprise applications, and removing all installed enterprise apps (including the enterprise app token) during unenrollment.
-
-> [!NOTE]
-> The EnterpriseAppManagement CSP is only supported in Windows 10 IoT Core.
-
-
-The following example shows the EnterpriseAppManagement configuration service provider in tree format.
-
-```console
-./Vendor/MSFT
-EnterpriseAppManagement
-----EnterpriseID
---------EnrollmentToken
---------StoreProductID
---------StoreUri
---------CertificateSearchCriteria
---------Status
---------CRLCheck
---------EnterpriseApps
-------------Inventory
-----------------ProductID
---------------------Version
---------------------Title
---------------------Publisher
---------------------InstallDate
-------------Download
-----------------ProductID
---------------------Version
---------------------Name
---------------------URL
---------------------Status
---------------------LastError
---------------------LastErrorDesc
---------------------DownloadInstall
-```
-
-***EnterpriseID***
-Optional. A dynamic node that represents the EnterpriseID as a GUID. It's used to enroll or unenroll enterprise applications.
-
-Supported operations are Add, Delete, and Get.
-
-***EnterpriseID*/EnrollmentToken**
-Required. Used to install or update the binary representation of the application enrollment token (AET) and initiate "phone home" token validation. Scope is dynamic.
-
-Supported operations are Get, Add, and Replace.
-
-***EnterpriseID*/StoreProductID**
-Required. The node to host the ProductId node. Scope is dynamic.
-
-Supported operation is Get.
-
-**/StoreProductID/ProductId**
-The character string that contains the ID of the first enterprise application (usually a Company Hub app), which is automatically installed on the device. Scope is dynamic.
-
-Supported operations are Get and Add.
-
-***EnterpriseID*/StoreUri**
-Optional. The character string that contains the URI of the first enterprise application to be installed on the device. The enrollment client downloads and installs the application from this URI. Scope is dynamic.
-
-Supported operations are Get and Add.
-
-***EnterpriseID*/CertificateSearchCriteria**
-Optional. The character string that contains the search criteria to search for the DM-enrolled client certificate. The certificate is used for client authentication during enterprise application download. The company's application content server should use the enterprise-enrolled client certificate to authenticate the device. The value must be a URL encoded representation of the X.500 distinguished name of the client certificates Subject property. The X.500 name must conform to the format required by the [CertStrToName](/windows/win32/api/wincrypt/nf-wincrypt-certstrtonamea) function. This search parameter is case sensitive. Scope is dynamic.
-
-Supported operations are Get and Add.
-
-> [!NOTE]
-> Do NOT use Subject=CN%3DB1C43CD0-1624-5FBB-8E54-34CF17DFD3A1\\x00. The server must replace this value in the supplied client certificate. If your server returns a client certificate containing the same Subject value, this can cause unexpected behavior. The server should always override the subject value and not use the default device-provided Device ID Subject= Subject=CN%3DB1C43CD0-1624-5FBB-8E54-34CF17DFD3A1\\x00
-
-
-
-***EnterpriseID*/Status**
-Required. The integer value that indicates the current status of the application enrollment. Valid values are 0 (ENABLED), 1 (INSTALL\_DISABLED), 2 (REVOKED), and 3 (INVALID). Scope is dynamic.
-
-Supported operation is Get.
-
-***EnterpriseID*/CRLCheck**
-Optional. Character value that specifies whether the device should do a CRL check when using a certificate to authenticate the server. Valid values are "1" (CRL check required), "0" (CRL check not required). Scope is dynamic.
-
-Supported operations are Get, Add, and Replace.
-
-***EnterpriseID*/EnterpriseApps**
-Required. The root node to for individual enterprise application related settings. Scope is dynamic (this node is automatically created when EnterpriseID is added to the configuration service provider).
-
-Supported operation is Get.
-
-**/EnterpriseApps/Inventory**
-Required. The root node for individual enterprise application inventory settings. Scope is dynamic (this node is automatically created when EnterpriseID is added to the configuration service provider).
-
-Supported operation is Get.
-
-**/Inventory/***ProductID*
-Optional. A node that contains s single enterprise application product ID in GUID format. Scope is dynamic.
-
-Supported operation is Get.
-
-**/Inventory/*ProductID*/Version**
-Required. The character string that contains the current version of the installed enterprise application. Scope is dynamic.
-
-Supported operation is Get.
-
-**/Inventory/*ProductID*/Title**
-Required. The character string that contains the name of the installed enterprise application. Scope is dynamic.
-
-Supported operation is Get.
-
-**/Inventory/*ProductID*/Publisher**
-Required. The character string that contains the name of the publisher of the installed enterprise application. Scope is dynamic.
-
-Supported operation is Get.
-
-**/Inventory/*ProductID*/InstallDate**
-Required. The time (in the character format YYYY-MM-DD-HH:MM:SS) that the application was installed or updated. Scope is dynamic.
-
-Supported operation is Get.
-
-**/EnterpriseApps/Download**
-Required. This node groups application download-related parameters. The enterprise server can only automatically update currently installed enterprise applications. The end user controls which enterprise applications to download and install. Scope is dynamic.
-
-Supported operation is Get.
-
-**/Download/***ProductID*
-Optional. This node contains the GUID for the installed enterprise application. Each installed application has a unique ID. Scope is dynamic.
-
-Supported operations are Get, Add, and Replace.
-
-**/Download/*ProductID*/Version**
-Optional. The character string that contains version information (set by the caller) for the application currently being downloaded. Scope is dynamic.
-
-Supported operations are Get, Add, and Replace.
-
-**/Download/*ProductID*/Name**
-Required. The character string that contains the name of the installed application. Scope is dynamic.
-
-Supported operation is Get.
-
-**/Download/*ProductID*/URL**
-Optional. The character string that contains the URL for the updated version of the installed application. The device will download application updates from this link. Scope is dynamic.
-
-Supported operations are Get, Add, and Replace.
-
-**/Download/*ProductID*/Status**
-Required. The integer value that indicates the status of the current download process. The following table shows the possible values.
-
-|Value|Description|
-|--- |--- |
-|0: CONFIRM|Waiting for confirmation from user.|
-|1: QUEUED|Waiting for download to start.|
-|2: DOWNLOADING|In the process of downloading.|
-|3: DOWNLOADED|Waiting for installation to start.|
-|4: INSTALLING|Handed off for installation.|
-|5: INSTALLED|Successfully installed|
-|6: FAILED|Application was rejected (not signed properly, bad XAP format, not enrolled properly, etc.)|
-|7:DOWNLOAD_FAILED|Unable to connect to server, file doesn't exist, etc.|
-
-Scope is dynamic. Supported operations are Get, Add, and Replace.
-
-**/Download/*ProductID*/LastError**
-Required. The integer value that indicates the HRESULT of the last error code. If there are no errors, the value is 0 (S\_OK). Scope is dynamic.
-
-Supported operation is Get.
-
-**/Download/*ProductID*/LastErrorDesc**
-Required. The character string that contains the human readable description of the last error code.
-
-**/Download/*ProductID*/DownloadInstall**
-Required. The node to allow the server to trigger the download and installation for an updated version of the user installed application. The format for this node is null. The server must query the device later to determine the status. For each product ID, the status field is retained for up to one week. Scope is dynamic.
-
-Supported operation is Exec.
-
-## Remarks
-
-
-### Install and Update Line of Business (LOB) applications
-
-A workplace can automatically install and update Line of Business applications during a management session. Line of Business applications support various file types including XAP (8.0 and 8.1), AppX, and AppXBundles. A workplace can also update applications from XAP file formats to Appx and AppxBundle formats through the same channel. For more information, see the Examples section.
-
-### Uninstall Line of Business (LOB) applications
-
-A workplace can also remotely uninstall Line of Business applications on the device. It's not possible to use this mechanism to uninstall Store applications on the device or Line of Business applications that aren't installed by the enrolled workplace (for side-loaded application scenarios). For more information, see the Examples section.
-
-### Query installed Store application
-
-You can determine if a Store application is installed on a system. First, you need the Store application GUID. You can get the Store application GUID by going to the URL for the Store application.
-
-The Microsoft Store application has a GUID of d5dc1ebb-a7f1-df11-9264-00237de2db9e.
-
-Use the following SyncML format to query to see if the application is installed on a managed device:
-
-```xml
-
- 1
-
-
- ./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory/%7B D5DC1EBB-A7F1-DF11-9264-00237DE2DB9E%7D
-
-
-
-```
-
-Response from the device (it contains list of subnodes if this app is installed in the device).
-
-```xml
-
- 3
- 1
- 2
-
-
-
- ./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory/%7B D5DC1EBB-A7F1-DF11-9264-00237DE2DB9E%7D
-
-
- node
-
-
-Version/Title/Publisher/InstallDate
-
-
-```
-
-### Node Values
-
-All node values under the ProviderID interior node represent the policy values that the management server wants to set.
-
-- An Add or Replace command on those nodes returns success in both of the following cases:
-
- - The value is applied to the device.
-
- - The value isn’t applied to the device because the device has a more secure value set already.
-
-From a security perspective, the device complies with the policy request that is at least as secure as the one requested.
-
-- A Get command on those nodes returns the value that the server pushes down to the device.
-
-- If a Replace command fails, the node value is set to be the previous value before Replace command was applied.
-
-- If an Add command fails, the node isn't created.
-
-The value applied to the device can be queried via the nodes under the DeviceValue interior node.
-
-## OMA DM examples
-
-
-Enroll enterprise ID “4000000001” for the first time:
-
-```xml
-
- 2
-
-
- ./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnrollmentToken
-
-
- chr
-
- InsertTokenHere
-
-
-
- ./Vendor/MSFT/EnterpriseAppManagement/4000000001/CertificateSearchCriteria
-
-
-
- chr
-
- SearchCriteriaInsertedHere
-
-
-```
-
-Update the enrollment token (for example, to update an expired application enrollment token):
-
-```xml
-
- 2
-
-
- ./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnrollmentToken
-
-
- chr
-
- InsertUpdaedTokenHere
-
-
-```
-
-Query all installed applications that belong to enterprise ID “4000000001”:
-
-```xml
-
- 2
-
-
-
- ./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory?list=StructData
-
-
-
-
-```
-
-Response from the device (that contains two installed applications):
-
-```xml
-
- 3
- 1
- 2
-
-
-
- ./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory
-
-
-
- node
-
-
-
-
-
-
-./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory/%7BB316008A-141D-4A79-810F-8B764C4CFDFB%7D
-
-
-
- node
-
-
-
-
-
-
-./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory/%7BB0322158-C3C2-44EB-8A31-D14A9FEC450E%7D
-
-
-
- node
-
-
-
-
-
-
-./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory/%7BB0322158-C3C2-44EB-8A31-D14A9FEC450E%7D/Version
-
-
- 1.0.0.0
-
-
-
-
-./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory/%7BB0322158-C3C2-44EB-8A31-D14A9FEC450E%7D/Title
-
-
- Sample1
-
-
-
-
-./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory/%7BB0322158-C3C2-44EB-8A31-D14A9FEC450E%7D/Publisher
-
-
- ExamplePublisher
-
-
-
-
-./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory/%7BB0322158-C3C2-44EB-8A31-D14A9FEC450E%7D/InstallDate
-
-
- 2012-10-30T21:09:52Z
-
-
-
-
-./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory/%7BB0322158-C3C2-44EB-8A31-D14A9FEC450E%7D/Version
-
-
- 1.0.0.0
-
-
-
-
-./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory/%7BB0322158-C3C2-44EB-8A31-D14A9FEC450E%7D/Title
-
-
- Sample2
-
-
-
-
-./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory/%7BB0322158-C3C2-44EB-8A31-D14A9FEC450E%7D/Publisher
-
-
- Contoso
-
-
-
-
-./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory/%7BB0322158-C3C2-44EB-8A31-D14A9FEC450E%7D/InstallDate
-
-
- 2012-10-31T21:23:31Z
-
-
-```
-
-## Install and update an enterprise application
-
-
-Install or update the installed app with the product ID “{B316008A-141D-4A79-810F-8B764C4CFDFB}”.
-
-To perform an XAP update, create the Name, URL, Version, and DownloadInstall nodes first, then perform an “execute” on the “DownloadInstall” node (all within an “Atomic” operation). If the application doesn't exist, the application will be silently installed without any user interaction. If the application can't be installed, the user will be notified with an Alert dialog.
-
-> [!NOTE]
-> - If a previous app-update node existed for this product ID (the node can persist for up to 1 week or 7 days after an installation has completed), then a 418 (already exist) error would be returned on the “Add”. To get around the 418 error, the server should issue a Replace command for the Name, URL, and Version nodes, and then execute on the “DownloadInstall” (within an “Atomic” operation).
->
-> - The application product ID curly braces need to be escaped where { is %7B and } is %7D.
-
-
-
-```xml
-
- 2
-
-
- 3
-
-
-
-./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Download/%7BB316008A-141D-4A79-810F-8B764C4CFDFB%7D/Name
-
-
-
- chr
-
- ContosoApp1
-
-
-
-
-./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Download/%7BB316008A-141D-4A79-810F-8B764C4CFDFB%7D/URL
-
-
-
- chr
-
- http://contoso.com/enterpriseapps/ContosoApp1.xap
-
-
-
-
-./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Download/%7BB316008A-141D-4A79-810F-8B764C4CFDFB%7D/Version
-
-
- chr
-
- 2.0.0.0
-
-
-
-
-./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Download%7BB316008A-141D-4A79-810F-8B764C4CFDFB%7D/DownloadInstall
-
-
- 1
-
-
-
- 4
-
-
-
-./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Download/%7BB316008A-141D-4A79-810F-8B764C4CFDFB%7D/DownloadInstall
-
-
-
- int
-
- 0
-
-
-
-```
-
-## Uninstall enterprise application
-
-
-Uninstall an installed enterprise application with product ID “{7BB316008A-141D-4A79-810F-8B764C4CFDFB }”:
-
-```xml
-
-
-
- 2
-
-
- ./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory/%7BB316008A-141D-4A79-810F-8B764C4CFDFB%7D
-
-
-
-
-
-
-```
-
-## Related topics
-
-
-[Configuration service provider reference](configuration-service-provider-reference.md)
-
-
-
diff --git a/windows/client-management/mdm/enterpriseappvmanagement-csp.md b/windows/client-management/mdm/enterpriseappvmanagement-csp.md
index 5833aa9062..b2a5361647 100644
--- a/windows/client-management/mdm/enterpriseappvmanagement-csp.md
+++ b/windows/client-management/mdm/enterpriseappvmanagement-csp.md
@@ -1,6 +1,6 @@
---
title: EnterpriseAppVManagement CSP
-description: Examine the tree format for EnterpriseAppVManagement CSP to manage virtual applications in Windows 10 PCs.(Enterprise and Education editions).
+description: Examine the tree format for EnterpriseAppVManagement CSP to manage virtual applications in Windows 10 or Windows 11 PCs. (Enterprise and Education editions).
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -13,7 +13,18 @@ manager: dansimp
# EnterpriseAppVManagement CSP
-The EnterpriseAppVManagement configuration service provider (CSP) is used to manage virtual applications in Windows 10 PCs (Enterprise and Education editions). This CSP was added in Windows 10, version 1703.
+The table below shows the applicability of Windows:
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Windows SE|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+The EnterpriseAppVManagement configuration service provider (CSP) is used to manage virtual applications in Windows 10 or Windows 11 PCs (Enterprise and Education editions). This CSP was added in Windows 10, version 1703.
The following shows the EnterpriseAppVManagement configuration service provider in tree format.
```
@@ -45,68 +56,98 @@ EnterpriseAppVManagement
------------Policy
```
**./Vendor/MSFT/EnterpriseAppVManagement**
-
Root node for the EnterpriseAppVManagement configuration service provider.
+Root node for the EnterpriseAppVManagement configuration service provider.
**AppVPackageManagement**
-
Used to query App-V package information (post-publish).
+Used to query App-V package information (post-publish).
**AppVPackageManagement/EnterpriseID**
-
Used to query package information. Value is always "HostedInstall".
+Used to query package information. Value is always "HostedInstall".
**AppVPackageManagement/EnterpriseID/PackageFamilyName**
-
Package ID of the published App-V package.
+Package ID of the published App-V package.
**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName***
-
Version ID of the published App-V package.
+Version ID of the published App-V package.
**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/Name**
-
Name specified in the published AppV package.
-
Value type is string. Supported operation is Get.
+Name specified in the published AppV package.
+
+Value type is string.
+
+Supported operation is Get.
**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/Version**
-
Version specified in the published AppV package.
-
Value type is string. Supported operation is Get.
+Version specified in the published AppV package.
+
+Value type is string.
+
+Supported operation is Get.
**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/Publisher**
-
Publisher as specified in the published asset information of the AppV package.
-
Value type is string. Supported operation is Get.
+Publisher as specified in the published asset information of the AppV package.
+
+Value type is string.
+
+Supported operation is Get.
**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/InstallLocation**
-
Local package path specified in the published asset information of the AppV package.
-
Value type is string. Supported operation is Get.
+Local package path specified in the published asset information of the AppV package.
+
+Value type is string.
+
+Supported operation is Get.
**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/InstallDate**
-
Date the app was installed, as specified in the published asset information of the AppV package.
-
Value type is string. Supported operation is Get.
+Date the app was installed, as specified in the published asset information of the AppV package.
+
+Value type is string.
+
+Supported operation is Get.
**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/Users**
-
Registered users for app, as specified in the published asset information of the AppV package.
-
Value type is string. Supported operation is Get.
+Registered users for app, as specified in the published asset information of the AppV package.
+
+Value type is string.
+
+Supported operation is Get.
**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/AppVPackageId**
-
Package ID of the published App-V package.
-
Value type is string. Supported operation is Get.
+ Package ID of the published App-V package.
+
+Value type is string.
+
+Supported operation is Get.
**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/AppVVersionId**
-
Version ID of the published App-V package.
-
Value type is string. Supported operation is Get.
+Version ID of the published App-V package.
+
+Value type is string.
+
+Supported operation is Get.
**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/AppVPackageUri**
-
Package URI of the published App-V package.
-
Value type is string. Supported operation is Get.
+Package URI of the published App-V package.
+
+Value type is string.
+
+Supported operation is Get.
**AppVPublishing**
-
Used to monitor publishing operations on App-V.
+Used to monitor publishing operations on App-V.
**AppVPublishing/LastSync**
-
Used to monitor publishing status of last sync operation.
+Used to monitor publishing status of last sync operation.
**AppVPublishing/LastSync/LastError**
-
Error code and error description of last sync operation.
-
Value type is string. Supported operation is Get.
+Error code and error description of last sync operation.
+
+Value type is string.
+
+Supported operation is Get.
**AppVPublishing/LastSync/LastErrorDescription**
-
Last sync error status. One of the following values may be returned:
+Last sync error status. One of the following values may be returned:
- SYNC\_ERR_NONE (0) - No errors during publish.
- SYNC\_ERR\_UNPUBLISH_GROUPS (1) - Unpublish groups failed during publish.
@@ -116,10 +157,12 @@ EnterpriseAppVManagement
- SYNC\_ERR\_NEW_POLICY_WRITE (5) - New policy write failed during publish.
- SYNC\_ERR\_MULTIPLE\_DURING_PUBLISH (6) - Multiple non-fatal errors occurred during publish.
-
Value type is string. Supported operation is Get.
+Value type is string.
+
+Supported operation is Get.
**AppVPublishing/LastSync/SyncStatusDescription**
-
Latest sync in-progress stage. One of the following values may be returned:
+Latest sync in-progress stage. One of the following values may be returned:
- SYNC\_PROGRESS_IDLE (0) - App-V publishing is idle.
- SYNC\_PROGRESS\_UNPUBLISH_GROUPS (1) - App-V connection groups publish in progress.
@@ -127,9 +170,12 @@ EnterpriseAppVManagement
- SYNC\_PROGRESS\_PUBLISH\_GROUP_PACKAGES (3) - App-V packages (connection group) publish in progress.
- SYN\C_PROGRESS_UNPUBLISH_PACKAGES (4) - App-V packages unpublish in progress.
-
Value type is string. Supported operation is Get.
+Value type is string.
-AppVPublishing/LastSync/SyncProgress
Latest sync state. One of the following values may be returned:
+Supported operation is Get.
+
+**AppVPublishing/LastSync/SyncProgress**
+Latest sync state. One of the following values may be returned:
- SYNC\_STATUS_IDLE (0) - App-V Sync is idle.
- SYNC\_STATUS\_PUBLISH_STARTED (1) - App-V Sync is initializing.
@@ -137,22 +183,30 @@ EnterpriseAppVManagement
- SYNC\_STATUS\_PUBLISH\_COMPLETED (3) - App-V Sync is complete.
- SYNC\_STATUS\_PUBLISH\_REBOOT_REQUIRED (4) - App-V Sync requires device reboot.
-
Value type is string. Supported operation is Get.
+Value type is string.
+
+Supported operation is Get.
**AppVPublishing/Sync**
-
Used to perform App-V synchronization.
+Used to perform App-V synchronization.
**AppVPublishing/Sync/PublishXML**
-
Supported operations are Get, Delete, and Execute.
-
+Used to execute the App-V synchronization using the Publishing protocol. For more information about the protocol,, see [[MS-VAPR]: Virtual Application Publishing and Reporting (App-V) Protocol](/openspecs/windows_protocols/ms-vapr/a05e030d-4fb9-4c8d-984b-971253b62be8).
+Supported operations are Get, Delete, and Execute.
**AppVDynamicPolicy**
-
Used to set App-V Policy Configuration documents for publishing packages.
+Used to set App-V Policy Configuration documents for publishing packages.
**AppVDynamicPolicy/*ConfigurationId***
-
ID for App-V Policy Configuration document for publishing packages (referenced in the Publishing protocol document).
+ID for App-V Policy Configuration document for publishing packages (referenced in the Publishing protocol document).
**AppVDynamicPolicy/*ConfigurationId*/Policy**
-
XML for App-V Policy Configuration documents for publishing packages.
-
Value type is xml. Supported operations are Add, Get, Delete, and Replace.
\ No newline at end of file
+XML for App-V Policy Configuration documents for publishing packages.
+
+Value type is xml.
+
+Supported operations are Add, Get, Delete, and Replace.
+
+## Related topics
+
+[Configuration service provider reference](configuration-service-provider-reference.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/enterprisedataprotection-csp.md b/windows/client-management/mdm/enterprisedataprotection-csp.md
index d8ec6f71d5..2c237eb14f 100644
--- a/windows/client-management/mdm/enterprisedataprotection-csp.md
+++ b/windows/client-management/mdm/enterprisedataprotection-csp.md
@@ -1,6 +1,6 @@
---
title: EnterpriseDataProtection CSP
-description: The EnterpriseDataProtection configuration service provider (CSP) configures Windows Information Protection (formerly, Enterprise Data Protection) settings.
+description: Learn how the EnterpriseDataProtection configuration service provider (CSP) configures Windows Information Protection (formerly, Enterprise Data Protection) settings.
ms.assetid: E2D4467F-A154-4C00-9208-7798EF3E25B3
ms.reviewer:
manager: dansimp
@@ -14,20 +14,28 @@ ms.date: 08/09/2017
# EnterpriseDataProtection CSP
+The table below shows the applicability of Windows:
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
The EnterpriseDataProtection configuration service provider (CSP) is used to configure settings for Windows Information Protection (WIP), formerly known as Enterprise Data Protection. For more information about WIP, see [Protect your enterprise data using Windows Information Protection (WIP)](/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip).
-> [!Note]
-> To make WIP functional, the AppLocker CSP and the network isolation-specific settings must also be configured. For more information, see [AppLocker CSP](applocker-csp.md) and NetworkIsolation policies in [Policy CSP](policy-configuration-service-provider.md).
-> - This CSP was added in Windows 10, version 1607.
+> [!NOTE]
+> To make Windows Information Protection functional, the AppLocker CSP and the network isolation-specific settings must also be configured. For more information, see [AppLocker CSP](applocker-csp.md) and NetworkIsolation policies in [Policy CSP](policy-configuration-service-provider.md).
-
+While Windows Information Protection has no hard dependency on VPN, for best results you should configure VPN profiles first before you configure the WIP policies. For VPN best practice recommendations, see [VPNv2 CSP](vpnv2-csp.md).
-While WIP has no hard dependency on VPN, for best results you should configure VPN profiles first before you configure the WIP policies. For VPN best practice recommendations, see [VPNv2 CSP](vpnv2-csp.md).
+To learn more about Windows Information Protection, see the following articles:
-To learn more about WIP, see the following articles:
-
-- [Create a Windows Information Protection (WIP) policy](/windows/security/information-protection/windows-information-protection/overview-create-wip-policy)
-- [General guidance and best practices for Windows Information Protection (WIP)](/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip)
+- [Create a Windows Information Protection (WIP) policy](/windows/security/information-protection/windows-information-protection/overview-create-wip-policy)
+- [General guidance and best practices for Windows Information Protection (WIP)](/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip)
The following example shows the EnterpriseDataProtection CSP in tree format.
@@ -53,31 +61,33 @@ The root node for the CSP.
The root node for the Windows Information Protection (WIP) configuration settings.
**Settings/EDPEnforcementLevel**
-Set the WIP enforcement level. Setting this value isn't sufficient to enable WIP on the device. Attempts to change this value will fail when the WIP cleanup is running.
+Set the WIP enforcement level.
+
+> [!NOTE]
+> Setting this value isn't sufficient to enable Windows Information Protection on the device. Attempts to change this value will fail when the WIP cleanup is running.
The following list shows the supported values:
-- 0 (default) – Off / No protection (decrypts previously protected data).
-- 1 – Silent mode (encrypt and audit only).
-- 2 – Allow override mode (encrypt, prompt and allow overrides, and audit).
-- 3 – Hides overrides (encrypt, prompt but hide overrides, and audit).
+- 0 (default) – Off / No protection (decrypts previously protected data).
+- 1 – Silent mode (encrypt and audit only).
+- 2 – Allow override mode (encrypt, prompt and allow overrides, and audit).
+- 3 – Hides overrides (encrypt, prompt but hide overrides, and audit).
Supported operations are Add, Get, Replace, and Delete. Value type is integer.
**Settings/EnterpriseProtectedDomainNames**
-A list of domains used by the enterprise for its user identities separated by pipes ("|").The first domain in the list must be the primary enterprise ID, that is, the one representing the managing authority for WIP. User identities from one of these domains is considered an enterprise managed account and data associated with it should be protected. For example, the domains for all email accounts owned by the enterprise would be expected to appear in this list. Attempts to change this value will fail when the WIP cleanup is running.
+A list of domains used by the enterprise for its user identities separated by pipes ("|"). The first domain in the list must be the primary enterprise ID, that is, the one representing the managing authority for Windows Information Protection. User identities from one of these domains is considered an enterprise managed account and data associated with it should be protected. For example, the domains for all email accounts owned by the enterprise would be expected to appear in this list. Attempts to change this value will fail when the WIP cleanup is running.
Changing the primary enterprise ID isn't supported and may cause unexpected behavior on the client.
-> [!Note]
+> [!NOTE]
> The client requires domain name to be canonical, otherwise the setting will be rejected by the client.
-
Here are the steps to create canonical domain names:
-1. Transform the ASCII characters (A-Z only) to lowercase. For example, Microsoft.COM -> microsoft.com.
-2. Call [IdnToAscii](/windows/win32/api/winnls/nf-winnls-idntoascii) with IDN\_USE\_STD3\_ASCII\_RULES as the flags.
-3. Call [IdnToUnicode](/windows/win32/api/winnls/nf-winnls-idntounicode) with no flags set (dwFlags = 0).
+1. Transform the ASCII characters (A-Z only) to lowercase. For example, Microsoft.COM -> microsoft.com.
+2. Call [IdnToAscii](/windows/win32/api/winnls/nf-winnls-idntoascii) with IDN\_USE\_STD3\_ASCII\_RULES as the flags.
+3. Call [IdnToUnicode](/windows/win32/api/winnls/nf-winnls-idntounicode) with no flags set (dwFlags = 0).
Supported operations are Add, Get, Replace, and Delete. Value type is string.
@@ -89,8 +99,8 @@ Allows the user to decrypt files. If this is set to 0 (Not Allowed), then the us
The following list shows the supported values:
-- 0 – Not allowed.
-- 1 (default) – Allowed.
+- 0 – Not allowed.
+- 1 (default) – Allowed.
Most restricted value is 0.
@@ -231,20 +241,20 @@ For EFSCertificate KeyTag, it's expected to be a DER ENCODED binary certificate.
Supported operations are Add, Get, Replace, and Delete. Value type is base-64 encoded certificate.
**Settings/RevokeOnUnenroll**
-This policy controls whether to revoke the WIP keys when a device unenrolls from the management service. If set to 0 (Don't revoke keys), the keys won't be revoked and the user will continue to have access to protected files after unenrollment. If the keys aren't revoked, there will be no revoked file cleanup, later. Prior to sending the unenroll command, when you want a device to do a selective wipe when it's unenrolled, then you should explicitly set this policy to 1.
+This policy controls whether to revoke the Windows Information Protection keys when a device unenrolls from the management service. If set to 0 (Don't revoke keys), the keys won't be revoked and the user will continue to have access to protected files after unenrollment. If the keys aren't revoked, there will be no revoked file cleanup, later. Prior to sending the unenroll command, when you want a device to do a selective wipe when it's unenrolled, then you should explicitly set this policy to 1.
The following list shows the supported values:
-- 0 – Don't revoke keys.
-- 1 (default) – Revoke keys.
+- 0 – Don't revoke keys.
+- 1 (default) – Revoke keys.
Supported operations are Add, Get, Replace, and Delete. Value type is integer.
**Settings/RevokeOnMDMHandoff**
-Added in Windows 10, version 1703. This policy controls whether to revoke the WIP keys when a device upgrades from mobile application management (MAM) to MDM. If set to 0 (Don't revoke keys), the keys won't be revoked and the user will continue to have access to protected files after upgrade. This setting is recommended if the MDM service is configured with the same WIP EnterpriseID as the MAM service.
+Added in Windows 10, version 1703. This policy controls whether to revoke the Windows Information Protection keys when a device upgrades from mobile application management (MAM) to MDM. If set to 0 (Don't revoke keys), the keys won't be revoked and the user will continue to have access to protected files after upgrade. This setting is recommended if the MDM service is configured with the same WIP EnterpriseID as the MAM service.
-- 0 - Don't revoke keys
-- 1 (default) - Revoke keys
+- 0 - Don't revoke keys.
+- 1 (default) - Revoke keys.
Supported operations are Add, Get, Replace, and Delete. Value type is integer.
@@ -254,29 +264,29 @@ TemplateID GUID to use for Rights Management Service (RMS) encryption. The RMS t
Supported operations are Add, Get, Replace, and Delete. Value type is string (GUID).
**Settings/AllowAzureRMSForEDP**
-Specifies whether to allow Azure RMS encryption for WIP.
+Specifies whether to allow Azure RMS encryption for Windows Information Protection.
-- 0 (default) – Don't use RMS.
-- 1 – Use RMS.
+- 0 (default) – Don't use RMS.
+- 1 – Use RMS.
Supported operations are Add, Get, Replace, and Delete. Value type is integer.
**Settings/SMBAutoEncryptedFileExtensions**
-Added in Windows 10, version 1703. Specifies a list of file extensions, so that files with these extensions are encrypted when copying from a Server Message Block (SMB) share within the corporate boundary as defined in the Policy CSP nodes for NetworkIsolation/EnterpriseIPRange and NetworkIsolation/EnterpriseNetworkDomainNames. Use semicolon (;) delimiter in the list.
+Added in Windows 10, version 1703. Specifies a list of file extensions, so that files with these extensions are encrypted when copying from a Server Message Block (SMB) share within the corporate boundary as defined in the Policy CSP nodes for [NetworkIsolation/EnterpriseIPRange](policy-configuration-service-provider.md#networkisolation-enterpriseiprange) and [NetworkIsolation/EnterpriseNetworkDomainNames](policy-configuration-service-provider.md#networkisolation-enterprisenetworkdomainnames). Use semicolon (;) delimiter in the list.
When this policy isn't specified, the existing auto-encryption behavior is applied. When this policy is configured, only files with the extensions in the list will be encrypted.
Supported operations are Add, Get, Replace and Delete. Value type is string.
**Settings/EDPShowIcons**
-Determines whether overlays are added to icons for WIP protected files in Explorer and enterprise only app tiles on the **Start** menu. Starting in Windows 10, version 1703 this setting also configures the visibility of the WIP icon in the title bar of a WIP-protected app.
+Determines whether overlays are added to icons for WIP protected files in Explorer and enterprise only app tiles on the **Start** menu. Starting in Windows 10, version 1703 this setting also configures the visibility of the Windows Information Protection icon in the title bar of a WIP-protected app.
The following list shows the supported values:
-- 0 (default) - No WIP overlays on icons or tiles.
-- 1 - Show WIP overlays on protected files and apps that can only create enterprise content.
+- 0 (default) - No WIP overlays on icons or tiles.
+- 1 - Show WIP overlays on protected files and apps that can only create enterprise content.
Supported operations are Add, Get, Replace, and Delete. Value type is integer.
**Status**
-A read-only bit mask that indicates the current state of WIP on the Device. The MDM service can use this value to determine the current overall state of WIP. WIP is only on (bit 0 = 1) if WIP mandatory policies and WIP AppLocker settings are configured.
+A read-only bit mask that indicates the current state of Windows Information Protection on the Device. The MDM service can use this value to determine the current overall state of WIP. WIP is only on (bit 0 = 1) if WIP mandatory policies and WIP AppLocker settings are configured.
Suggested values:
@@ -284,25 +294,26 @@ Suggested values:
|--- |--- |--- |--- |--- |
|4|3|2|1|0|
-
-
Bit 0 indicates whether WIP is on or off.
Bit 1 indicates whether AppLocker WIP policies are set.
-Bit 3 indicates whether the mandatory WIP policies are configured. If one or more of the mandatory WIP policies aren't configured, the bit 3 is set to 0 (zero).
+Bit 3 indicates whether the mandatory Windows Information Protection policies are configured. If one or more of the mandatory WIP policies aren't configured, the bit 3 is set to 0 (zero).
-Here's the list of mandatory WIP policies:
+Here's the list of mandatory WIP policies:
-- EDPEnforcementLevel in EnterpriseDataProtection CSP
-- DataRecoveryCertificate in EnterpriseDataProtection CSP
-- EnterpriseProtectedDomainNames in EnterpriseDataProtection CSP
-- NetworkIsolation/EnterpriseIPRange in Policy CSP
-- NetworkIsolation/EnterpriseNetworkDomainNames in Policy CSP
+- EDPEnforcementLevel in EnterpriseDataProtection CSP
+- DataRecoveryCertificate in EnterpriseDataProtection CSP
+- EnterpriseProtectedDomainNames in EnterpriseDataProtection CSP
+- NetworkIsolation/EnterpriseIPRange in Policy CSP
+- NetworkIsolation/EnterpriseNetworkDomainNames in Policy CSP
Bits 2 and 4 are reserved for future use.
Supported operation is Get. Value type is integer.
-
+## Related topics
+
+[Configuration service provider reference](configuration-service-provider-reference.md)
+
diff --git a/windows/client-management/mdm/enterprisedataprotection-ddf-file.md b/windows/client-management/mdm/enterprisedataprotection-ddf-file.md
index 1b0ee74568..68e337c333 100644
--- a/windows/client-management/mdm/enterprisedataprotection-ddf-file.md
+++ b/windows/client-management/mdm/enterprisedataprotection-ddf-file.md
@@ -1,7 +1,6 @@
---
title: EnterpriseDataProtection DDF file
description: The following topic shows the OMA DM device description framework (DDF) for the EnterpriseDataProtection configuration service provider.
-ms.assetid: C6427C52-76F9-4EE0-98F9-DE278529D459
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md b/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md
index 13aead751f..4b5ab02de2 100644
--- a/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md
+++ b/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md
@@ -1,6 +1,6 @@
---
title: EnterpriseDesktopAppManagement CSP
-description: The EnterpriseDesktopAppManagement CSP handles enterprise desktop application management tasks, such as installing or removing applications.
+description: Learn how the EnterpriseDesktopAppManagement CSP handles enterprise desktop application management tasks, such as installing or removing applications.
ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5
ms.reviewer:
manager: dansimp
@@ -14,6 +14,16 @@ ms.date: 07/11/2017
# EnterpriseDesktopAppManagement CSP
+The table below shows the applicability of Windows:
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications.
@@ -96,8 +106,6 @@ Status of the application. Value type is string. Supported operation is Get.
| Enforcement Failed | 60 |
| Enforcement Completed | 70 |
-
-
**MSI/*ProductID*/LastError**
The last error code during the application installation process. This error code is typically stored as an HRESULT format. Depending on what was occurring when the error happened, this error could be the result of executing MSIExec.exe or the error result from an API that failed.
@@ -116,10 +124,8 @@ Added in the March service release of Windows 10, version 1607. A gateway (or de
Value type is string. Supported operation is Get.
-
## Examples
-
**SyncML to request CSP version information**
```xml
@@ -146,9 +152,7 @@ The following table describes the fields in the previous sample:
| CmdID | Input value used to reference the request. Responses will include this value that can be used to match request and response. |
| LocURI | Path to Win32 CSP command processor. |
-
-
-**SyncML to perform MSI operations for application uninstall**
+**SyncML to perform MSI operations for application uninstall:**
```xml
@@ -202,8 +206,6 @@ The following table describes the fields in the previous sample:
| CmdID | Input value used to reference the request. Responses will include this value that can be used to match request and response. |
| LocURI | Path to Win32 CSP command processor, including the Product ID (in this example, 1803A630-3C38-4D2B-9B9A-0CB37243539C) property escaped for XML formatting. |
-
-
**SyncML to perform MSI install operations for an application targeted to a specific user on the device. The Add command is required to precede the Exec command.**
```xml
@@ -268,9 +270,7 @@ The following table describes the fields in the previous sample:
> [!Note]
> Information status on the MSI job will be reported using standard OMA-DM notification mechanism. The status reported is represented using standard MSIEXEC return codes as HRESULT as defined in the MSIEXEC topic on Microsoft TechNet at [Msiexec (command-line options)](https://technet.microsoft.com/library/cc759262%28v=ws.10%29.aspx).
-
-
-**SyncML to perform MSI install operations for an application targeted to all users on the device (per-device installation)**
+**SyncML to perform MSI install operations for an application targeted to all users on the device (per-device installation):**
```xml
@@ -339,8 +339,6 @@ The following table MsiInstallJob describes the schema elements.
|RetryCount|The number of times the download and installation operation will be retried before the installation will be marked as failed.|
|RetryInterval|Amount of time, in minutes between retry operations.|
-
-
Here's an example of a common response to a request
```xml
@@ -369,7 +367,6 @@ Here's an example of a common response to a request
## How to determine which installation context to use for an MSI package
-
The following tables show how app targeting and MSI package type (per-user, per machine, or dual mode) are installed in the client.
For Intune standalone environment, the MSI package will determine the MSI execution context.
@@ -379,7 +376,7 @@ For Intune standalone environment, the MSI package will determine the MSI execut
|User|Install the MSI per-user LocURI contains a User prefix, such as ./User|Install the MSI per-device LocURI contains a Device prefix, such as ./Device|Install the MSI per-user LocURI contains a User prefix, such as ./User|
|System|Install the MSI per-user LocURI contains a User prefix, such as ./User|Install the MSI per-device LocURI contains a Device prefix, such as ./Device|Install the MSI per-user LocURI contains a User prefix, such as ./User|
-The following table applies to SCCM hybrid environment.
+The following table applies to Configuration Manager hybrid environment:
|Target|Per-user MSI|Per-machine MSI|Dual mode MSI|
|--- |--- |--- |--- |
@@ -388,22 +385,20 @@ The following table applies to SCCM hybrid environment.
## How to determine the package type from the MSI package
-
-- ALLUSERS="" - per-user package type
-- ALLUSERS=1 - per-machine package type
-- ALLUSERS=2, MSIINSTALLPERUSER=1 - dual mode package type
+- ALLUSERS="" - per-user package type
+- ALLUSERS=1 - per-machine package type
+- ALLUSERS=2, MSIINSTALLPERUSER=1 - dual mode package type
Properties can be specified in the package, passed through the command line, modified by a transform, or (more commonly) selected through a user interface dialog.
Here's a list of references:
-- [Using Windows Installer](/previous-versions/windows/it-pro/windows-server-2003/cc782896(v=ws.10))
-- [Authoring a single package for Per-User or Per-Machine Installation context in Windows 7](https://blogs.msdn.com/b/windows_installer_team/archive/2009/09/02/authoring-a-single-package-for-per-user-or-per-machine-installation-context-in-windows-7.aspx)
-- SyncML Representation Protocol, Draft Version 1.3 - 27 Aug 2009 (OMA-TS-SyncML\_RepPro-V1\_3-20090827-D)
+- [Using Windows Installer](/previous-versions/windows/it-pro/windows-server-2003/cc782896(v=ws.10))
+- [Authoring a single package for Per-User or Per-Machine Installation context in Windows 7](https://blogs.msdn.com/b/windows_installer_team/archive/2009/09/02/authoring-a-single-package-for-per-user-or-per-machine-installation-context-in-windows-7.aspx)
+- SyncML Representation Protocol, Draft Version 1.3 - 27 Aug 2009 (OMA-TS-SyncML\_RepPro-V1\_3-20090827-D)
## Alert example
-
```xml
4
@@ -421,3 +416,6 @@ Here's a list of references:
```
+## Related topics
+
+[Configuration service provider reference](configuration-service-provider-reference.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md b/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md
index 329d5cb253..0803a2e9ab 100644
--- a/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md
+++ b/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md
@@ -1,7 +1,6 @@
---
title: EnterpriseDesktopAppManagement DDF
description: This topic shows the OMA DM device description framework (DDF) for the EnterpriseDesktopAppManagement configuration service provider.
-ms.assetid: EF448602-65AC-4D59-A0E8-779876542FE3
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,7 +13,6 @@ ms.date: 06/26/2017
# EnterpriseDesktopAppManagement DDF
-
This topic shows the OMA DM device description framework (DDF) for the **EnterpriseDesktopAppManagement** configuration service provider.
DDF files are used only with OMA DM provisioning XML.
diff --git a/windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md b/windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md
index 097a08b4f8..c570ad096b 100644
--- a/windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md
+++ b/windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md
@@ -1,7 +1,6 @@
---
title: EnterpriseDesktopAppManagement XSD
description: This topic contains the XSD schema file for the EnterpriseDesktopAppManagement configuration service provider’s DownloadInstall parameter.
-ms.assetid: 60980257-4F48-4A68-8E8E-1EF0A3F090E2
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,7 +13,6 @@ ms.date: 06/26/2017
# EnterpriseDesktopAppManagement XSD
-
This topic contains the XSD schema file for the EnterpriseDesktopAppManagement configuration service provider’s DownloadInstall parameter.
```xml
diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
index 709013b0bd..7b616f1543 100644
--- a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
+++ b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
@@ -1,7 +1,6 @@
---
title: EnterpriseModernAppManagement CSP
description: Learn how the EnterpriseModernAppManagement configuration service provider (CSP) is used for the provisioning and reporting of modern enterprise apps.
-ms.assetid: 9DD0741A-A229-41A0-A85A-93E185207C42
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,6 +13,17 @@ ms.date: 11/19/2021
# EnterpriseModernAppManagement CSP
+The table below shows the applicability of Windows:
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
The EnterpriseModernAppManagement configuration service provider (CSP) is used for the provisioning and reporting of modern enterprise apps. For details about how to use this CSP to for reporting apps inventory, installation and removal of apps for users, provisioning apps to devices, and managing app licenses, see [Enterprise app management](enterprise-app-management.md).
> [!Note]
@@ -65,6 +75,7 @@ EnterpriseModernAppManagement
----------------AddLicense
----------------GetLicenseFromStore
```
+
**Device or User context**
For user context, use **./User/Vendor/MSFT** path and for device context, use **./Device/Vendor/MSFT** path.
@@ -212,16 +223,19 @@ Added in Windows 10, version 1809. Interior node for the managing updates throug
**AppManagement/AppStore/ReleaseManagement/_ReleaseManagementKey_**
Added in Windows 10, version 1809. Identifier for the app or set of apps. If there's only one app, it's the PackageFamilyName. If it's for a set of apps, it's the PackageFamilyName of the main app.
-
**AppManagement/AppStore/ReleaseManagement/_ReleaseManagementKey_/ChannelId**
Added in Windows 10, version 1809. Specifies the app channel ID.
-Value type is string. Supported operations are Add, Get, Replace, and Delete.
+Value type is string.
+
+Supported operations are Add, Get, Replace, and Delete.
**AppManagement/AppStore/ReleaseManagement/_ReleaseManagementKey_/ReleaseManagementId**
Added in Windows 10, version 1809. The IT admin can specify a release ID to indicate a specific release that they would like the user or device to be on.
-Value type is string. Supported operations are Add, Get, Replace, and Delete.
+Value type is string.
+
+Supported operations are Add, Get, Replace, and Delete.
**AppManagement/AppStore/ReleaseManagement/_ReleaseManagementKey_/EffectiveRelease**
Added in Windows 10, version 1809. Interior node used to specify the effective app release to use when multiple user policies are set on the device. The device policy or last user policy is used.
@@ -229,12 +243,16 @@ Added in Windows 10, version 1809. Interior node used to specify the effective a
**AppManagement/AppStore/ReleaseManagement/_ReleaseManagementKey_/EffectiveRelease/ChannelId**
Added in Windows 10, version 1809. Returns the last user channel ID on the device.
-Value type is string. Supported operation is Get.
+Value type is string.
+
+Supported operation is Get.
**AppManagement/AppStore/ReleaseManagement/_ReleaseManagementKey_/EffectiveRelease/ReleaseManagementId**
Added in Windows 10, version 1809. Returns the last user release ID on the device.
-Value type is string. Supported operation is Get.
+Value type is string.
+
+Supported operation is Get.
**.../***PackageFamilyName*
Optional. Package family name (PFN) of the app. There's one for each PFN on the device when reporting inventory. These items are rooted under their signing origin.
@@ -244,7 +262,6 @@ Supported operations are Get and Delete.
> [!Note]
> XAP files use a product ID in place of PackageFamilyName. Here's an example of XAP product ID (including the braces), {12345678-9012-3456-7890-123456789012}.
-
Here's an example for uninstalling an app:
```xml
@@ -274,22 +291,30 @@ Supported operations are Get and Delete.
**.../*PackageFamilyName*/*PackageFullName*/Name**
-Required. Name of the app. Value type is string.
+Required. Name of the app.
+
+Value type is string.
Supported operation is Get.
**.../*PackageFamilyName*/*PackageFullName*/Version**
-Required. Version of the app. Value type is string.
+Required. Version of the app.
+
+Value type is string.
Supported operation is Get.
**.../*PackageFamilyName*/*PackageFullName*/Publisher**
-Required. Publisher name of the app. Value type is string.
+Required. Publisher name of the app.
+
+Value type is string.
Supported operation is Get.
**.../*PackageFamilyName*/*PackageFullName*/Architecture**
-Required. Architecture of installed package. Value type is string.
+Required. Architecture of installed package.
+
+Value type is string.
> [!Note]
> Not applicable to XAP files.
@@ -297,7 +322,9 @@ Required. Architecture of installed package. Value type is string.
Supported operation is Get.
**.../*PackageFamilyName*/*PackageFullName*/InstallLocation**
-Required. Install location of the app on the device. Value type is string.
+Required. Install location of the app on the device.
+
+Value type is string.
> [!Note]
> Not applicable to XAP files.
@@ -313,12 +340,16 @@ Required. Whether or not the app is a framework package. Value type is int. The
Supported operation is Get.
**.../*PackageFamilyName*/*PackageFullName*/IsBundle**
-Required. The value is 1 if the package is an app bundle and 0 (zero) for all other cases. Value type is int.
+Required. The value is 1 if the package is an app bundle and 0 (zero) for all other cases.
+
+Value type is int.
Supported operation is Get.
**.../*PackageFamilyName*/*PackageFullName*/InstallDate**
-Required. Date the app was installed. Value type is string.
+Required. Date the app was installed.
+
+Value type is string.
Supported operation is Get.
@@ -331,13 +362,15 @@ Required. Resource ID of the app. This value is null for the main app, ~ for a b
Supported operation is Get.
**.../*PackageFamilyName*/*PackageFullName*/PackageStatus**
-Required. Provides information about the status of the package. Value type is int. Valid values are:
+Required. Provides information about the status of the package.
-- OK (0) - The package is usable.
-- LicenseIssue (1) - The license of the package isn't valid.
-- Modified (2) - The package payload was modified by an unknown source.
-- Tampered (4) - The package payload was tampered intentionally.
-- Disabled (8) - The package isn't available for use. It can still be serviced.
+Value type is int. Valid values are:
+
+- OK (0) - The package is usable.
+- LicenseIssue (1) - The license of the package isn't valid.
+- Modified (2) - The package payload was modified by an unknown source.
+- Tampered (4) - The package payload was tampered intentionally.
+- Disabled (8) - The package isn't available for use. It can still be serviced.
> [!Note]
> Not applicable to XAP files.
@@ -355,15 +388,17 @@ Supported operation is Get.
**.../*PackageFamilyName*/*PackageFullName*/Users**
Required. Registered users of the app and the package install state. If the query is at the device level, it returns all the registered users of the device. If you query the user context, it will only return the current user. Value type is string.
-- Not Installed = 0
-- Staged = 1
-- Installed = 2
-- Paused = 6
+- Not Installed = 0
+- Staged = 1
+- Installed = 2
+- Paused = 6
Supported operation is Get.
**.../*PackageFamilyName*/*PackageFullName*/IsProvisioned**
-Required. The value is 0 or 1 that indicates if the app is provisioned on the device. The value type is int.
+Required. The value is 0 or 1 that indicates if the app is provisioned on the device.
+
+The value type is int.
Supported operation is Get.
@@ -371,7 +406,9 @@ Supported operation is Get.
Added in Windows 10, version 2004.
Required. This node is used to identify whether the package is a stub package. A stub package is a version of the package with minimal functionality that will reduce the size of the app.
-The value is 1 if the package is a stub package and 0 (zero) for all other cases. Value type is int.
+The value is 1 if the package is a stub package and 0 (zero) for all other cases.
+
+Value type is int.
Supported operation is Get.
@@ -388,7 +425,9 @@ Added in Windows 10, version 1511. The *SettingValue* and data represent a key v
This setting only works for apps that support the feature and it's only supported in the user context.
-Value type is string. Supported operations are Add, Get, Replace, and Delete.
+Value type is string.
+
+Supported operations are Add, Get, Replace, and Delete.
The following example sets the value for the 'Server'
@@ -425,7 +464,9 @@ The following example gets all managed app settings for a specific app.
**.../_PackageFamilyName_/MaintainProcessorArchitectureOnUpdate**
Added in Windows 10, version 1803. Specify whether on an AMD64 device, across an app update, the architecture of the installed app must not change. For example if you have the x86 flavor of a Windows app installed, with this setting enabled, across an update, the x86 flavor will be installed even when x64 flavor is available.
-Supported operations are Add, Get, Delete, and Replace. Value type is integer.
+Supported operations are Add, Get, Delete, and Replace.
+
+Value type is integer.
Expected Behavior on an AMD64 machine that has x86 flavor of an app installed (Most restrictive wins).
@@ -443,11 +484,14 @@ This setting allows the IT admin to set an app to be nonremovable, or unable to
NonRemovable requires admin permission. This setting can only be defined per device, not per user. You can query the setting using AppInventoryQuery or AppInventoryResults.
-Value type is integer. Supported operations are Add, Get, and Replace.
+Value type is integer.
+
+Supported operations are Add, Get, and Replace.
Valid values:
-- 0 – app isn't in the nonremovable app policy list
-- 1 – app is included in the nonremovable app policy list
+
+- 0 – app isn't in the nonremovable app policy list
+- 1 – app is included in the nonremovable app policy list
**Examples:**
@@ -526,7 +570,6 @@ Supported operations are Get and Add.
> [!Note]
> XAP files use a product ID in place of PackageFamilyName. Here's an example of XAP product ID (including the braces), {12345678-9012-3456-7890-123456789012}.
-
**AppInstallation/*PackageFamilyName*/StoreInstall**
Required. Command to perform an install of an app and a license from the Microsoft Store.
@@ -535,7 +578,8 @@ Supported operation is Execute, Add, Delete, and Get.
**AppInstallation/*PackageFamilyName*/HostedInstall**
Required. Command to perform an install of an app package from a hosted location (this location can be a local drive, a UNC, or https data source).
-The following list shows the supported deployment options:
+The following list shows the supported deployment options:
+
- ForceApplicationShutdown
- DevelopmentMode
- InstallAllResources
@@ -557,8 +601,6 @@ Supported operation is Get.
> [!Note]
> This element isn't present after the app is installed.
-
-
**AppInstallation/*PackageFamilyName*/LastErrorDesc**
Required. Description of last error relating to the app installation.
@@ -567,14 +609,13 @@ Supported operation is Get.
> [!Note]
> This element isn't present after the app is installed.
-
**AppInstallation/*PackageFamilyName*/Status**
Required. Status of app installation. The following values are returned:
-- NOT\_INSTALLED (0) - The node was added, but the execution hasn't completed.
-- INSTALLING (1) - Execution has started, but the deployment hasn't completed. If the deployment completes regardless of success, this value is updated.
-- FAILED (2) - Installation failed. The details of the error can be found under LastError and LastErrorDescription.
-- INSTALLED (3) - Once an install is successful this node is cleaned up, however in the event the clean-up action hasn't completed, this state may briefly appear.
+- NOT\_INSTALLED (0) - The node was added, but the execution hasn't completed.
+- INSTALLING (1) - Execution has started, but the deployment hasn't completed. If the deployment completes regardless of success, this value is updated.
+- FAILED (2) - Installation failed. The details of the error can be found under LastError and LastErrorDescription.
+- INSTALLED (3) - Once an install is successful this node is cleaned up, however in the event the clean-up action hasn't completed, this state may briefly appear.
Supported operation is Get.
@@ -590,7 +631,6 @@ Supported operation is Get.
> [!Note]
> This element isn't present after the app is installed.
-
**AppLicenses**
Required node. Used to manage licenses for app scenarios.
@@ -603,23 +643,23 @@ Optional node. License ID for a store installed app. The license ID is generally
Supported operations are Add, Get, and Delete.
**AppLicenses/StoreLicenses/*LicenseID*/LicenseCategory**
-Added in Windows 10, version 1511. Required. Category of license that is used to classify various license sources. Valid value:
+Added in Windows 10, version 1511. Required. Category of license that is used to classify various license sources. Valid values are:
-- Unknown - unknown license category
-- Retail - license sold through retail channels, typically from the Microsoft Store
-- Enterprise - license sold through the enterprise sales channel, typically from the Store for Business
-- OEM - license issued to an OEM
-- Developer - developer license, typically installed during the app development or side-loading scenarios.
+- Unknown - unknown license category
+- Retail - license sold through retail channels, typically from the Microsoft Store
+- Enterprise - license sold through the enterprise sales channel, typically from the Store for Business
+- OEM - license issued to an OEM
+- Developer - developer license, typically installed during the app development or side-loading scenarios.
Supported operation is Get.
**AppLicenses/StoreLicenses/*LicenseID*/LicenseUsage**
-Added in Windows 10, version 1511. Required. Indicates the allowed usage for the license. Valid values:
+Added in Windows 10, version 1511. Required. Indicates the allowed usage for the license. Valid values are:
-- Unknown - usage is unknown
-- Online - the license is only valid for online usage. This license is for applications with concurrence requirements, such as an app used on several computers, but can only be used on one at any given time.
-- Offline - license is valid for use offline. You don't need a connection to the internet to use this license.
-- Enterprise Root -
+- Unknown - usage is unknown.
+- Online - the license is only valid for online usage. This license is for applications with concurrence requirements, such as an app used on several computers, but can only be used on one at any given time.
+- Offline - license is valid for use offline. You don't need a connection to the internet to use this license.
+- Enterprise Root -
Supported operation is Get.
@@ -640,7 +680,6 @@ Supported operation is Execute.
## Examples
-
For examples of how to use this CSP to for reporting apps inventory, installation and removal of apps for users, provisioning apps to devices, and managing app licenses, see [Enterprise app management](enterprise-app-management.md).
Query the device for a specific app subcategory, such as nonStore apps.
diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md b/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md
index 4ffad48863..9e25733411 100644
--- a/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md
+++ b/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md
@@ -1,7 +1,6 @@
---
title: EnterpriseModernAppManagement DDF
description: Learn about the OMA DM device description framework (DDF) for the EnterpriseModernAppManagement configuration service provider (CSP).
-ms.assetid:
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md b/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md
index 53de7e899e..dc9995f5ef 100644
--- a/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md
+++ b/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md
@@ -1,7 +1,6 @@
---
title: EnterpriseModernAppManagement XSD
description: In this article, view the EnterpriseModernAppManagement XSD example so you can set application parameters.
-ms.assetid: D393D094-25E5-4E66-A60F-B59CC312BF57
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,7 +13,6 @@ ms.date: 06/26/2017
# EnterpriseModernAppManagement XSD
-
Here is the XSD for the application parameters.
```xml
diff --git a/windows/client-management/mdm/esim-enterprise-management.md b/windows/client-management/mdm/esim-enterprise-management.md
index f3e01980bb..30cebf3d9e 100644
--- a/windows/client-management/mdm/esim-enterprise-management.md
+++ b/windows/client-management/mdm/esim-enterprise-management.md
@@ -1,10 +1,7 @@
---
title: eSIM Enterprise Management
description: Learn how Mobile Device Management (MDM) Providers support the eSIM Profile Management Solution on Windows.
-keywords: eSIM enterprise management
ms.prod: w10
-ms.mktglfcycl:
-ms.sitesec: library
author: dansimp
ms.localizationpriority: medium
ms.author: dansimp
diff --git a/windows/client-management/mdm/euiccs-csp.md b/windows/client-management/mdm/euiccs-csp.md
index aea59b7da0..4a840115e0 100644
--- a/windows/client-management/mdm/euiccs-csp.md
+++ b/windows/client-management/mdm/euiccs-csp.md
@@ -13,10 +13,21 @@ manager: dansimp
# eUICCs CSP
+The table below shows the applicability of Windows:
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
The eUICCs configuration service provider is used to support eUICC enterprise use cases and enables the IT admin to manage (assign, reassign, remove) subscriptions to employees. This CSP was added in windows 10, version 1709.
-The following example shows the eUICCs configuration service provider in tree format.
+The following shows the eUICCs configuration service provider in tree format.
+
```
./Device/Vendor/MSFT
eUICCs
@@ -44,8 +55,9 @@ eUICCs
------------ResetToFactoryState
------------Status
```
+
**./Vendor/MSFT/eUICCs**
-Root node.
+Root node for the eUICCs CSP.
**_eUICC_**
Interior node. Represents information associated with an eUICC. There's one subtree for each known eUICC, created by the Local Profile Assistant (LPA) when the eUICC is first seen. The node name is meaningful only to the LPA (which associates it with an eUICC ID (EID) in an implementation-specific manner, for example, this association could be an SHA-256 hash of the EID). The node name "Default" represents the currently active eUICC.
@@ -65,12 +77,16 @@ Supported operation is Get. Value type is boolean.
**_eUICC_/PPR1Allowed**
Profile Policy Rule 1 (PPR1) is required. Indicates whether the download of a profile with PPR1 is allowed. If the eUICC already has a profile (regardless of its origin and policy rules associated with it), the download of a profile with PPR1 isn't allowed.
-Supported operation is Get. Value type is boolean.
+Supported operation is Get.
+
+Value type is boolean.
**_eUICC_/PPR1AlreadySet**
Required. Indicates whether the eUICC already has a profile with PPR1.
-Supported operation is Get. Value type is boolean.
+Supported operation is Get.
+
+Value type is boolean.
**_eUICC_/DownloadServers**
Interior node. Represents default SM-DP+ discovery requests.
@@ -85,12 +101,16 @@ Supported operations are Add, Get, and Delete.
**_eUICC_/DownloadServers/_ServerName_/DiscoveryState**
Required. Current state of the discovery operation for the parent ServerName (Requested = 1, Executing = 2, Completed = 3, Failed = 4). Queried by the CSP and only updated by the LPA.
-Supported operation is Get. Value type is integer. Default value is 1.
+Supported operation is Get.
+
+Value type is integer. Default value is 1.
**_eUICC_/DownloadServers/_ServerName_/AutoEnable**
Required. Indicates whether the discovered profile must be enabled automatically after install. This setting must be defined by the MDM when the ServerName subtree is created.
-Supported operations are Add, Get, and Replace. Value type is bool.
+Supported operations are Add, Get, and Replace.
+
+Value type is bool.
**_eUICC_/Profiles**
Interior node. Required. Represents all enterprise-owned profiles.
@@ -105,22 +125,30 @@ Supported operations are Add, Get, and Delete.
**_eUICC_/Profiles/_ICCID_/ServerName**
Required. Fully qualified domain name of the SM-DP+ that can download this profile. Must be set by the MDM when the ICCID subtree is created.
-Supported operations are Add and Get. Value type is string.
+Supported operations are Add and Get.
+
+Value type is string.
**_eUICC_/Profiles/_ICCID_/MatchingID**
Required. Matching ID (activation code token) for profile download. Must be set by the MDM when the ICCID subtree is created.
-Supported operations are Add and Get. Value type is string.
+Supported operations are Add and Get.
+
+Value type is string.
**_eUICC_/Profiles/_ICCID_/State**
Required. Current state of the profile (Installing = 1, Installed = 2, Deleting = 3, Error = 4). Queried by the CSP and only updated by the LPA.
-Supported operation is Get. Value type is integer. Default value is 1.
+Supported operation is Get.
+
+Value type is integer. Default value is 1.
**_eUICC_/Profiles/_ICCID_/IsEnabled**
Added in Windows 10, version 1803. Indicates whether this profile is enabled. Can be set by the MDM when the ICCID subtree is created to enable the profile once it’s successfully downloaded and installed on the device. Can also be queried and updated by the CSP.
-Supported operations are Add, Get, and Replace. Value type is bool.
+Supported operations are Add, Get, and Replace.
+
+Value type is bool.
**_eUICC_/Policies**
Interior node. Required. Device policies associated with the eUICC as a whole (not per-profile).
@@ -130,7 +158,9 @@ Supported operation is Get.
**_eUICC_/Policies/LocalUIEnabled**
Required. Determines whether the local user interface of the LUI is available (true if available, false otherwise). Initially populated by the LPA when the eUICC tree is created, can be queried and changed by the MDM server.
-Supported operations are Get and Replace. Value type is boolean. Default value is true.
+Supported operations are Get and Replace.
+
+Value type is boolean. Default value is true.
**_eUICC_/Actions**
Interior node. Required. Actions that can be performed on the eUICC as a whole (when it's active).
@@ -140,9 +170,17 @@ Supported operation is Get.
**_eUICC_/Actions/ResetToFactoryState**
Required. An EXECUTE on this node triggers the LPA to perform an eUICC Memory Reset.
-Supported operation is Execute. Value type is string.
+Supported operation is Execute.
+
+Value type is string.
**_eUICC_/Actions/Status**
Required. Status of most recent operation, as an HRESULT. S_OK indicates success, S_FALSE indicates operation is in progress, other values represent specific errors.
-Supported value is Get. Value type is integer. Default is 0.
+Supported value is Get.
+
+Value type is integer. Default is 0.
+
+## Related topics
+
+[Configuration service provider reference](configuration-service-provider-reference.md)
diff --git a/windows/client-management/mdm/euiccs-ddf-file.md b/windows/client-management/mdm/euiccs-ddf-file.md
index 1649e9b5ca..e6d041a4a2 100644
--- a/windows/client-management/mdm/euiccs-ddf-file.md
+++ b/windows/client-management/mdm/euiccs-ddf-file.md
@@ -1,7 +1,6 @@
---
title: eUICCs DDF file
description: Learn about the OMA DM device description framework (DDF) for the eUICCs configuration service provider (CSP).
-ms.assetid: c4cd4816-ad8f-45b2-9b81-8abb18254096
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,7 +13,6 @@ ms.date: 03/02/2018
# eUICCs DDF file
-
This topic shows the OMA DM device description framework (DDF) for the **eUICCs** configuration service provider. DDF files are used only with OMA DM provisioning XML.
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
diff --git a/windows/client-management/mdm/federated-authentication-device-enrollment.md b/windows/client-management/mdm/federated-authentication-device-enrollment.md
index 6dc5301d1b..1bbe746b59 100644
--- a/windows/client-management/mdm/federated-authentication-device-enrollment.md
+++ b/windows/client-management/mdm/federated-authentication-device-enrollment.md
@@ -1,7 +1,6 @@
---
title: Federated authentication device enrollment
description: This section provides an example of the mobile device enrollment protocol using federated authentication policy.
-ms.assetid: 049ECA6E-1AF5-4CB2-8F1C-A5F22D722DAA
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/firewall-csp.md b/windows/client-management/mdm/firewall-csp.md
index a9735120d7..022801745a 100644
--- a/windows/client-management/mdm/firewall-csp.md
+++ b/windows/client-management/mdm/firewall-csp.md
@@ -5,14 +5,25 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
-ms.date: 11/29/2021
+author: dansimp
ms.reviewer:
manager: dansimp
---
# Firewall configuration service provider (CSP)
+The table below shows the applicability of Windows:
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+The Firewall configuration service provider (CSP) allows the mobile device management (MDM) server to configure the Windows Defender Firewall global settings, per profile settings, and the desired set of custom rules to be enforced on the device. Using the Firewall CSP the IT admin can now manage non-domain devices, and reduce the risk of network security threats across all systems connecting to the corporate network. This CSP was added Windows 10, version 1709.
The Firewall configuration service provider (CSP) allows the mobile device management (MDM) server to configure the Windows Defender Firewall global settings, per profile settings, and the desired set of custom rules to be enforced on the device. Using the Firewall CSP the IT admin can now manage non-domain devices, and reduce the risk of network security threats across all systems connecting to the corporate network. This CSP was added Windows 10, version 1709.
@@ -101,141 +112,145 @@ Firewall
----------------Status
----------------Name
```
+
**./Vendor/MSFT/Firewall**
-
Root node for the Firewall configuration service provider.
+Root node for the Firewall configuration service provider.
**MdmStore**
-
Interior node.
-
Supported operation is Get.
+Interior node.
+Supported operation is Get.
**MdmStore/Global**
-
Interior node.
-
Supported operations are Get.
+Interior node.
+Supported operations are Get.
**MdmStore/Global/PolicyVersionSupported**
-
Integer value that contains the maximum policy version that the server host can accept. The version number is two octets in size. The lowest-order octet is the minor version; the second-to-lowest octet is the major version. This value isn't merged and is always a fixed value for a particular firewall and advanced security components software build.
-
Value type in integer. Supported operation is Get.
+Integer value that contains the maximum policy version that the server host can accept. The version number is two octets in size. The lowest-order octet is the minor version; the second-to-lowest octet is the major version. This value isn't merged and is always a fixed value for a particular firewall and advanced security components software build.
+Value type in integer. Supported operation is Get.
**MdmStore/Global/CurrentProfiles**
-
Integer value that contains a bitmask of the current enforced profiles that are maintained by the server firewall host. See FW_PROFILE_TYPE for the bitmasks that are used to identify profile types. This value is available only in the dynamic store; therefore, it's not merged and has no merge law.
-
Value type in integer. Supported operation is Get.
+Integer value that contains a bitmask of the current enforced profiles that are maintained by the server firewall host. See FW_PROFILE_TYPE for the bitmasks that are used to identify profile types. This value is available only in the dynamic store; therefore, it's not merged and has no merge law.
+Value type in integer. Supported operation is Get.
**MdmStore/Global/DisableStatefulFtp**
-
Boolean value. If false, the firewall performs stateful File Transfer Protocol (FTP) filtering to allow secondary connections. True means stateful FTP is disabled. The merge law for this option is to let "true" values win.
-
Default value is false.
-
Data type is bool. Supported operations are Add, Get, Replace, and Delete.
+Boolean value. If false, the firewall performs stateful File Transfer Protocol (FTP) filtering to allow secondary connections. True means stateful FTP is disabled. The merge law for this option is to let "true" values win.
+Default value is false.
+
+Data type is bool. Supported operations are Add, Get, Replace, and Delete.
**MdmStore/Global/SaIdleTime**
-
This value configures the security association idle time, in seconds. Security associations are deleted after network traffic isn't seen for this specified period of time. The value is integer and MUST be in the range of 300 to 3,600 inclusive. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, use the local store value.
-
Default value is 300.
-
Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+This value configures the security association idle time, in seconds. Security associations are deleted after network traffic isn't seen for this specified period of time. The value is integer and MUST be in the range of 300 to 3,600 inclusive. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, use the local store value.
+Default value is 300.
+Value type is integer. Supported operations are Add, Get, Replace, and Delete.
**MdmStore/Global/PresharedKeyEncoding**
-
Specifies the preshared key encoding that is used. The value is integer and MUST be a valid value from the PRESHARED_KEY_ENCODING_VALUES enumeration. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, use the local store value.
-
Default value is 1.
-
Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+Specifies the preshared key encoding that is used. The value is integer and MUST be a valid value from the PRESHARED_KEY_ENCODING_VALUES enumeration. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, use the local store value.
+Default value is 1.
+Value type is integer. Supported operations are Add, Get, Replace, and Delete.
**MdmStore/Global/IPsecExempt**
-
This value configures IPsec exceptions. The value is integer and MUST be a combination of the valid flags that are defined in IPSEC_EXEMPT_VALUES; therefore, the maximum value MUST always be IPSEC_EXEMPT_MAX-1 for servers supporting a schema version of 0x0201 and IPSEC_EXEMPT_MAX_V2_0-1 for servers supporting a schema version of 0x0200. If the maximum value is exceeded when the method RRPC_FWSetGlobalConfig (Opnum 4) is called, the method returns ERROR_INVALID_PARAMETER. This error code is returned if no other preceding error is discovered. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, use the local store value.
-
Default value is 0.
-
Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+This value configures IPsec exceptions. The value is integer and MUST be a combination of the valid flags that are defined in IPSEC_EXEMPT_VALUES; therefore, the maximum value MUST always be IPSEC_EXEMPT_MAX-1 for servers supporting a schema version of 0x0201 and IPSEC_EXEMPT_MAX_V2_0-1 for servers supporting a schema version of 0x0200. If the maximum value is exceeded when the method RRPC_FWSetGlobalConfig (Opnum 4) is called, the method returns ERROR_INVALID_PARAMETER. This error code is returned if no other preceding error is discovered. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, use the local store value.
+Default value is 0.
+Value type is integer. Supported operations are Add, Get, Replace, and Delete.
**MdmStore/Global/CRLcheck**
-
This value specifies how certificate revocation list (CRL) verification is enforced. The value is integer and MUST be 0, 1, or 2. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, use the local store value. Valid valued:
-
-
0 disables CRL checking
-
1 specifies that CRL checking is attempted and that certificate validation fails only if the certificate is revoked. Other failures that are encountered during CRL checking (such as the revocation URL being unreachable) don't cause certificate validation to fail.
-
2 means that checking is required and that certificate validation fails if any error is encountered during CRL processing
-
-
Default value is 0.
-
Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+This value specifies how certificate revocation list (CRL) verification is enforced. The value is integer and MUST be 0, 1, or 2. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, use the local store value. Valid valued:
+
+- 0 disables CRL checking
+- 1 specifies that CRL checking is attempted and that certificate validation fails only if the certificate is revoked. Other failures that are encountered during CRL checking (such as the revocation URL being unreachable) don't cause certificate validation to fail.
+- 2 means that checking is required and that certificate validation fails if any error is encountered during CRL processing
+
+Default value is 0.
+Value type is integer. Supported operations are Add, Get, Replace, and Delete.
**MdmStore/Global/PolicyVersion**
-
This value contains the policy version of the policy store being managed. This value isn't merged and therefore, has no merge law.
-
Value type is string. Supported operation is Get.
+This value contains the policy version of the policy store being managed. This value isn't merged and therefore, has no merge law.
+Value type is string. Supported operation is Get.
**MdmStore/Global/BinaryVersionSupported**
-
This value contains the binary version of the structures and data types that are supported by the server. This value isn't merged. In addition, this value is always a fixed value for a specific firewall and advanced security component's software build. This value identifies a policy configuration option that is supported only on servers that have a schema version of 0x0201.
-
Value type is string. Supported operation is Get.
+This value contains the binary version of the structures and data types that are supported by the server. This value isn't merged. In addition, this value is always a fixed value for a specific firewall and advanced security component's software build. This value identifies a policy configuration option that is supported only on servers that have a schema version of 0x0201.
+Value type is string. Supported operation is Get.
**MdmStore/Global/OpportunisticallyMatchAuthSetPerKM**
-
This value is bool used as an on/off switch. When this option is false (off), keying modules MUST ignore the entire authentication set if they don't support all of the authentication suites specified in the set. When this option is true (on), keying modules MUST ignore only the authentication suites that they don’t support. For schema versions 0x0200, 0x0201, and 0x020A, this value is invalid and MUST NOT be used.
-
Boolean value. Supported operations are Add, Get, Replace, and Delete.
+This value is bool used as an on/off switch. When this option is false (off), keying modules MUST ignore the entire authentication set if they don't support all of the authentication suites specified in the set. When this option is true (on), keying modules MUST ignore only the authentication suites that they don’t support. For schema versions 0x0200, 0x0201, and 0x020A, this value is invalid and MUST NOT be used.
+Boolean value. Supported operations are Add, Get, Replace, and Delete.
**MdmStore/Global/EnablePacketQueue**
-
This value specifies how scaling for the software on the receive side is enabled for both the encrypted receive and clear text forward path for the IPsec tunnel gateway scenario. Use of this option also ensures that the packet order is preserved. The data type for this option value is integer and is a combination of flags. Valid values:
+This value specifies how scaling for the software on the receive side is enabled for both the encrypted receive and clear text forward path for the IPsec tunnel gateway scenario. Use of this option also ensures that the packet order is preserved. The data type for this option value is integer and is a combination of flags. Valid values:
-
-
0x00 indicates that all queuing is to be disabled
-
0x01 specifies that inbound encrypted packets are to be queued
-
0x02 specifies that packets are to be queued after decryption is performed for forwarding
-
+- 0x00 indicates that all queuing is to be disabled
+- 0x01 specifies that inbound encrypted packets are to be queued
+- 0x02 specifies that packets are to be queued after decryption is performed for forwarding
-
Default value is 0.
-
Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+Default value is 0.
+
+Value type is integer. Supported operations are Add, Get, Replace, and Delete.
**MdmStore/DomainProfile**
-
Interior node. Supported operation is Get.
+Interior node. Supported operation is Get.
**MdmStore/PrivateProfile**
-
Interior node. Supported operation is Get.
+Interior node. Supported operation is Get.
**MdmStore/PublicProfile**
-
Interior node. Supported operation is Get.
+Interior node. Supported operation is Get.
**/EnableFirewall**
-
Boolean value for the firewall and advanced security enforcement. If this value is false, the server MUST NOT block any network traffic, regardless of other policy settings. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used.
-
Default value is true.
-
Value type is bool. Supported operations are Add, Get and Replace.
+Boolean value for the firewall and advanced security enforcement. If this value is false, the server MUST NOT block any network traffic, regardless of other policy settings. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used.
+Default value is true.
+Value type is bool. Supported operations are Add, Get and Replace.
**/DisableStealthMode**
-
Boolean value. When this option is false, the server operates in stealth mode. The firewall rules used to enforce stealth mode are implementation-specific. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used.
-
Default value is false.
-
Value type is bool. Supported operations are Add, Get and Replace.
+Boolean value. When this option is false, the server operates in stealth mode. The firewall rules used to enforce stealth mode are implementation-specific. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used.
+Default value is false.
+Value type is bool. Supported operations are Add, Get and Replace.
**/Shielded**
-
Boolean value. If this value is true and EnableFirewall is on, the server MUST block all incoming traffic regardless of other policy settings. The merge law for this option is to let "true" values win.
-
Default value is false.
-
Value type is bool. Supported operations are Get and Replace.
+Boolean value. If this value is true and EnableFirewall is on, the server MUST block all incoming traffic regardless of other policy settings. The merge law for this option is to let "true" values win.
+Default value is false.
+
+Value type is bool. Supported operations are Get and Replace.
**/DisableUnicastResponsesToMulticastBroadcast**
-
Boolean value. If it's true, unicast responses to multicast broadcast traffic are blocked. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used.
-
Default value is false.
-
Value type is bool. Supported operations are Add, Get and Replace.
+Boolean value. If it's true, unicast responses to multicast broadcast traffic are blocked. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used.
+Default value is false.
+Value type is bool. Supported operations are Add, Get and Replace.
**/DisableInboundNotifications**
-
Boolean value. If this value is false, the firewall MAY display a notification to the user when an application is blocked from listening on a port. If this value is on, the firewall MUST NOT display such a notification. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used.
-
Default value is false.
-
Value type is bool. Supported operations are Add, Get and Replace.
+Boolean value. If this value is false, the firewall MAY display a notification to the user when an application is blocked from listening on a port. If this value is on, the firewall MUST NOT display such a notification. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used.
+Default value is false.
+Value type is bool. Supported operations are Add, Get and Replace.
**/AuthAppsAllowUserPrefMerge**
-
Boolean value. If this value is false, authorized application firewall rules in the local store are ignored and not enforced. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used.
-
Default value is true.
-
Value type is bool. Supported operations are Add, Get and Replace.
+Boolean value. If this value is false, authorized application firewall rules in the local store are ignored and not enforced. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used.
+Default value is true.
+Value type is bool. Supported operations are Add, Get and Replace.
**/GlobalPortsAllowUserPrefMerge**
-
Boolean value. If this value is false, global port firewall rules in the local store are ignored and not enforced. The setting only has meaning if it's set or enumerated in the Group Policy store or if it's enumerated from the GroupPolicyRSoPStore. The merge law for this option is to let the value GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used.
-
Default value is true.
-
Value type is bool. Supported operations are Add, Get and Replace.
+Boolean value. If this value is false, global port firewall rules in the local store are ignored and not enforced. The setting only has meaning if it's set or enumerated in the Group Policy store or if it's enumerated from the GroupPolicyRSoPStore. The merge law for this option is to let the value GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used.
+Default value is true.
+Value type is bool. Supported operations are Add, Get and Replace.
**/AllowLocalPolicyMerge**
-
Boolean value. If this value is false, firewall rules from the local store are ignored and not enforced. The merge law for this option is to always use the value of the GroupPolicyRSoPStore. This value is valid for all schema versions.
-
Default value is true.
-
Value type is bool. Supported operations are Add, Get and Replace.
+Boolean value. If this value is false, firewall rules from the local store are ignored and not enforced. The merge law for this option is to always use the value of the GroupPolicyRSoPStore. This value is valid for all schema versions.
+Default value is true.
+
+Value type is bool. Supported operations are Add, Get and Replace.
**/AllowLocalIpsecPolicyMerge**
-
Boolean value. If this value is false, connection security rules from the local store are ignored and not enforced, regardless of the schema version and connection security rule version. The merge law for this option is to always use the value of the GroupPolicyRSoPStore.
-
Default value is true.
-
Value type is bool. Supported operations are Add, Get and Replace.
+Boolean value. If this value is false, connection security rules from the local store are ignored and not enforced, regardless of the schema version and connection security rule version. The merge law for this option is to always use the value of the GroupPolicyRSoPStore.
+Default value is true.
+
+Value type is bool. Supported operations are Add, Get and Replace.
**/DefaultOutboundAction**
-
This value is the action that the firewall does by default (and evaluates at the very end) on outbound connections. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used. DefaultOutboundAction will block all outbound traffic unless it's explicitly specified not to block.
-
-
0x00000000 - allow
-
0x00000001 - block
-
-
Default value is 0 (allow).
-
Value type is integer. Supported operations are Add, Get and Replace.
+This value is the action that the firewall does by default (and evaluates at the very end) on outbound connections. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used. DefaultOutboundAction will allow all outbound traffic unless it's explicitly specified not to allow.
+
+- 0x00000000 - allow
+- 0x00000001 - block
+
+Default value is 0 (allow).
+Value type is integer. Supported operations are Add, Get and Replace.
Sample syncxml to provision the firewall settings to evaluate
@@ -261,163 +276,168 @@ Sample syncxml to provision the firewall settings to evaluate
```
+
**/DefaultInboundAction**
-
This value is the action that the firewall does by default (and evaluates at the very end) on inbound connections. The merge law for this option is to let the value of the GroupPolicyRSoPStore.win if it's configured; otherwise, the local store value is used.
-
-
0x00000000 - allow
-
0x00000001 - block
-
-
Default value is 1 (block).
-
Value type is integer. Supported operations are Add, Get and Replace.
+This value is the action that the firewall does by default (and evaluates at the very end) on inbound connections. The merge law for this option is to let the value of the GroupPolicyRSoPStore.win if it's configured; otherwise, the local store value is used.
+
+- 0x00000000 - allow
+- 0x00000001 - block
+
+Default value is 1 (block).
+Value type is integer. Supported operations are Add, Get and Replace.
**/DisableStealthModeIpsecSecuredPacketExemption**
-
Boolean value. This option is ignored if DisableStealthMode is true. Otherwise, when this option is true, the firewall's stealth mode rules MUST NOT prevent the host computer from responding to unsolicited network traffic if that traffic is secured by IPsec. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used. For schema versions 0x0200, 0x0201, and 0x020A, this value is invalid and MUST NOT be used.
-
Default value is true.
-
Value type is bool. Supported operations are Add, Get and Replace.
+Boolean value. This option is ignored if DisableStealthMode is true. Otherwise, when this option is true, the firewall's stealth mode rules MUST NOT prevent the host computer from responding to unsolicited network traffic if that traffic is secured by IPsec. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used. For schema versions 0x0200, 0x0201, and 0x020A, this value is invalid and MUST NOT be used.
+Default value is true.
+Value type is bool. Supported operations are Add, Get and Replace.
**FirewallRules**
-
A list of rules controlling traffic through the Windows Firewall. Each Rule ID is OR'ed. Within each rule ID each Filter type is AND'ed.
+A list of rules controlling traffic through the Windows Firewall. Each Rule ID is OR'ed. Within each rule ID each Filter type is AND'ed.
**FirewallRules/_FirewallRuleName_**
-
Unique alpha numeric identifier for the rule. The rule name must not include a forward slash (/).
-
Supported operations are Add, Get, Replace, and Delete.
+Unique alpha numeric identifier for the rule. The rule name must not include a forward slash (/).
+Supported operations are Add, Get, Replace, and Delete.
**FirewallRules/_FirewallRuleName_/App**
-
Rules that control connections for an app, program, or service. Specified based on the intersection of the following nodes:
-
-
PackageFamilyName
-
FilePath
-
FQBN
-
ServiceName
-
-
If not specified, the default is All.
-
Supported operation is Get.
+Rules that control connections for an app, program, or service. Specified based on the intersection of the following nodes:
+
+- PackageFamilyName
+- FilePath
+- FQBN
+- ServiceName
+
+If not specified, the default is All.
+Supported operation is Get.
**FirewallRules/_FirewallRuleName_/App/PackageFamilyName**
-
This App/Id value represents the PackageFamilyName of the app. The PackageFamilyName is the unique name of a Microsoft Store application.
-
Value type is string. Supported operations are Add, Get, Replace, and Delete.
+This App/Id value represents the PackageFamilyName of the app. The PackageFamilyName is the unique name of a Microsoft Store application.
+Value type is string. Supported operations are Add, Get, Replace, and Delete.
**FirewallRules/_FirewallRuleName_/App/FilePath**
-
This App/Id value represents the full file path of the app. For example, C:\Windows\System\Notepad.exe.
-
Value type is string. Supported operations are Add, Get, Replace, and Delete.
+This App/Id value represents the full file path of the app. For example, C:\Windows\System\Notepad.exe.
+Value type is string. Supported operations are Add, Get, Replace, and Delete.
**FirewallRules/_FirewallRuleName_/App/Fqbn**
-
Fully Qualified Binary Name
-
Value type is string. Supported operations are Add, Get, Replace, and Delete.
+Fully Qualified Binary Name
+Value type is string. Supported operations are Add, Get, Replace, and Delete.
**FirewallRules/_FirewallRuleName_/App/ServiceName**
-
This parameter is a service name used in cases when a service, not an application, is sending or receiving traffic.
-
Value type is string. Supported operations are Add, Get, Replace, and Delete.
+This parameter is a service name used in cases when a service, not an application, is sending or receiving traffic.
+Value type is string. Supported operations are Add, Get, Replace, and Delete.
**FirewallRules/_FirewallRuleName_/Protocol**
-
0-255 number representing the ip protocol (TCP = 6, UDP = 17)
-
If not specified, the default is All.
-
Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+0-255 number representing the ip protocol (TCP = 6, UDP = 17)
+If not specified, the default is All.
+Value type is integer. Supported operations are Add, Get, Replace, and Delete.
**FirewallRules/_FirewallRuleName_/LocalPortRanges**
-
Comma separated list of ranges. For example, 100-120,200,300-320.
-
If not specified, the default is All.
-
Value type is string. Supported operations are Add, Get, Replace, and Delete.
+Comma separated list of ranges. For example, 100-120,200,300-320.
+If not specified, the default is All.
+Value type is string. Supported operations are Add, Get, Replace, and Delete.
**FirewallRules/_FirewallRuleName_/RemotePortRanges**
-
Comma separated list of ranges, For example, 100-120,200,300-320.
-
If not specified, the default is All.
-
Value type is string. Supported operations are Add, Get, Replace, and Delete.
+Comma separated list of ranges, For example, 100-120,200,300-320.
+If not specified, the default is All.
+Value type is string. Supported operations are Add, Get, Replace, and Delete.
**FirewallRules/*FirewallRuleName*/LocalAddressRanges**
-
Comma-separated list of local addresses covered by the rule. The default value is "*". Valid tokens include:
-
-
"*" indicates any local address. If present, the local address must be the only token included.
-
A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask nor a network prefix is specified, the subnet mask defaults to 255.255.255.255.
-
A valid IPv6 address.
-
An IPv4 address range in the format of "start address - end address" with no spaces included.
-
An IPv6 address range in the format of "start address - end address" with no spaces included.
-
-
If not specified, the default is All.
-
Value type is string. Supported operations are Add, Get, Replace, and Delete.
+Comma-separated list of local addresses covered by the rule. The default value is "*". Valid tokens include:
+
+- "*" indicates any local address. If present, the local address must be the only token included.
+- A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask nor a network prefix is specified, the subnet mask defaults to 255.255.255.255.
+- A valid IPv6 address.
+- An IPv4 address range in the format of "start address - end address" with no spaces included.
+- An IPv6 address range in the format of "start address - end address" with no spaces included.
+
+If not specified, the default is All.
+Value type is string. Supported operations are Add, Get, Replace, and Delete.
**FirewallRules/*FirewallRuleName*/RemoteAddressRanges**
-
List of comma separated tokens specifying the remote addresses covered by the rule. The default value is "*". Valid tokens include:
-
-
"*" indicates any remote address. If present, the address must be the only token included.
-
"Defaultgateway"
-
"DHCP"
-
"DNS"
-
"WINS"
-
"Intranet"
-
"RmtIntranet"
-
"Internet"
-
"Ply2Renders"
-
"LocalSubnet" indicates any local address on the local subnet. This token isn't case-sensitive.
-
A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask not a network prefix is specified, the subnet mask defaults to 255.255.255.255.
-
A valid IPv6 address.
-
An IPv4 address range in the format of "start address - end address" with no spaces included.
-
An IPv6 address range in the format of "start address - end address" with no spaces included.
-
-
If not specified, the default is All.
-
Value type is string. Supported operations are Add, Get, Replace, and Delete.
-
The tokens "Intranet", "RmtIntranet", "Internet" and "Ply2Renders" are supported on Windows 10, version 1809, and later.
+List of comma separated tokens specifying the remote addresses covered by the rule. The default value is "*". Valid tokens include:
+
+- "*" indicates any remote address. If present, the address must be the only token included.
+- "Defaultgateway"
+- "DHCP"
+- "DNS"
+- "WINS"
+- "Intranet"
+- "RmtIntranet"
+- "Internet"
+- "Ply2Renders"
+- "LocalSubnet" indicates any local address on the local subnet. This token isn't case-sensitive.
+- A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask not a network prefix is specified, the subnet mask defaults to 255.255.255.255.
+- A valid IPv6 address.
+- An IPv4 address range in the format of "start address - end address" with no spaces included.
+- An IPv6 address range in the format of "start address - end address" with no spaces included.
+
+If not specified, the default is All.
+Value type is string. Supported operations are Add, Get, Replace, and Delete.
+The tokens "Intranet", "RmtIntranet", "Internet" and "Ply2Renders" are supported on Windows 10, version 1809, and later.
**FirewallRules/_FirewallRuleName_/Description**
-
Specifies the description of the rule.
-
Value type is string. Supported operations are Add, Get, Replace, and Delete.
+Specifies the description of the rule.
+Value type is string. Supported operations are Add, Get, Replace, and Delete.
**FirewallRules/_FirewallRuleName_/Enabled**
-
Indicates whether the rule is enabled or disabled. If the rule must be enabled, this value must be set to true.
-
If not specified - a new rule is enabled by default.
-
Boolean value. Supported operations are Get and Replace.
+Indicates whether the rule is enabled or disabled. If the rule must be enabled, this value must be set to true.
+If not specified - a new rule is enabled by default.
+Boolean value. Supported operations are Get and Replace.
**FirewallRules/_FirewallRuleName_/Profiles**
-
Specifies the profiles to which the rule belongs: Domain, Private, Public. . See FW_PROFILE_TYPE for the bitmasks that are used to identify profile types.
-
If not specified, the default is All.
-
Value type is integer. Supported operations are Get and Replace.
+Specifies the profiles to which the rule belongs: Domain, Private, or Public. See [FW_PROFILE_TYPE](/openspecs/windows_protocols/ms-fasp/7704e238-174d-4a5e-b809-5f3787dd8acc) for the bitmasks that are used to identify profile types.
+If not specified, the default is All.
+Value type is integer. Supported operations are Get and Replace.
**FirewallRules/_FirewallRuleName_/Action**
-
Specifies the action for the rule.
-
Supported operation is Get.
+Specifies the action for the rule.
+Supported operation is Get.
**FirewallRules/_FirewallRuleName_/Action/Type**
-
Specifies the action the rule enforces. Supported values:
-
-
0 - Block
-
1 - Allow
-
-
If not specified, the default is allow.
-
Value type is integer. Supported operations are Get and Replace.
+Specifies the action the rule enforces. Supported values:
+
+- 0 - Block
+- 1 - Allow
+
+If not specified, the default is allow.
+Value type is integer. Supported operations are Get and Replace.
**FirewallRules/_FirewallRuleName_/Direction**
-
The rule is enabled based on the traffic direction as following. Supported values:
-
-
IN - the rule applies to inbound traffic.
-
OUT - the rule applies to outbound traffic.
-
If not specified, the default is Out.
-
-
Value type is string. Supported operations are Get and Replace.
+The rule is enabled based on the traffic direction as following. Supported values:
+
+- IN - the rule applies to inbound traffic.
+- OUT - the rule applies to outbound traffic.
+- If not specified, the default is Out.
+
+Value type is string. Supported operations are Get and Replace.
**FirewallRules/_FirewallRuleName_/InterfaceTypes**
-
Comma separated list of interface types. Valid values:
-
-
RemoteAccess
-
Wireless
-
Lan
-
-
If not specified, the default is All.
-
Value type is string. Supported operations are Get and Replace.
+Comma separated list of interface types. Valid values:
+
+- RemoteAccess
+- Wireless
+- Lan
+
+If not specified, the default is All.
+Value type is string. Supported operations are Get and Replace.
**FirewallRules/_FirewallRuleName_/EdgeTraversal**
-
Indicates whether edge traversal is enabled or disabled for this rule.
-
The EdgeTraversal setting indicates that specific inbound traffic is allowed to tunnel through NATs and other edge devices using the Teredo tunneling technology. In order for this setting to work correctly, the application or service with the inbound firewall rule needs to support IPv6. The primary application of this setting allows listeners on the host to be globally addressable through a Teredo IPv6 address.
-
New rules have the EdgeTraversal property disabled by default.
-
Value type is bool. Supported operations are Add, Get, Replace, and Delete.
+Indicates whether edge traversal is enabled or disabled for this rule.
+The EdgeTraversal setting indicates that specific inbound traffic is allowed to tunnel through NATs and other edge devices using the Teredo tunneling technology. In order for this setting to work correctly, the application or service with the inbound firewall rule needs to support IPv6. The primary application of this setting allows listeners on the host to be globally addressable through a Teredo IPv6 address.
+New rules have the EdgeTraversal property disabled by default.
+Value type is bool. Supported operations are Add, Get, Replace, and Delete.
**FirewallRules/_FirewallRuleName_/LocalUserAuthorizationList**
-
Specifies the list of authorized local users for this rule. This list is a string in Security Descriptor Definition Language (SDDL) format.
-
Value type is string. Supported operations are Add, Get, Replace, and Delete.
+Specifies the list of authorized local users for this rule. This list is a string in Security Descriptor Definition Language (SDDL) format.
+Value type is string. Supported operations are Add, Get, Replace, and Delete.
**FirewallRules/_FirewallRuleName_/Status**
-
Provides information about the specific version of the rule in deployment for monitoring purposes.
-
Value type is string. Supported operation is Get.
+Provides information about the specific version of the rule in deployment for monitoring purposes.
+Value type is string. Supported operation is Get.
**FirewallRules/_FirewallRuleName_/Name**
-
Name of the rule.
-
Value type is string. Supported operations are Add, Get, Replace, and Delete.
+Name of the rule.
+Value type is string. Supported operations are Add, Get, Replace, and Delete.
+
+## Related topics
+
+[Configuration service provider reference](configuration-service-provider-reference.md)
diff --git a/windows/client-management/mdm/get-inventory.md b/windows/client-management/mdm/get-inventory.md
index 1528b38039..c4613e5251 100644
--- a/windows/client-management/mdm/get-inventory.md
+++ b/windows/client-management/mdm/get-inventory.md
@@ -4,7 +4,6 @@ description: The Get Inventory operation retrieves information from the Microsof
MS-HAID:
- 'p\_phdevicemgmt.get\_seatblock'
- 'p\_phDeviceMgmt.get\_inventory'
-ms.assetid: C5485722-FC49-4358-A097-74169B204E74
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/get-localized-product-details.md b/windows/client-management/mdm/get-localized-product-details.md
index 42e72419df..1b91dfb6f8 100644
--- a/windows/client-management/mdm/get-localized-product-details.md
+++ b/windows/client-management/mdm/get-localized-product-details.md
@@ -1,7 +1,6 @@
---
title: Get localized product details
description: The Get localized product details operation retrieves the localization information of a product from the Microsoft Store for Business.
-ms.assetid: EF6AFCA9-8699-46C9-A3BB-CD2750C07901
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/get-offline-license.md b/windows/client-management/mdm/get-offline-license.md
index b75fe48a08..24ff7dd8f5 100644
--- a/windows/client-management/mdm/get-offline-license.md
+++ b/windows/client-management/mdm/get-offline-license.md
@@ -1,7 +1,6 @@
---
title: Get offline license
description: The Get offline license operation retrieves the offline license information of a product from the Microsoft Store for Business.
-ms.assetid: 08DAD813-CF4D-42D6-A783-994A03AEE051
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/get-product-details.md b/windows/client-management/mdm/get-product-details.md
index 091c5884ce..2b5f901e1d 100644
--- a/windows/client-management/mdm/get-product-details.md
+++ b/windows/client-management/mdm/get-product-details.md
@@ -1,7 +1,6 @@
---
title: Get product details
description: The Get product details operation retrieves the product information from the Microsoft Store for Business for a specific application.
-ms.assetid: BC432EBA-CE5E-43BD-BD54-942774767286
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/get-product-package.md b/windows/client-management/mdm/get-product-package.md
index 42061b81b9..aaeb5a3b5e 100644
--- a/windows/client-management/mdm/get-product-package.md
+++ b/windows/client-management/mdm/get-product-package.md
@@ -1,7 +1,6 @@
---
title: Get product package
description: The Get product package operation retrieves the information about a specific application in the Microsoft Store for Business.
-ms.assetid: 4314C65E-6DDC-405C-A591-D66F799A341F
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/get-product-packages.md b/windows/client-management/mdm/get-product-packages.md
index 3cb5f24efe..3eb39cbd7c 100644
--- a/windows/client-management/mdm/get-product-packages.md
+++ b/windows/client-management/mdm/get-product-packages.md
@@ -1,7 +1,6 @@
---
title: Get product packages
description: The Get product packages operation retrieves the information about applications in the Microsoft Store for Business.
-ms.assetid: 039468BF-B9EE-4E1C-810C-9ACDD55C0835
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/get-seat.md b/windows/client-management/mdm/get-seat.md
index b8b6aa4fa6..d0aec2af0b 100644
--- a/windows/client-management/mdm/get-seat.md
+++ b/windows/client-management/mdm/get-seat.md
@@ -1,7 +1,6 @@
---
title: Get seat
description: The Get seat operation retrieves the information about an active seat for a specified user in the Microsoft Store for Business.
-ms.assetid: 715BAEB2-79FD-4945-A57F-482F9E7D07C6
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/get-seats-assigned-to-a-user.md b/windows/client-management/mdm/get-seats-assigned-to-a-user.md
index 5f70d09f93..a657aa4026 100644
--- a/windows/client-management/mdm/get-seats-assigned-to-a-user.md
+++ b/windows/client-management/mdm/get-seats-assigned-to-a-user.md
@@ -1,7 +1,6 @@
---
title: Get seats assigned to a user
description: The Get seats assigned to a user operation retrieves information about assigned seats in the Microsoft Store for Business.
-ms.assetid: CB963E44-8C7C-46F9-A979-89BBB376172B
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/get-seats.md b/windows/client-management/mdm/get-seats.md
index 8872ddf1ec..2dc6f0a475 100644
--- a/windows/client-management/mdm/get-seats.md
+++ b/windows/client-management/mdm/get-seats.md
@@ -1,7 +1,6 @@
---
title: Get seats
description: The Get seats operation retrieves the information about active seats in the Microsoft Store for Business.
-ms.assetid: 32945788-47AC-4259-B616-F359D48F4F2F
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/healthattestation-csp.md b/windows/client-management/mdm/healthattestation-csp.md
index 4933026bdc..4eb0e57c7d 100644
--- a/windows/client-management/mdm/healthattestation-csp.md
+++ b/windows/client-management/mdm/healthattestation-csp.md
@@ -1,7 +1,6 @@
---
title: Device HealthAttestation CSP
description: Learn how the DHA-CSP enables enterprise IT managers to assess if a device is booted to a trusted and compliant state, and take enterprise policy actions.
-ms.assetid: 6F2D783C-F6B4-4A81-B9A2-522C4661D1AC
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,14 +13,25 @@ ms.date:
# Device HealthAttestation CSP
+The table below shows the applicability of Windows:
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
The Device HealthAttestation configuration service provider (DHA-CSP) enables enterprise IT administrators to assess if a device is booted to a trusted and compliant state, and to take enterprise policy actions.
The following list is a description of the functions performed by the Device HealthAttestation CSP:
-- Collects device boot logs, Trusted Platform Module (TPM) audit trails and the TPM certificate (DHA-BootData) from a managed device
-- Forwards DHA-BootData to a Device Health Attestation Service (DHA-Service)
-- Receives an encrypted blob (DHA-EncBlob) from DHA-Service, and stores it in a local cache on the device
-- Receives attestation requests (DHA-Requests) from a DHA-Enabled MDM, and replies with Device Health Attestation data (DHA-Data)
+- Collects device boot logs, Trusted Platform Module (TPM) audit trails and the TPM certificate (DHA-BootData) from a managed device
+- Forwards DHA-BootData to a Device Health Attestation Service (DHA-Service)
+- Receives an encrypted blob (DHA-EncBlob) from DHA-Service, and stores it in a local cache on the device
+- Receives attestation requests (DHA-Requests) from a DHA-Enabled MDM, and replies with Device Health Attestation data (DHA-Data)
## Windows 11 Device health attestation
@@ -63,6 +73,7 @@ Attestation flow can be broadly in three main steps:
For more information, see [Attestation Protocol](/azure/attestation/virtualization-based-security-protocol).
### Configuration Service Provider Nodes
+
Windows 11 introduces additions to the HealthAttestation CSP node to integrate with Microsoft Azure Attestation service.
```console
@@ -127,7 +138,7 @@ Data fields:
- rpID (Relying Party Identifier): This field contains an identifier that can be used to help determine the caller.
- serviceEndpoint : This field contains the complete URL of the Microsoft Azure Attestation provider instance to be used for evaluation.
- nonce: This field contains an arbitrary number that can be used only once in a cryptographic communication. It's often a random or pseudo-random number issued in an authentication protocol to ensure that old communications can't be reused in replay attacks.
-- aadToken: The AAD token to be used for authentication against the Microsoft Azure Attestation service.
+- aadToken: The Azure Active Directory token to be used for authentication against the Microsoft Azure Attestation service.
- cv: This field contains an identifier(Correlation Vector) that will be passed in to the service call, and that can be used for diagnostics purposes.
Sample Data:
@@ -249,7 +260,7 @@ calls between client and MAA and for each call the GUID is separated by semicolo
```
> [!NOTE]
-> > MAA CSP nodes are available on arm64 but isn't currently supported.
+> MAA CSP nodes are available on arm64 but isn't currently supported.
### MAA CSP Integration Steps
@@ -396,7 +407,7 @@ calls between client and MAA and for each call the GUID is separated by semicolo
};
```
-3. Call TriggerAttestation with your rpid, AAD token and the attestURI: Use the Attestation URL generated in step 1, and append the appropriate api version you want to hit. For more information about the api version, see [Attestation - Attest Tpm - REST API](/rest/api/attestation/attestation/attest-tpm).
+3. Call TriggerAttestation with your rpid, Azure Active Directory token and the attestURI: Use the Attestation URL generated in step 1, and append the appropriate api version you want to hit. For more information about the api version, see [Attestation - Attest Tpm - REST API](/rest/api/attestation/attestation/attest-tpm).
4. Call GetAttestReport and decode and parse the report to ensure the attested report contains the required properties: GetAttestReport return the signed attestation token as a JWT. The JWT can be decoded to parse the information per the attestation policy.
@@ -574,12 +585,12 @@ Provides the current status of the device health request.
The supported operation is Get.
-The following list shows some examples of supported values. For the complete list of status, see Device HealthAttestation CSP status and error codes.
+The following list shows some examples of supported values. For the complete list of status, see [Device HealthAttestation CSP status and error codes](#device-healthattestation-csp-status-and-error-codes).
-- 0 - (HEALTHATTESTATION\_CERT\_RETRIEVAL_UNINITIALIZED): DHA-CSP is preparing a request to get a new DHA-EncBlob from DHA-Service
-- 1 - (HEALTHATTESTATION\_CERT\_RETRIEVAL_REQUESTED): DHA-CSP is waiting for the DHA-Service to respond back, and issue a DHA-EncBlob to the device
-- 2 - (HEALTHATTESTATION\_CERT\_RETRIEVAL_FAILED): A valid DHA-EncBlob couldn't be retrieved from the DHA-Service for reasons other than discussed in the DHA error/status codes
-- 3 - (HEALTHATTESTATION\_CERT\_RETRIEVAL_COMPLETE): DHA-Data is ready for pickup
+- 0 - (HEALTHATTESTATION\_CERT\_RETRIEVAL_UNINITIALIZED): DHA-CSP is preparing a request to get a new DHA-EncBlob from DHA-Service
+- 1 - (HEALTHATTESTATION\_CERT\_RETRIEVAL_REQUESTED): DHA-CSP is waiting for the DHA-Service to respond back, and issue a DHA-EncBlob to the device
+- 2 - (HEALTHATTESTATION\_CERT\_RETRIEVAL_FAILED): A valid DHA-EncBlob couldn't be retrieved from the DHA-Service for reasons other than discussed in the DHA error/status codes
+- 3 - (HEALTHATTESTATION\_CERT\_RETRIEVAL_COMPLETE): DHA-Data is ready for pickup
**ForceRetrieve** (Optional)
@@ -623,14 +634,14 @@ Value type is integer. The supported operation is Get.
The following list of validation and development tasks are required for integrating the Microsoft Device Health Attestation feature with a Windows Mobile device management solution (MDM):
-1. [Verify HTTPS access](#verify-access)
-2. [Assign an enterprise trusted DHA-Service](#assign-trusted-dha-service)
-3. [Instruct client to prepare DHA-data for verification](#prepare-health-data)
-4. [Take action based on the clients response](#take-action-client-response)
-5. [Instruct the client to forward DHA-data for verification](#forward-health-attestation)
-6. [Post DHA-data to DHA-service](#forward-data-to-has)
-7. [Receive response from DHA-service](#receive-has-response)
-8. [Parse DHA-Report data. Take appropriate policy action based on evaluation results](#take-policy-action)
+1. [Verify HTTPS access](#verify-access)
+2. [Assign an enterprise trusted DHA-Service](#assign-trusted-dha-service)
+3. [Instruct client to prepare DHA-data for verification](#prepare-health-data)
+4. [Take action based on the clients response](#take-action-client-response)
+5. [Instruct the client to forward DHA-data for verification](#forward-health-attestation)
+6. [Post DHA-data to DHA-service](#forward-data-to-has)
+7. [Receive response from DHA-service](#receive-has-response)
+8. [Parse DHA-Report data. Take appropriate policy action based on evaluation results](#take-policy-action)
Each step is described in detail in the following sections of this topic.
@@ -688,6 +699,7 @@ SSL-Session:
### Step 2: Assign an enterprise trusted DHA-Service
There are three types of DHA-Service:
+
- Device Health Attestation – Cloud (owned and operated by Microsoft)
- Device Health Attestation – On Premise (owned and operated by an enterprise, runs on Windows Server 2016 on premises)
- Device Health Attestation - Enterprise-Managed Cloud (owned and operated by an enterprise, runs on Windows Server 2016 compatible enterprise-managed cloud)
@@ -738,7 +750,6 @@ The following example shows a sample call that triggers collection and verificat
### Step 4: Take action based on the client's response
-
After the client receives the health attestation request, it sends a response. The following list describes the responses, along with a recommended action to take.
- If the response is HEALTHATTESTATION\_CERT_RETRIEVAL_COMPLETE (3) then proceed to the next section.
@@ -762,11 +773,11 @@ Here's a sample alert that is issued by DHA_CSP:
```
+
- If the response to the status node isn't 0, 1 or 3, then troubleshoot the issue. For the complete list of status codes, see [Device HealthAttestation CSP status and error codes](#device-healthattestation-csp-status-and-error-codes).
### Step 5: Instruct the client to forward health attestation data for verification
-
Create a call to the **Nonce**, **Certificate** and **CorrelationId** nodes, and pick up an encrypted payload that includes a health certificate and related data from the device.
Here's an example:
@@ -823,24 +834,23 @@ When the MDM-Server receives the above data, it must:
- Forward (HTTP Post) the XML data struct (including the nonce that was appended in the previous step) to the assigned DHA-Service that runs on:
- - DHA-Cloud (Microsoft owned and operated DHA-Service) scenario: https://has.spserv.microsoft.com/DeviceHealthAttestation/ValidateHealthCertificate/v3
- - DHA-OnPrem or DHA-EMC: https://FullyQualifiedDomainName-FDQN/DeviceHealthAttestation/ValidateHealthCertificate/v3
-
-
+ - DHA-Cloud (Microsoft owned and operated DHA-Service) scenario: `https://has.spserv.microsoft.com/DeviceHealthAttestation/ValidateHealthCertificate/v3`
+ - DHA-OnPrem or DHA-EMC: `https://FullyQualifiedDomainName-FDQN/DeviceHealthAttestation/ValidateHealthCertificate/v3`
### Step 7: Receive response from the DHA-service
When the Microsoft Device Health Attestation Service receives a request for verification, it performs the following steps:
+
- Decrypts the encrypted data it receives.
-- Validates the data it has received
-- Creates a report, and shares the evaluation results to the MDM server via SSL in XML format
+- Validates the data it has received.
+- Creates a report, and shares the evaluation results to the MDM server via SSL in XML format.
### Step 8: Take appropriate policy action based on evaluation results
After the MDM server receives the verified data, the information can be used to make policy decisions by evaluating the data. Some possible actions would be:
-- Allow the device access.
-- Allow the device to access the resources, but flag the device for further investigation.
-- Prevent a device from accessing resources.
+- Allow the device access.
+- Allow the device to access the resources, but flag the device for further investigation.
+- Prevent a device from accessing resources.
The following list of data points is verified by the DHA-Service in DHA-Report version 3:
@@ -890,8 +900,8 @@ If AIKPresent = True (1), then allow access.
If AIKPresent = False (0), then take one of the following actions that align with your enterprise policies:
-- Disallow all access
-- Disallow access to HBI assets
+- Disallow all access.
+- Disallow access to HBI assets.
- Allow conditional access based on other data points that are present at evaluation time. For example, other attributes on the health certificate, or a device's past activities and trust history.
- Take one of the previous actions and additionally place the device in a watch list to monitor the device more closely for potential risks.
@@ -911,21 +921,21 @@ Data Execution Prevention (DEP) Policy defines a set of hardware and software te
DEPPolicy can be disabled or enabled by using the following commands in WMI or a PowerShell script:
-- To disable DEP, type **bcdedit.exe /set {current} nx AlwaysOff**
-- To enable DEP, type **bcdedit.exe /set {current} nx AlwaysOn**
+- To disable DEP, type **bcdedit.exe /set {current} nx AlwaysOff**
+- To enable DEP, type **bcdedit.exe /set {current} nx AlwaysOn**
If DEPPolicy = 1 (On), then allow access.
If DEPPolicy = 0 (Off), then take one of the following actions that align with your enterprise policies:
-- Disallow all access
-- Disallow access to HBI assets
-- Allow conditional access based on other data points that are present at evaluation time. For example, other attributes on the health certificate, or a device's past activities and trust history.
-- Take one of the previous actions and additionally place the device in a watch list to monitor the device more closely for potential risks.
+- Disallow all access.
+- Disallow access to HBI assets.
+- Allow conditional access based on other data points that are present at evaluation time. For example, other attributes on the health certificate, or a device's past activities and trust history.
+- Take one of the previous actions and additionally place the device in a watch list to monitor the device more closely for potential risks.
**BitLockerStatus** (at boot time)
-When BitLocker is reported "on" at boot time, the device is able to protect data that is stored on the drive from unauthorized access, when the system is turned off or goes to hibernation.
+When BitLocker is reported "on" at boot time, the device is able to protect data that is stored on the drive from unauthorized access, when the system is turned off or goes to hibernation.
Windows BitLocker Drive Encryption, encrypts all data stored on the Windows operating system volume. BitLocker uses the TPM to help protect the Windows operating system and user data and helps to ensure that a computer isn't tampered with, even if it's left unattended, lost, or stolen.
@@ -935,10 +945,10 @@ If BitLockerStatus = 1 (On), then allow access.
If BitLockerStatus = 0 (Off), then take one of the following actions that align with your enterprise policies:
-- Disallow all access
-- Disallow access to HBI assets
-- Allow conditional access based on other data points that are present at evaluation time. For example, other attributes on the health certificate, or a device's past activities and trust history.
-- Take one of the previous actions and additionally place the device in a watch list to monitor the device more closely for potential risks.
+- Disallow all access.
+- Disallow access to HBI assets.
+- Allow conditional access based on other data points that are present at evaluation time. For example, other attributes on the health certificate, or a device's past activities and trust history.
+- Take one of the previous actions and additionally place the device in a watch list to monitor the device more closely for potential risks.
**BootManagerRevListVersion**
@@ -946,12 +956,12 @@ This attribute indicates the version of the Boot Manager that is running on the
If BootManagerRevListVersion = [CurrentVersion], then allow access.
-If BootManagerRevListVersion != [CurrentVersion], then take one of the following actions that align with your enterprise policies:
+If `BootManagerRevListVersion !`= [CurrentVersion], then take one of the following actions that align with your enterprise policies:
-- Disallow all access
-- Disallow access to HBI and MBI assets
-- Place the device in a watch list to monitor the device more closely for potential risks.
-- Trigger a corrective action, such as informing the technical support team to contact the owner investigate the issue.
+- Disallow all access.
+- Disallow access to HBI and MBI assets.
+- Place the device in a watch list to monitor the device more closely for potential risks.
+- Trigger a corrective action, such as informing the technical support team to contact the owner investigate the issue.
**CodeIntegrityRevListVersion**
@@ -959,12 +969,12 @@ This attribute indicates the version of the code that is performing integrity ch
If CodeIntegrityRevListVersion = [CurrentVersion], then allow access.
-If CodeIntegrityRevListVersion != [CurrentVersion], then take one of the following actions that align with your enterprise policies:
+If `CodeIntegrityRevListVersion !`= [CurrentVersion], then take one of the following actions that align with your enterprise policies:
-- Disallow all access
-- Disallow access to HBI and MBI assets
-- Place the device in a watch list to monitor the device more closely for potential risks.
-- Trigger a corrective action, such as informing the technical support team to contact the owner investigate the issue.
+- Disallow all access.
+- Disallow access to HBI and MBI assets.
+- Place the device in a watch list to monitor the device more closely for potential risks.
+- Trigger a corrective action, such as informing the technical support team to contact the owner investigate the issue.
**SecureBootEnabled**
@@ -974,10 +984,10 @@ If SecureBootEnabled = 1 (True), then allow access.
If SecurebootEnabled = 0 (False), then take one of the following actions that align with your enterprise policies:
-- Disallow all access
-- Disallow access to HBI assets
-- Allow conditional access based on other data points that are present at evaluation time. For example, other attributes on the health certificate, or a device's past activities and trust history.
-- Take one of the previous actions and additionally place the device in a watch list to monitor the device more closely for potential risks.
+- Disallow all access.
+- Disallow access to HBI assets.
+- Allow conditional access based on other data points that are present at evaluation time. For example, other attributes on the health certificate, or a device's past activities and trust history.
+- Take one of the previous actions and additionally place the device in a watch list to monitor the device more closely for potential risks.
**BootDebuggingEnabled**
@@ -985,17 +995,17 @@ Boot debug-enabled points to a device that is used in development and testing. D
Boot debugging can be disabled or enabled by using the following commands in WMI or a PowerShell script:
-- To disable boot debugging, type **bcdedit.exe /set {current} bootdebug off**
-- To enable boot debugging, type **bcdedit.exe /set {current} bootdebug on**
+- To disable boot debugging, type **bcdedit.exe /set {current} bootdebug off**.
+- To enable boot debugging, type **bcdedit.exe /set {current} bootdebug on**.
If BootdebuggingEnabled = 0 (False), then allow access.
If BootDebuggingEnabled = 1 (True), then take one of the following actions that align with your enterprise policies:
-- Disallow all access
-- Disallow access to HBI assets
-- Place the device in a watch list to monitor the device more closely for potential risks.
-- Trigger a corrective action, such as enabling VSM using WMI or a PowerShell script.
+- Disallow all access.
+- Disallow access to HBI assets.
+- Place the device in a watch list to monitor the device more closely for potential risks.
+- Trigger a corrective action, such as enabling VSM using WMI or a PowerShell script.
**OSKernelDebuggingEnabled**
@@ -1005,10 +1015,10 @@ If OSKernelDebuggingEnabled = 0 (False), then allow access.
If OSKernelDebuggingEnabled = 1 (True), then take one of the following actions that align with your enterprise policies:
-- Disallow all access
-- Disallow access to HBI assets
-- Place the device in a watch list to monitor the device more closely for potential risks.
-- Trigger a corrective action, such as informing the technical support team to contact the owner investigate the issue.
+- Disallow all access.
+- Disallow access to HBI assets.
+- Place the device in a watch list to monitor the device more closely for potential risks.
+- Trigger a corrective action, such as informing the technical support team to contact the owner investigate the issue.
**CodeIntegrityEnabled**
@@ -1022,10 +1032,10 @@ If CodeIntegrityEnabled = 1 (True), then allow access.
If CodeIntegrityEnabled = 0 (False), then take one of the following actions that align with your enterprise policies:
-- Disallow all access
-- Disallow access to HBI assets
-- Allow conditional access based on other data points that are present at evaluation time. For example, other attributes on the health certificate, or a device's past activities and trust history.
-- Take one of the previous actions and additionally place the device in a watch list to monitor the device more closely for potential risks.
+- Disallow all access.
+- Disallow access to HBI assets.
+- Allow conditional access based on other data points that are present at evaluation time. For example, other attributes on the health certificate, or a device's past activities and trust history.
+- Take one of the previous actions and additionally place the device in a watch list to monitor the device more closely for potential risks.
**TestSigningEnabled**
@@ -1033,17 +1043,17 @@ When test signing is enabled, the device doesn't enforce signature validation du
Test signing can be disabled or enabled by using the following commands in WMI or a PowerShell script:
-- To disable boot debugging, type **bcdedit.exe /set {current} testsigning off**
-- To enable boot debugging, type **bcdedit.exe /set {current} testsigning on**
+- To disable boot debugging, type **bcdedit.exe /set {current} testsigning off**.
+- To enable boot debugging, type **bcdedit.exe /set {current} testsigning on**.
If TestSigningEnabled = 0 (False), then allow access.
If TestSigningEnabled = 1 (True), then take one of the following actions that align with your enterprise policies:
-- Disallow all access
-- Disallow access to HBI and MBI assets
-- Place the device in a watch list to monitor the device more closely for potential risks.
-- Trigger a corrective action, such as enabling test signing using WMI or a PowerShell script.
+- Disallow all access.
+- Disallow access to HBI and MBI assets.
+- Place the device in a watch list to monitor the device more closely for potential risks.
+- Trigger a corrective action, such as enabling test signing using WMI or a PowerShell script.
**SafeMode**
@@ -1053,9 +1063,9 @@ If SafeMode = 0 (False), then allow access.
If SafeMode = 1 (True), then take one of the following actions that align with your enterprise policies:
-- Disallow all access
-- Disallow access to HBI assets
-- Trigger a corrective action, such as informing the technical support team to contact the owner investigate the issue.
+- Disallow all access.
+- Disallow access to HBI assets.
+- Trigger a corrective action, such as informing the technical support team to contact the owner investigate the issue.
**WinPE**
@@ -1067,7 +1077,7 @@ If WinPE = 1 (True), then limit access to remote resources that are required for
**ELAMDriverLoaded** (Windows Defender)
-To use this reporting feature, you must disable "Hybrid Resume" on the device. Early launch anti-malware (ELAM) provides protection for the computers in your network when they start up and before third-party drivers initialize.
+To use this reporting feature, you must disable "Hybrid Resume" on the device. Early launch anti-malware (ELAM) provides protection for the computers in your network when they start up and before third-party drivers initialize.
In the current release, this attribute only monitors/reports if a Microsoft first-party ELAM (Windows Defender) was loaded during initial boot.
@@ -1077,9 +1087,9 @@ If a device is expected to use Windows Defender and ELAMDriverLoaded = 1 (True),
If a device is expected to use Windows Defender and ELAMDriverLoaded = 0 (False), then take one of the following actions that align with your enterprise policies:
-- Disallow all access
-- Disallow access to HBI assets
-- Trigger a corrective action, such as informing the technical support team to contact the owner investigate the issue.
+- Disallow all access.
+- Disallow access to HBI assets.
+- Trigger a corrective action, such as informing the technical support team to contact the owner investigate the issue.
**Bcdedit.exe /set {current} vsmlaunchtype auto**
@@ -1087,9 +1097,9 @@ If ELAMDriverLoaded = 1 (True), then allow access.
If ELAMDriverLoaded = 0 (False), then take one of the following actions that align with your enterprise policies:
-- Disallow all access
-- Disallow access to HBI assets
-- Trigger a corrective action, such as informing the technical support team to contact the owner investigate the issue.
+- Disallow all access.
+- Disallow access to HBI assets.
+- Trigger a corrective action, such as informing the technical support team to contact the owner investigate the issue.
**VSMEnabled**
@@ -1102,8 +1112,8 @@ VSM can be enabled by using the following command in WMI or a PowerShell script:
If VSMEnabled = 1 (True), then allow access.
If VSMEnabled = 0 (False), then take one of the following actions that align with your enterprise policies:
-- Disallow all access
-- Disallow access to HBI assets
+- Disallow all access.
+- Disallow access to HBI assets.
- Trigger a corrective action, such as informing the technical support team to contact the owner investigate the issue
**PCRHashAlgorithmID**
@@ -1118,7 +1128,7 @@ If reported BootAppSVN equals an accepted value, then allow access.
If reported BootAppSVN doesn't equal an accepted value, then take one of the following actions that align with your enterprise policies:
-- Disallow all access
+- Disallow all access.
- Direct the device to an enterprise honeypot, to further monitor the device's activities.
**BootManagerSVN**
@@ -1129,7 +1139,7 @@ If reported BootManagerSVN equals an accepted value, then allow access.
If reported BootManagerSVN doesn't equal an accepted value, then take one of the following actions that align with your enterprise policies:
-- Disallow all access
+- Disallow all access.
- Direct the device to an enterprise honeypot, to further monitor the device's activities.
**TPMVersion**
@@ -1153,13 +1163,12 @@ The measurement that is captured in PCR[0] typically represents a consistent vie
Enterprise managers can create an allowlist of trusted PCR[0] values, compare the PCR[0] value of the managed devices (the value that is verified and reported by HAS) with the allowlist, and then make a trust decision based on the result of the comparison.
If your enterprise doesn't have an allowlist of accepted PCR[0] values, then take no action.
-
If PCR[0] equals an accepted allowlist value, then allow access.
If PCR[0] doesn't equal any accepted listed value, then take one of the following actions that align with your enterprise policies:
-- Disallow all access
-- Direct the device to an enterprise honeypot, to further monitor the device's activities.
+- Disallow all access.
+- Direct the device to an enterprise honeypot, to further monitor the device's activities.
**SBCPHash**
@@ -1169,7 +1178,7 @@ If SBCPHash isn't present, or is an accepted allow-listed value, then allow acce
If SBCPHash is present in DHA-Report, and isn't an allowlisted value, then take one of the following actions that align with your enterprise policies:
-- Disallow all access
+- Disallow all access.
- Place the device in a watch list to monitor the device more closely for potential risks.
**CIPolicy**
@@ -1180,7 +1189,7 @@ If CIPolicy isn't present, or is an accepted allow-listed value, then allow acce
If CIPolicy is present and isn't an allow-listed value, then take one of the following actions that align with your enterprise policies:
-- Disallow all access
+- Disallow all access.
- Place the device in a watch list to monitor the device more closely for potential risks.
**BootRevListInfo**
@@ -1191,7 +1200,7 @@ If reported BootRevListInfo version equals an accepted value, then allow access.
If reported BootRevListInfo version doesn't equal an accepted value, then take one of the following actions that align with your enterprise policies:
-- Disallow all access
+- Disallow all access.
- Direct the device to an enterprise honeypot, to further monitor the device's activities.
**OSRevListInfo**
@@ -1202,7 +1211,7 @@ If reported OSRevListInfo version equals an accepted value, then allow access.
If reported OSRevListInfo version doesn't equal an accepted value, then take one of the following actions that align with your enterprise policies:
-- Disallow all access
+- Disallow all access.
- Direct the device to an enterprise honeypot, to further monitor the device's activities.
**HealthStatusMismatchFlags**
diff --git a/windows/client-management/mdm/healthattestation-ddf.md b/windows/client-management/mdm/healthattestation-ddf.md
index 6272e91bf1..65cf48aeb7 100644
--- a/windows/client-management/mdm/healthattestation-ddf.md
+++ b/windows/client-management/mdm/healthattestation-ddf.md
@@ -1,7 +1,6 @@
---
title: HealthAttestation DDF
description: Learn about the OMA DM device description framework (DDF) for the HealthAttestation configuration service provider.
-ms.assetid: D20AC78D-D2D4-434B-B9FD-294BCD9D1DDE
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/images/configlock-mem-firmwareprotect.png b/windows/client-management/mdm/images/configlock-mem-firmwareprotect.png
index 1e315bc4b1..d134a5fcb2 100644
Binary files a/windows/client-management/mdm/images/configlock-mem-firmwareprotect.png and b/windows/client-management/mdm/images/configlock-mem-firmwareprotect.png differ
diff --git a/windows/client-management/mdm/implement-server-side-mobile-application-management.md b/windows/client-management/mdm/implement-server-side-mobile-application-management.md
index 35bed03a19..e17aa75f60 100644
--- a/windows/client-management/mdm/implement-server-side-mobile-application-management.md
+++ b/windows/client-management/mdm/implement-server-side-mobile-application-management.md
@@ -80,17 +80,17 @@ Since the [Poll](dmclient-csp.md#provider-providerid-poll) node isn’t provided
MAM on Windows supports the following configuration service providers (CSPs). All other CSPs will be blocked. Note the list may change later based on customer feedback:
-- [AppLocker CSP](applocker-csp.md) for configuration of WIP enterprise allowed apps.
+- [AppLocker CSP](applocker-csp.md) for configuration of Windows Information Protection enterprise allowed apps.
- [ClientCertificateInstall CSP](clientcertificateinstall-csp.md) for installing VPN and Wi-Fi certs.
- [DeviceStatus CSP](devicestatus-csp.md) required for Conditional Access support (starting with Windows 10, version 1703).
- [DevInfo CSP](devinfo-csp.md).
- [DMAcc CSP](dmacc-csp.md).
- [DMClient CSP](dmclient-csp.md) for polling schedules configuration and MDM discovery URL.
-- [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md) has WIP policies.
+- [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md) has Windows Information Protection policies.
- [Health Attestation CSP](healthattestation-csp.md) required for Conditional Access support (starting with Windows 10, version 1703).
- [PassportForWork CSP](passportforwork-csp.md) for Windows Hello for Business PIN management.
- [Policy CSP](policy-configuration-service-provider.md) specifically for NetworkIsolation and DeviceLock areas.
-- [Reporting CSP](reporting-csp.md) for retrieving WIP logs.
+- [Reporting CSP](reporting-csp.md) for retrieving Windows Information Protection logs.
- [RootCaTrustedCertificates CSP](rootcacertificates-csp.md).
- [VPNv2 CSP](vpnv2-csp.md) should be omitted for deployments where IT is planning to allow access and protect cloud-only resources with MAM.
- [WiFi CSP](wifi-csp.md) should be omitted for deployments where IT is planning to allow access and protect cloud-only resources with MAM.
@@ -116,13 +116,13 @@ MAM policy syncs are modeled after MDM. The MAM client uses an Azure AD token to
Windows doesn't support applying both MAM and MDM policies to the same devices. If configured by the admin, users can change their MAM enrollment to MDM.
> [!NOTE]
-> When users upgrade from MAM to MDM on Windows Home edition, they lose access to WIP. On Windows Home edition, we don't recommend pushing MDM policies to enable users to upgrade.
+> When users upgrade from MAM to MDM on Windows Home edition, they lose access to Windows Information Protection. On Windows Home edition, we don't recommend pushing MDM policies to enable users to upgrade.
To configure MAM device for MDM enrollment, the admin needs to configure the MDM Discovery URL in the DMClient CSP. This URL will be used for MDM enrollment.
-In the process of changing MAM enrollment to MDM, MAM policies will be removed from the device after MDM policies have been successfully applied. Normally when WIP policies are removed from the device, the user’s access to WIP-protected documents is revoked (selective wipe) unless EDP CSP RevokeOnUnenroll is set to false. To prevent selective wipe on enrollment change from MAM to MDM, the admin needs to ensure that:
+In the process of changing MAM enrollment to MDM, MAM policies will be removed from the device after MDM policies have been successfully applied. Normally when Windows Information Protection policies are removed from the device, the user’s access to WIP-protected documents is revoked (selective wipe) unless EDP CSP RevokeOnUnenroll is set to false. To prevent selective wipe on enrollment change from MAM to MDM, the admin needs to ensure that:
-- Both MAM and MDM policies for the organization support WIP.
+- Both MAM and MDM policies for the organization support Windows Information Protection.
- EDP CSP Enterprise ID is the same for both MAM and MDM.
- EDP CSP RevokeOnMDMHandoff is set to false.
diff --git a/windows/client-management/mdm/index.md b/windows/client-management/mdm/index.md
index 7fe9cd95eb..5bd11c744d 100644
--- a/windows/client-management/mdm/index.md
+++ b/windows/client-management/mdm/index.md
@@ -1,28 +1,28 @@
---
title: Mobile device management
-description: Windows 10 and Windows 11 provides an enterprise-level solution to mobile management, to help IT pros comply with security policies while avoiding compromise of user's privacy
+description: Windows 10 and Windows 11 provide an enterprise-level solution to mobile management, to help IT pros comply with security policies while avoiding compromise of user's privacy.
MS-HAID:
- 'p\_phDeviceMgmt.provisioning\_and\_device\_management'
- 'p\_phDeviceMgmt.mobile\_device\_management\_windows\_mdm'
-ms.assetid: 50ac90a7-713e-4487-9cb9-b6d6fdaa4e5b
-ms.author: dansimp
-ms.topic: article
+ms.topic: overview
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: aczechowski
+ms.author: aaroncz
ms.collection: highpri
+ms.date: 06/03/2022
---
# Mobile device management
-Windows 10 and Windows 11 provides an enterprise management solution to help IT pros manage company security policies and business applications, while avoiding compromise of the users' privacy on their personal devices. A built-in management component can communicate with the management server.
+Windows 10 and Windows 11 provide an enterprise management solution to help IT pros manage company security policies and business applications, while avoiding compromise of the users' privacy on their personal devices. A built-in management component can communicate with the management server.
-There are two parts to the Windows management component:
+There are two parts to the Windows management component:
-- The enrollment client, which enrolls and configures the device to communicate with the enterprise management server.
-- The management client, which periodically synchronizes with the management server to check for updates and apply the latest policies set by IT.
+- The enrollment client, which enrolls and configures the device to communicate with the enterprise management server.
+- The management client, which periodically synchronizes with the management server to check for updates and apply the latest policies set by IT.
-Third-party MDM servers can manage Windows 10 by using the MDM protocol. The built-in management client is able to communicate with a third-party server proxy that supports the protocols outlined in this document to perform enterprise management tasks. The third-party server will have the same consistent first-party user experience for enrollment, which also provides simplicity for Windows 10 users. MDM servers don't need to create or download a client to manage Windows 10. For details about the MDM protocols, see [\[MS-MDM\]: Mobile Device Management Protocol](/openspecs/windows_protocols/ms-mdm/33769a92-ac31-47ef-ae7b-dc8501f7104f) and [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2](/openspecs/windows_protocols/ms-mde2/4d7eadd5-3951-4f1c-8159-c39e07cbe692).
+Third-party MDM servers can manage Windows 10 by using the MDM protocol. The built-in management client is able to communicate with a third-party server proxy that supports the protocols outlined in this document to perform enterprise management tasks. The third-party server will have the same consistent first-party user experience for enrollment, which also provides simplicity for Windows 10 users. MDM servers don't need to create or download a client to manage Windows 10. For details about the MDM protocols, see [\[MS-MDM\]: Mobile Device Management Protocol](/openspecs/windows_protocols/ms-mdm/33769a92-ac31-47ef-ae7b-dc8501f7104f) and [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2](/openspecs/windows_protocols/ms-mde2/4d7eadd5-3951-4f1c-8159-c39e07cbe692).
## MDM security baseline
@@ -37,7 +37,7 @@ The MDM security baseline includes policies that cover the following areas:
- Legacy technology policies that offer alternative solutions with modern technology
- And much more
-For more details about the MDM policies defined in the MDM security baseline and what Microsoft's recommended baseline policy values are, see:
+For more information about the MDM policies defined in the MDM security baseline and what Microsoft's recommended baseline policy values are, see:
- [MDM Security baseline for Windows 11](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/Windows11-MDM-SecurityBaseLine-Document.zip)
- [MDM Security baseline for Windows 10, version 2004](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/2004-MDM-SecurityBaseLine-Document.zip)
@@ -48,37 +48,27 @@ For more details about the MDM policies defined in the MDM security baseline and
For information about the MDM policies defined in the Intune security baseline, see [Windows security baseline settings for Intune](/mem/intune/protect/security-baseline-settings-mdm-all).
-
-
-## Learn about migrating to MDM
-
-When an organization wants to move to MDM to manage devices, they should prepare by analyzing their current Group Policy settings to see what they need to transition to MDM management. Microsoft created the [MDM Migration Analysis Tool](https://aka.ms/mmat/) (MMAT) to help. MMAT determines which Group Policies have been set for a target user or computer and then generates a report that lists the level of support for each policy setting in MDM equivalents. For more information, see [MMAT Instructions](https://github.com/WindowsDeviceManagement/MMAT/blob/master/MDM%20Migration%20Analysis%20Tool%20Instructions.pdf).
-
-
## Learn about device enrollment
-
-- [Mobile device enrollment](mobile-device-enrollment.md)
-- [Federated authentication device enrollment](federated-authentication-device-enrollment.md)
-- [Certificate authentication device enrollment](certificate-authentication-device-enrollment.md)
-- [On-premise authentication device enrollment](on-premise-authentication-device-enrollment.md)
+- [Mobile device enrollment](mobile-device-enrollment.md)
+- [Federated authentication device enrollment](federated-authentication-device-enrollment.md)
+- [Certificate authentication device enrollment](certificate-authentication-device-enrollment.md)
+- [On-premise authentication device enrollment](on-premise-authentication-device-enrollment.md)
## Learn about device management
-
-- [Azure Active Directory integration with MDM](azure-active-directory-integration-with-mdm.md)
-- [Enterprise app management](enterprise-app-management.md)
-- [Mobile device management (MDM) for device updates](device-update-management.md)
-- [Enable offline upgrades to Windows 10 for Windows Embedded 8.1 Handheld devices](enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md)
-- [OMA DM protocol support](oma-dm-protocol-support.md)
-- [Structure of OMA DM provisioning files](structure-of-oma-dm-provisioning-files.md)
-- [Server requirements for OMA DM](server-requirements-windows-mdm.md)
-- [Enterprise settings, policies, and app management](windows-mdm-enterprise-settings.md)
+- [Azure Active Directory integration with MDM](azure-active-directory-integration-with-mdm.md)
+- [Enterprise app management](enterprise-app-management.md)
+- [Mobile device management (MDM) for device updates](device-update-management.md)
+- [Enable offline upgrades to Windows 10 for Windows Embedded 8.1 Handheld devices](enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md)
+- [OMA DM protocol support](oma-dm-protocol-support.md)
+- [Structure of OMA DM provisioning files](structure-of-oma-dm-provisioning-files.md)
+- [Server requirements for OMA DM](server-requirements-windows-mdm.md)
+- [Enterprise settings, policies, and app management](windows-mdm-enterprise-settings.md)
## Learn about configuration service providers
-
-- [Configuration service provider reference](configuration-service-provider-reference.md)
-- [WMI providers supported in Windows 10](wmi-providers-supported-in-windows.md)
-- [Using PowerShell scripting with the WMI Bridge Provider](using-powershell-scripting-with-the-wmi-bridge-provider.md)
-- [MDM Bridge WMI Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal)
+- [Configuration service provider reference](configuration-service-provider-reference.md)
+- [WMI providers supported in Windows 10](wmi-providers-supported-in-windows.md)
+- [Using PowerShell scripting with the WMI Bridge Provider](using-powershell-scripting-with-the-wmi-bridge-provider.md)
+- [MDM Bridge WMI Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal)
diff --git a/windows/client-management/mdm/management-tool-for-windows-store-for-business.md b/windows/client-management/mdm/management-tool-for-windows-store-for-business.md
index d210a1ee7e..c472c83092 100644
--- a/windows/client-management/mdm/management-tool-for-windows-store-for-business.md
+++ b/windows/client-management/mdm/management-tool-for-windows-store-for-business.md
@@ -4,7 +4,6 @@ description: The Microsoft Store for Business has a new web service designed for
MS-HAID:
- 'p\_phdevicemgmt.business\_store\_portal\_management\_tool'
- 'p\_phDeviceMgmt.management\_tool\_for\_windows\_store\_for\_business'
-ms.assetid: 0E39AE85-1703-4B24-9A7F-831C6455068F
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md b/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
index 632623eed5..ddd397d1dc 100644
--- a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
+++ b/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
@@ -4,7 +4,6 @@ description: Learn about mobile device management (MDM) enrollment of Windows 10
MS-HAID:
- 'p\_phdevicemgmt.enrollment\_ui'
- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices'
-ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -274,7 +273,7 @@ The deep link used for connecting your device to work will always use the follow
| Parameter | Description | Supported Value for Windows 10|
|-----------|--------------------------------------------------------------|----------------------------------------------|
-| mode | Describes which mode will be executed in the enrollment app. Added in Windows 10, version 1607| Mobile Device Management (MDM), Adding Work Account (AWA), and Azure Active Directory Joined (AADJ). |
+| mode | Describes which mode will be executed in the enrollment app. Added in Windows 10, version 1607| Mobile Device Management (MDM), Adding Work Account (AWA), and Azure Active Directory-joined. |
|username | Specifies the email address or UPN of the user who should be enrolled into MDM. Added in Windows 10, version 1703. | string |
| servername | Specifies the MDM server URL that will be used to enroll the device. Added in Windows 10, version 1703. | string|
| accesstoken | Custom parameter for MDM servers to use as they see fit. Typically, this parameter's value can be used as a token to validate the enrollment request. Added in Windows 10, version 1703. | string |
@@ -283,7 +282,7 @@ The deep link used for connecting your device to work will always use the follow
| ownership | Custom parameter for MDM servers to use as they see fit. Typically, this parameter's value can be used to determine whether the device is BYOD or Corp Owned. Added in Windows 10, version 1703. | 1, 2, or 3. Where "1" means ownership is unknown, "2" means the device is personally owned, and "3" means the device is corporate-owned |
> [!NOTE]
-> AWA and AADJ values for mode are only supported on Windows 10, version 1709 and later.
+> AWA and Azure Active Directory-joined values for mode are only supported on Windows 10, version 1709 and later.
### Connect to MDM using a deep link
diff --git a/windows/client-management/mdm/messaging-csp.md b/windows/client-management/mdm/messaging-csp.md
deleted file mode 100644
index b50647fabd..0000000000
--- a/windows/client-management/mdm/messaging-csp.md
+++ /dev/null
@@ -1,113 +0,0 @@
----
-title: Messaging CSP
-description: Use the Messaging configuration service provider (CSP) to configure the ability to get text messages audited on a mobile device.
-ms.author: dansimp
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: dansimp
-ms.date: 06/26/2017
-ms.reviewer:
-manager: dansimp
----
-
-# Messaging CSP
-
-The Messaging configuration service provider is used to configure the ability to get text messages audited on a mobile device. This CSP was added in Windows 10, version 1703.
-
-The following shows the Messaging configuration service provider in tree format.
-
-```console
-./User/Vendor/MSFT
-Messaging
-----AuditingLevel
-----Auditing
---------Messages
-----------Count
-----------RevisionId
-----------Data
-```
-
-**./User/Vendor/MSFT/Messaging**
-
-
Root node for the Messaging configuration service provider.
-
-**AuditingLevel**
-
Turns on the "Text" auditing feature.
-
The following list shows the supported values:
-
-
0 (Default) - Off
-
1 - On
-
-
Supported operations are Get and Replace.
-
-**Auditing**
-
Node for auditing.
-
Supported operation is Get.
-
-**Messages**
-
Node for messages.
-
Supported operation is Get.
-
-**Count**
-
The number of messages to return in the Data setting. The default is 100.
-
Supported operations are Get and Replace.
-
-**RevisionId**
-
Retrieves messages whose revision ID is greater than RevisionId.
-
Supported operations are Get and Replace.
-
-**Data**
-
The JSON string of text messages on the device.
-
Supported operations are Get and Replace.
-
-
-**SyncML example**
-
-```xml
-
-
-
- 2
-
-
-
- ./User/Vendor/MSFT/Messaging/Auditing/Messages/Count
-
-
-
- int
- text/plain
-
- 100
-
-
-
- 3
-
-
-
- ./User/Vendor/MSFT/Messaging/Auditing/Messages/RevisionId
-
-
-
- chr
- text/plain
-
- 0
-
-
-
- 4
-
-
-
- ./User/Vendor/MSFT/Messaging/Auditing/Messages/Data
-
-
-
-
-
-
-
-```
diff --git a/windows/client-management/mdm/messaging-ddf.md b/windows/client-management/mdm/messaging-ddf.md
deleted file mode 100644
index efdad0e72a..0000000000
--- a/windows/client-management/mdm/messaging-ddf.md
+++ /dev/null
@@ -1,182 +0,0 @@
----
-title: Messaging DDF file
-description: Utilize the OMA DM device description framework (DDF) for the Messaging configuration service provider.
-ms.author: dansimp
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: dansimp
-ms.date: 12/05/2017
-ms.reviewer:
-manager: dansimp
----
-
-# Messaging DDF file
-
-This topic shows the OMA DM device description framework (DDF) for the Messaging configuration service provider. This CSP was added in Windows 10, version 1703.
-
-Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
-
-The XML below is the current version for this CSP.
-
-```xml
-
-]>
-
- 1.2
-
- Messaging
- ./User/Vendor/MSFT
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- AuditingLevel
-
-
-
-
-
- 0
- Turns on the 'Text' auditing feature. 0 = off, 1 = on
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- Auditing
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Messages
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Count
-
-
-
-
-
- 100
- Number of messages to return in the 'Data' element
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- RevisionId
-
-
-
-
-
- 0
- Retrieves messages whose revision id is greater than the 'RevisionId'
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- Data
-
-
-
-
- JSON string of 'text' messages on the device
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
-
-
-
-
-```
diff --git a/windows/client-management/mdm/mobile-device-enrollment.md b/windows/client-management/mdm/mobile-device-enrollment.md
index 7a55677360..b02ed00f8b 100644
--- a/windows/client-management/mdm/mobile-device-enrollment.md
+++ b/windows/client-management/mdm/mobile-device-enrollment.md
@@ -1,7 +1,6 @@
---
title: Mobile device enrollment
description: Learn how mobile device enrollment verifies that only authenticated and authorized devices can be managed by their enterprise.
-ms.assetid: 08C8B3DB-3263-414B-A368-F47B94F47A11
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/multisim-csp.md b/windows/client-management/mdm/multisim-csp.md
index aa2284255f..3a2861bbf1 100644
--- a/windows/client-management/mdm/multisim-csp.md
+++ b/windows/client-management/mdm/multisim-csp.md
@@ -13,6 +13,16 @@ manager: dansimp
# MultiSIM CSP
+The table below shows the applicability of Windows:
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
The MultiSIM configuration service provider (CSP) is used by the enterprise to manage devices with dual SIM single active configuration. An enterprise can set policies on whether that user can switch between SIM slots, specify which slot is the default, and whether the slot is embedded. This CSP was added in Windows 10, version 1803.
diff --git a/windows/client-management/mdm/nap-csp.md b/windows/client-management/mdm/nap-csp.md
index c29289fd2b..f2e5e008b4 100644
--- a/windows/client-management/mdm/nap-csp.md
+++ b/windows/client-management/mdm/nap-csp.md
@@ -1,7 +1,6 @@
---
title: NAP CSP
description: Learn how the Network Access Point (NAP) configuration service provider (CSP) is used to manage and query GPRS and CDMA connections.
-ms.assetid: 82f04492-88a6-4afd-af10-a62b8d444d21
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,6 +13,17 @@ ms.date: 06/26/2017
# NAP CSP
+The table below shows the applicability of Windows:
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
The NAP (Network Access Point) Configuration Service Provider is used to manage and query GPRS and CDMA connections.
> [!Note]
@@ -67,7 +77,7 @@ Root node.
***NAPX***
Required. Defines the name of the network access point.
-It's recommended that this element name is specified as a numbered node beginning at zero. For example, to provision two network access points, use "NAP0" and "NAP1" as the element names. Any unique name can be used if desired (such as "GPRS-NAP"), but no spaces may appear in the name (use %20 instead).
+It is recommended that this element name is specified as a numbered node beginning at zero. For example, to provision two network access points, use "NAP0" and "NAP1" as the element names. Any unique name can be used if desired (such as "GPRS-NAP"), however, no spaces may appear in the name (use %20 instead).
***NAPX*/NAPID**
Required. Specifies the identifier of the destination network.
@@ -97,7 +107,7 @@ The following table shows some commonly used ADDRTYPE values and the types of co
Optional node. Specifies the authentication information, including the protocol, user name, and password.
***NAPX*/AuthInfo/AuthType**
-Optional. Specifies the method of authentication. Some supported protocols are PAP, CHAP, HTTP-BASIC, HTTP-DIGEST, WTLS-SS, MD5.
+Optional. Specifies the method of authentication. Some supported protocols are PAP, CHAP, HTTP-BASIC, HTTP-DIGEST, WTLS-SS, and MD5.
***NAPX*/AuthInfo/AuthName**
Optional. Specifies the user name and domain to be used during authentication. This field is in the form *Domain*\\*UserName*.
@@ -111,7 +121,8 @@ Queries of this field will return a string composed of 16 asterisks (\*).
Node.
***NAPX*/Bearer/BearerType**
-Required. Specifies the network type of the destination network. This parameter's value can be set to GPRS, CDMA2000, WCDMA, TDMA, CSD, DTPT, WiFi.
+
+Required. Specifies the network type of the destination network. This can be set to GPRS, CDMA2000, WCDMA, TDMA, CSD, DTPT, and Wi-Fi.
## Related articles
diff --git a/windows/client-management/mdm/napdef-csp.md b/windows/client-management/mdm/napdef-csp.md
index 075e0f6619..c93d4789ae 100644
--- a/windows/client-management/mdm/napdef-csp.md
+++ b/windows/client-management/mdm/napdef-csp.md
@@ -1,7 +1,6 @@
---
title: NAPDEF CSP
description: Learn how the NAPDEF configuration service provider (CSP) is used to add, modify, or delete WAP network access points (NAPs).
-ms.assetid: 9bcc65dd-a72b-4f90-aba7-4066daa06988
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,7 +13,18 @@ ms.date: 06/26/2017
# NAPDEF CSP
-The NAPDEF configuration service provider is used to add, modify, or delete WAP network access points (NAPs). For complete information about these settings, see the standard WAP specification WAP-183-ProvCont-20010724-a.
+The table below shows the applicability of Windows:
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+The NAPDEF configuration service provider is used to add, modify, or delete WAP Network Access Points (NAPs). For complete information about these settings, see the standard WAP specification WAP-183-ProvCont-20010724-a.
> [!Note]
> You cannot use NAPDEF CSP on the desktop to update the Push Proxy Gateway (PPG) list.
@@ -71,7 +81,7 @@ A query of this parameter returns asterisks (\*) in the results.
**AUTHTYPE**
Specifies the protocol used to authenticate the user.
-The only permitted values for this element are "POP" (Password Authentication Protocol) and "CHAP" (Challenge Handshake Authentication Protocol) authentication protocols. Note
+The only permitted values for this element are "POP" (Password Authentication Protocol) and "CHAP" (Challenge Handshake Authentication Protocol) authentication protocols.
> [!Note]
> **AuthName** and **AuthSecret** are not created if **AuthType** isn't included in the initial device configuration. **AuthName** and **AuthSecret** cannot be changed if **AuthType** isn't included in the provisioning XML used to make the change.
diff --git a/windows/client-management/mdm/networkproxy-csp.md b/windows/client-management/mdm/networkproxy-csp.md
index 743fe416fa..47b33480b1 100644
--- a/windows/client-management/mdm/networkproxy-csp.md
+++ b/windows/client-management/mdm/networkproxy-csp.md
@@ -13,11 +13,22 @@ manager: dansimp
# NetworkProxy CSP
+The table below shows the applicability of Windows:
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
The NetworkProxy configuration service provider (CSP) is used to configure a proxy server for ethernet and Wi-Fi connections. These settings do not apply to VPN connections. This CSP was added in Windows 10, version 1703.
How the settings work:
-- If auto-detect is enabled, the system tries to find the path to a proxy auto config (PAC) script and download it.
+- If auto-detect is enabled, the system tries to find the path to a Proxy Auto Config (PAC) script and download it.
- If #1 fails and a setup script is specified, the system tries to download the explicitly configured PAC script.
- If #2 fails and a proxy server is specified, the system tries to use the explicitly configured proxy server.
- Otherwise, the system tries to reach the site directly.
diff --git a/windows/client-management/mdm/networkqospolicy-csp.md b/windows/client-management/mdm/networkqospolicy-csp.md
index cf15fbcacc..5f455a3e9c 100644
--- a/windows/client-management/mdm/networkqospolicy-csp.md
+++ b/windows/client-management/mdm/networkqospolicy-csp.md
@@ -13,6 +13,17 @@ manager: dansimp
# NetworkQoSPolicy CSP
+The table below shows the applicability of Windows:
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
The NetworkQoSPolicy configuration service provider creates network Quality of Service (QoS) policies. A QoS policy performs a set of actions on network traffic based on a set of matching conditions. This CSP was added in Windows 10, version 1703.
The following conditions are supported:
@@ -71,7 +82,7 @@ NetworkQoSPolicy
The supported operations are Add, Get, Delete, and Replace.
***Name*/AppPathNameMatchCondition**
-
Specifies the name of an application to be used to match the network traffic, such as application.exe or %ProgramFiles%\application.exe.
+
Specifies the name of an application to be used to match the network traffic, such as `application.exe` or `%ProgramFiles%\application.exe`.
The data type is char.
@@ -111,7 +122,7 @@ NetworkQoSPolicy
The supported operations are Add, Get, Delete, and Replace.
***Name*/DSCPAction**
-
The differentiated services code point (DSCP) value to apply to matching network traffic.
+
The Differentiated Services Code Point (DSCP) value to apply to matching network traffic.
Valid values are 0-63.
diff --git a/windows/client-management/mdm/networkqospolicy-ddf.md b/windows/client-management/mdm/networkqospolicy-ddf.md
index 379f5051ca..0ba34a7805 100644
--- a/windows/client-management/mdm/networkqospolicy-ddf.md
+++ b/windows/client-management/mdm/networkqospolicy-ddf.md
@@ -1,7 +1,6 @@
---
title: NetworkQoSPolicy DDF
description: View the OMA DM device description framework (DDF) for the NetworkQoSPolicy configuration service provider. DDF files are used only with OMA DM provisioning XML.
-ms.assetid:
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index 90157cf9e6..1c9068aa93 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -4,7 +4,6 @@ description: Discover what's new and breaking changes in Windows 10 and Windows
MS-HAID:
- 'p\_phdevicemgmt.mdm\_enrollment\_and\_management\_overview'
- 'p\_phDeviceMgmt.new\_in\_windows\_mdm\_enrollment\_management'
-ms.assetid: 9C42064F-091C-4901-BC73-9ABE79EE4224
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -89,7 +88,7 @@ For information about EAP Settings, see .
+For more information about extended key usage, see .
For information about adding extended key usage (EKU) to a certificate, see .
@@ -250,7 +249,7 @@ Alternatively you can use the following procedure to create an EAP Configuration
After the MDM client automatically renews the WNS channel URI, the MDM client will immediately check-in with the MDM server. Henceforth, for every MDM client check-in, the MDM server should send a GET request for "ProviderID/Push/ChannelURI" to retrieve the latest channel URI and compare it with the existing channel URI; then update the channel URI if necessary.
-### User provisioning failure in Azure Active Directory joined Windows 10 and Windows 11 devices
+### User provisioning failure in Azure Active Directory-joined Windows 10 and Windows 11 devices
In Azure AD joined Windows 10 and Windows 11, provisioning /.User resources fails when the user isn't logged in as an Azure AD user. If you attempt to join Azure AD from **Settings** > **System** > **About** user interface, ensure to sign out and sign in with Azure AD credentials to get your organizational configuration from your MDM server. This behavior is by design.
@@ -270,7 +269,7 @@ The DM agent for [push-button reset](/windows-hardware/manufacture/desktop/push-
No. Only one MDM is allowed.
-### How do I set the maximum number of Azure Active Directory joined devices per user?
+### How do I set the maximum number of Azure Active Directory-joined devices per user?
1. Sign in to the portal as tenant admin: https://portal.azure.com.
2. Select Active Directory on the left pane.
diff --git a/windows/client-management/mdm/nodecache-csp.md b/windows/client-management/mdm/nodecache-csp.md
index 039ac5d742..09715dd733 100644
--- a/windows/client-management/mdm/nodecache-csp.md
+++ b/windows/client-management/mdm/nodecache-csp.md
@@ -1,7 +1,6 @@
---
title: NodeCache CSP
description: Use the NodeCache configuration service provider (CSP) to synchronize, monitor, and manage the client cache.
-ms.assetid: b4dd2b0d-79ef-42ac-ab5b-ee07b3097876
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,6 +13,16 @@ ms.date: 06/26/2017
# NodeCache CSP
+The table below shows the applicability of Windows:
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
The NodeCache configuration service provider is used to manage the client cache. This configuration service provider is to be used only by enterprise management servers. It provides a level of abstraction that decouples the management of the node list from a specific backing store. It synchronizes the client cache with the server side cache. It also provides an API for monitoring device-side cache changes.
@@ -72,7 +81,7 @@ NodeCache
Required. The root node for the NodeCache object. Supported operation is Get. This configuration service provider is used for enterprise device management only. This parameter's value is a predefined MIME type to identify this managed object in OMA DM syntax.
***ProviderID***
-Optional. Group settings per DM server. Each group of settings is distinguished by the server’s Provider ID. It should be the same DM server **PROVIDER-ID** value that was supplied through the [w7 APPLICATION configuration service provider](w7-application-csp.md) XML during the enrollment process. Only one enterprise management server is supported. That is, there should be only one *ProviderID* node under **NodeCache**. Scope is dynamic.
+Optional. Group settings per DM server. Each group of settings is distinguished by the server’s Provider ID. It should be the same DM server **PROVIDER-ID** value that was supplied through the [w7 APPLICATION configuration service provider](w7-application-csp.md) XML during the enrollment process. Only one enterprise management server is supported. That is, there should be only one **ProviderID** node under **NodeCache**. Scope is dynamic.
Supported operations are Get, Add, and Delete.
@@ -383,10 +392,11 @@ It represents this example:
U09NRU5FV1ZBTFVF
```
-Id is the node Id that was added by the MDM server, and Uri is the path that the node is tracking.
-If a Uri isn't set, the node will always be reported as changed, as in Node Id 10.
-The value inside of the node tag is the actual value returned by the Uri, which means that for Node Id 20 the DeviceName didn't match what was previously expected, and the device name is now U09NRU5FV1ZBTFVF instead of what it was previously.
+Id is the node ID that was added by the MDM server, and Uri is the path that the node is tracking.
+If a Uri is not set, the node will always be reported as changed, as in Node ID 10.
+
+The value inside of the node tag is the actual value returned by the Uri, which means that for Node ID 20 the DeviceName did not match what was previously expected, and the device name is now U09NRU5FV1ZBTFVF instead of what it was previously.
## Related topics
diff --git a/windows/client-management/mdm/nodecache-ddf-file.md b/windows/client-management/mdm/nodecache-ddf-file.md
index a344d5d843..e62ba59a21 100644
--- a/windows/client-management/mdm/nodecache-ddf-file.md
+++ b/windows/client-management/mdm/nodecache-ddf-file.md
@@ -1,7 +1,6 @@
---
title: NodeCache DDF file
description: Learn about the OMA DM device description framework (DDF) for the NodeCache configuration service provider (CSP).
-ms.assetid: d7605098-12aa-4423-89ae-59624fa31236
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/office-csp.md b/windows/client-management/mdm/office-csp.md
index 79204c2935..e3ee2537c2 100644
--- a/windows/client-management/mdm/office-csp.md
+++ b/windows/client-management/mdm/office-csp.md
@@ -13,6 +13,16 @@ manager: dansimp
# Office CSP
+The table below shows the applicability of Windows:
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
The Office configuration service provider (CSP) enables a Microsoft Office client to be installed on a device via the Office Deployment Tool (ODT). For more information, see [Configuration options for the Office Deployment Tool](/deployoffice/office-deployment-tool-configuration-options) and [How to assign Office 365 apps to Windows 10 devices with Microsoft Intune](/intune/apps-add-office365).
diff --git a/windows/client-management/mdm/office-ddf.md b/windows/client-management/mdm/office-ddf.md
index dedda7070e..05bf3efc0f 100644
--- a/windows/client-management/mdm/office-ddf.md
+++ b/windows/client-management/mdm/office-ddf.md
@@ -1,7 +1,6 @@
---
title: Office DDF
description: This topic shows the OMA DM device description framework (DDF) for the Office configuration service provider. DDF files are used only with OMA DM provisioning XML.
-ms.assetid:
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/oma-dm-protocol-support.md b/windows/client-management/mdm/oma-dm-protocol-support.md
index 04d615adff..0a6a1332c0 100644
--- a/windows/client-management/mdm/oma-dm-protocol-support.md
+++ b/windows/client-management/mdm/oma-dm-protocol-support.md
@@ -1,7 +1,6 @@
---
title: OMA DM protocol support
description: See how the OMA DM client communicates with the server over HTTPS and uses DM Sync (OMA DM v1.2) as the message payload.
-ms.assetid: e882aaae-447e-4bd4-9275-463824da4fa0
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/on-premise-authentication-device-enrollment.md b/windows/client-management/mdm/on-premise-authentication-device-enrollment.md
index 97f5528a43..4d789fb346 100644
--- a/windows/client-management/mdm/on-premise-authentication-device-enrollment.md
+++ b/windows/client-management/mdm/on-premise-authentication-device-enrollment.md
@@ -1,7 +1,6 @@
---
title: On-premises authentication device enrollment
description: This section provides an example of the mobile device enrollment protocol using on-premises authentication policy.
-ms.assetid: 626AC8B4-7575-4C41-8D59-185D607E3A47
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/passportforwork-csp.md b/windows/client-management/mdm/passportforwork-csp.md
index 21cc92b117..5c2ab3a0c1 100644
--- a/windows/client-management/mdm/passportforwork-csp.md
+++ b/windows/client-management/mdm/passportforwork-csp.md
@@ -1,7 +1,6 @@
---
title: PassportForWork CSP
description: The PassportForWork configuration service provider is used to provision Windows Hello for Business (formerly Microsoft Passport for Work).
-ms.assetid: 3BAE4827-5497-41EE-B47F-5C071ADB2C51
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,7 +13,19 @@ ms.date: 07/19/2019
# PassportForWork CSP
-The PassportForWork configuration service provider is used to provision Windows Hello for Business (formerly Microsoft Passport for Work). It allows you to sign in to Windows using your Active Directory or Azure Active Directory account and replace passwords, smartcards, and virtual smart cards.
+The table below shows the applicability of Windows:
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+The PassportForWork configuration service provider is used to provision Windows Hello for Business (formerly Microsoft Passport for Work). It allows you to log in to Windows using your Active Directory or Azure Active Directory account and replace passwords, smartcards, and virtual smart cards.
+
> [!IMPORTANT]
> Starting with Windows 10, version 1607 all devices only have one PIN associated with Windows Hello for Business. This means that any PIN on a device will be subject to the policies specified in the PassportForWork CSP. The values specified take precedence over any complexity rules set via Exchange ActiveSync (EAS) or the DeviceLock CSP.
diff --git a/windows/client-management/mdm/passportforwork-ddf.md b/windows/client-management/mdm/passportforwork-ddf.md
index c8bf22bdf1..0b43dbee05 100644
--- a/windows/client-management/mdm/passportforwork-ddf.md
+++ b/windows/client-management/mdm/passportforwork-ddf.md
@@ -1,7 +1,6 @@
---
title: PassportForWork DDF
description: View the OMA DM device description framework (DDF) for the PassportForWork configuration service provider. DDF files are used only with OMA DM provisioning XML.
-ms.assetid: A2182898-1577-4675-BAE5-2A3A9C2AAC9B
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/personalization-csp.md b/windows/client-management/mdm/personalization-csp.md
index ff76751aef..736959df4e 100644
--- a/windows/client-management/mdm/personalization-csp.md
+++ b/windows/client-management/mdm/personalization-csp.md
@@ -13,6 +13,17 @@ manager: dansimp
# Personalization CSP
+The table below shows the applicability of Windows:
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Windows SE|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
The Personalization CSP can set the lock screen and desktop background images. Setting these policies also prevents the user from changing the image. You can also use the Personalization settings in a provisioning package.
This CSP was added in Windows 10, version 1703.
diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
index 142d9058c1..61da8064e2 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
@@ -9,7 +9,7 @@ ms.prod: w10
ms.technology: windows
author: dansimp
ms.localizationpriority: medium
-ms.date: 03/01/2022
+ms.date: 06/06/2022
---
# Policies in Policy CSP supported by HoloLens 2
@@ -50,11 +50,15 @@ ms.date: 03/01/2022
- [DeviceLock/MinDevicePasswordLength](policy-csp-devicelock.md#devicelock-mindevicepasswordlength)
- [Experience/AllowCortana](policy-csp-experience.md#experience-allowcortana)
- [Experience/AllowManualMDMUnenrollment](policy-csp-experience.md#experience-allowmanualmdmunenrollment)
+- [MixedReality/AADGroupMembershipCacheValidityInDays](policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays)
- [MixedReality/AADGroupMembershipCacheValidityInDays](./policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays) 9
-- [MixedReality/AutoLogonUser](./policy-csp-mixedreality.md#mixedreality-autologonuser) 10
+- [MixedReality/AutoLogonUser](./policy-csp-mixedreality.md#mixedreality-autologonuser) 11
- [MixedReality/BrightnessButtonDisabled](./policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled) 9
+- [MixedReality/ConfigureMovingPlatform](policy-csp-mixedreality.md#mixedreality-configuremovingplatform) *[Feb. 2022 Servicing release](/hololens/hololens-release-notes#windows-holographic-version-21h2---february-2022-update)
- [MixedReality/FallbackDiagnostics](./policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics) 9
+- [MixedReality/HeadTrackingMode](policy-csp-mixedreality.md#mixedreality-headtrackingmode) 9
- [MixedReality/MicrophoneDisabled](./policy-csp-mixedreality.md#mixedreality-microphonedisabled) 9
+- [MixedReality/VisitorAutoLogon](policy-csp-mixedreality.md#mixedreality-visitorautologon) 10
- [MixedReality/VolumeButtonDisabled](./policy-csp-mixedreality.md#mixedreality-volumebuttondisabled) 9
- [Power/DisplayOffTimeoutOnBattery](./policy-csp-power.md#power-displayofftimeoutonbattery) 9
- [Power/DisplayOffTimeoutPluggedIn](./policy-csp-power.md#power-displayofftimeoutpluggedin) 9
@@ -102,13 +106,13 @@ ms.date: 03/01/2022
- [Update/ActiveHoursStart](./policy-csp-update.md#update-activehoursstart) 9
- [Update/AllowAutoUpdate](policy-csp-update.md#update-allowautoupdate)
- [Update/AllowUpdateService](policy-csp-update.md#update-allowupdateservice)
-- [Update/AutoRestartNotificationSchedule](policy-csp-update.md#update-autorestartnotificationschedule) 10
-- [Update/AutoRestartRequiredNotificationDismissal](policy-csp-update.md#update-autorestartrequirednotificationdismissal) 10
+- [Update/AutoRestartNotificationSchedule](policy-csp-update.md#update-autorestartnotificationschedule) 11
+- [Update/AutoRestartRequiredNotificationDismissal](policy-csp-update.md#update-autorestartrequirednotificationdismissal) 11
- [Update/BranchReadinessLevel](policy-csp-update.md#update-branchreadinesslevel)
-- [Update/ConfigureDeadlineForFeatureUpdates](policy-csp-update.md#update-configuredeadlineforfeatureupdates) 10
-- [Update/ConfigureDeadlineForQualityUpdates](policy-csp-update.md#update-configuredeadlineforqualityupdates) 10
-- [Update/ConfigureDeadlineGracePeriod](policy-csp-update.md#update-configuredeadlinegraceperiod) 10
-- [Update/ConfigureDeadlineNoAutoReboot](policy-csp-update.md#update-configuredeadlinenoautoreboot) 10
+- [Update/ConfigureDeadlineForFeatureUpdates](policy-csp-update.md#update-configuredeadlineforfeatureupdates) 11
+- [Update/ConfigureDeadlineForQualityUpdates](policy-csp-update.md#update-configuredeadlineforqualityupdates) 11
+- [Update/ConfigureDeadlineGracePeriod](policy-csp-update.md#update-configuredeadlinegraceperiod) 11
+- [Update/ConfigureDeadlineNoAutoReboot](policy-csp-update.md#update-configuredeadlinenoautoreboot) 11
- [Update/DeferFeatureUpdatesPeriodInDays](policy-csp-update.md#update-deferfeatureupdatesperiodindays)
- [Update/DeferQualityUpdatesPeriodInDays](policy-csp-update.md#update-deferqualityupdatesperiodindays)
- [Update/ManagePreviewBuilds](policy-csp-update.md#update-managepreviewbuilds)
@@ -116,10 +120,10 @@ ms.date: 03/01/2022
- [Update/PauseQualityUpdates](policy-csp-update.md#update-pausequalityupdates)
- [Update/ScheduledInstallDay](policy-csp-update.md#update-scheduledinstallday)
- [Update/ScheduledInstallTime](policy-csp-update.md#update-scheduledinstalltime)
-- [Update/ScheduleImminentRestartWarning](policy-csp-update.md#update-scheduleimminentrestartwarning) 10
-- [Update/ScheduleRestartWarning](policy-csp-update.md#update-schedulerestartwarning) 10
+- [Update/ScheduleImminentRestartWarning](policy-csp-update.md#update-scheduleimminentrestartwarning) 11
+- [Update/ScheduleRestartWarning](policy-csp-update.md#update-schedulerestartwarning) 11
- [Update/SetDisablePauseUXAccess](policy-csp-update.md#update-setdisablepauseuxaccess)
-- [Update/UpdateNotificationLevel](policy-csp-update.md#update-updatenotificationlevel) 10
+- [Update/UpdateNotificationLevel](policy-csp-update.md#update-updatenotificationlevel) 11
- [Wifi/AllowManualWiFiConfiguration](policy-csp-wifi.md#wifi-allowmanualwificonfiguration)
- [Wifi/AllowWiFi](policy-csp-wifi.md#wifi-allowwifi) 8
@@ -133,8 +137,9 @@ Footnotes:
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
-- 9 - Available in [Windows Holographic, version 20H2](/hololens/hololens-release-notes#windows-holographic-version-20h2)
-- 10 - Available in [Windows Holographic, version 21H2](/hololens/hololens-release-notes#windows-holographic-version-21h2)
+- 9 - Available in [Windows Holographic, version 20H2](/hololens/hololens-release-notes-2004#windows-holographic-version-20h2)
+- 10 - Available in [Windows Holographic, version 21H1](/hololens/hololens-release-notes#windows-holographic-version-21h1)
+- 11 - Available in [Windows Holographic, version 21H2](/hololens/hololens-release-notes#windows-holographic-version-21h2)
## Related topics
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 2c89a44f21..023ece8e40 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -1,7 +1,6 @@
---
title: Policy CSP
description: Learn how the Policy configuration service provider (CSP) enables the enterprise to configure policies on Windows 10 and Windows 11.
-ms.assetid: 4F3A1134-D401-44FC-A583-6EDD3070BA4F
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/policy-csp-abovelock.md b/windows/client-management/mdm/policy-csp-abovelock.md
index f23dbf7f6b..e984f6f104 100644
--- a/windows/client-management/mdm/policy-csp-abovelock.md
+++ b/windows/client-management/mdm/policy-csp-abovelock.md
@@ -41,6 +41,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-accounts.md b/windows/client-management/mdm/policy-csp-accounts.md
index 2a640df633..e261b05c4e 100644
--- a/windows/client-management/mdm/policy-csp-accounts.md
+++ b/windows/client-management/mdm/policy-csp-accounts.md
@@ -31,6 +31,12 @@ manager: dansimp
@@ -45,6 +51,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -61,12 +68,12 @@ manager: dansimp
-Specifies whether user is allowed to add non-MSA email accounts.
+Specifies whether user is allowed to add email accounts other than Microsoft account.
Most restricted value is 0.
> [!NOTE]
-> This policy will only block UI/UX-based methods for adding non-Microsoft accounts. Even if this policy is enforced, you can still provision non-MSA accounts using the [EMAIL2 CSP](email2-csp.md).
+> This policy will only block UI/UX-based methods for adding non-Microsoft accounts.
@@ -89,6 +96,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -106,7 +114,7 @@ The following list shows the supported values:
-Specifies whether the user is allowed to use an MSA account for non-email related connection authentication and services.
+Specifies whether the user is allowed to use a Microsoft account for non-email related connection authentication and services.
Most restricted value is 0.
@@ -131,6 +139,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -151,10 +160,10 @@ The following list shows the supported values:
Added in Windows 10, version 1703. Allows IT Admins the ability to disable the "Microsoft Account Sign-In Assistant" (wlidsvc) NT service.
> [!NOTE]
-> If the MSA service is disabled, Windows Update will no longer offer feature updates to devices running Windows 10 1709 or higher. See [Feature updates are not being offered while other updates are](/windows/deployment/update/windows-update-troubleshooting#feature-updates-are-not-being-offered-while-other-updates-are).
+> If the Microsoft account service is disabled, Windows Update will no longer offer feature updates to devices running Windows 10 1709 or higher. See [Feature updates are not being offered while other updates are](/windows/deployment/update/windows-update-troubleshooting#feature-updates-are-not-being-offered-while-other-updates-are).
> [!NOTE]
-> If the MSA service is disabled, the Subscription Activation feature will not work properly and your users will not be able to “step-up” from Windows 10 Pro to Windows 10 Enterprise, because the MSA ticket for license authentication cannot be generated. The machine will remain on Windows 10 Pro and no error will be displayed in the Activation Settings app.
+> If the Microsoft account service is disabled, the Subscription Activation feature will not work properly and your users will not be able to “step-up” from Windows 10 Pro to Windows 10 Enterprise, because the Microsoft account ticket for license authentication cannot be generated. The machine will remain on Windows 10 Pro and no error will be displayed in the Activation Settings app.
@@ -168,9 +177,90 @@ The following list shows the supported values:
+
+**Accounts/DomainNamesForEmailSync**
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+
+
+
+
+The following list shows the supported values:
+
+
+
+
+
+
+
+**Accounts/RestrictToEnterpriseDeviceAuthenticationOnly**
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|Yes|
+|Business|No|Yes|
+|Enterprise|No|Yes|
+|Education|No|Yes|
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 11, version 22H2. This setting determines whether to only allow enterprise device authentication for the Microsoft Account Sign-in Assistant service (wlidsvc). By default, this setting is disabled and allows both user and device authentication. When the value is set to 1, we only allow device authentication and block user authentication.
+
+Most restricted value is 1.
+
+
+
+The following list shows the supported values:
+
+- 0 (default) - Allow both device and user authentication.
+- 1 - Only allow device authentication. Block user authentication.
+
+
+
+
+
+
## Related topics
-[Policy CSP](policy-configuration-service-provider.md)
\ No newline at end of file
+[Policy CSP](policy-configuration-service-provider.md)
+
diff --git a/windows/client-management/mdm/policy-csp-activexcontrols.md b/windows/client-management/mdm/policy-csp-activexcontrols.md
index 206b52f009..d96b12b249 100644
--- a/windows/client-management/mdm/policy-csp-activexcontrols.md
+++ b/windows/client-management/mdm/policy-csp-activexcontrols.md
@@ -45,6 +45,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md b/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md
index bc9d52e929..2a3088be3f 100644
--- a/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md
+++ b/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md
@@ -45,6 +45,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md
index c31c112030..19c86af9d2 100644
--- a/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md
+++ b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md
@@ -129,10 +129,11 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|||
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
-|Education|||
+|Education|Yes|Yes|
@@ -186,8 +187,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -244,8 +246,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -303,8 +306,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -358,8 +362,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -413,8 +418,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -469,8 +475,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -524,8 +531,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -582,8 +590,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -639,8 +648,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-admx-admpwd.md b/windows/client-management/mdm/policy-csp-admx-admpwd.md
index f8dee79bd9..b7c83023fa 100644
--- a/windows/client-management/mdm/policy-csp-admx-admpwd.md
+++ b/windows/client-management/mdm/policy-csp-admx-admpwd.md
@@ -54,6 +54,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -96,6 +97,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -141,6 +143,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -186,6 +189,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-admx-appcompat.md b/windows/client-management/mdm/policy-csp-admx-appcompat.md
index 09fc5c811d..09e0448165 100644
--- a/windows/client-management/mdm/policy-csp-admx-appcompat.md
+++ b/windows/client-management/mdm/policy-csp-admx-appcompat.md
@@ -76,8 +76,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -129,8 +130,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -176,8 +178,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -227,8 +230,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -278,8 +282,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -332,8 +337,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -375,8 +381,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -425,8 +432,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -474,8 +482,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md b/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md
index 7dc13ae3e1..bfa6e0e368 100644
--- a/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md
+++ b/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md
@@ -43,8 +43,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-admx-appxruntime.md b/windows/client-management/mdm/policy-csp-admx-appxruntime.md
index 4095c01ad1..f9d07fe835 100644
--- a/windows/client-management/mdm/policy-csp-admx-appxruntime.md
+++ b/windows/client-management/mdm/policy-csp-admx-appxruntime.md
@@ -52,8 +52,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -98,8 +99,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -144,8 +146,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -192,8 +195,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md b/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md
index a54fcdbac7..991162ca51 100644
--- a/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md
+++ b/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md
@@ -55,8 +55,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -106,8 +107,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes
@@ -157,8 +159,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -204,8 +207,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -251,8 +255,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-admx-auditsettings.md b/windows/client-management/mdm/policy-csp-admx-auditsettings.md
index c55966c2f8..4ae15d3c3b 100644
--- a/windows/client-management/mdm/policy-csp-admx-auditsettings.md
+++ b/windows/client-management/mdm/policy-csp-admx-auditsettings.md
@@ -43,8 +43,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-admx-bits.md b/windows/client-management/mdm/policy-csp-admx-bits.md
index 5aaff2305b..ab01ed785d 100644
--- a/windows/client-management/mdm/policy-csp-admx-bits.md
+++ b/windows/client-management/mdm/policy-csp-admx-bits.md
@@ -82,8 +82,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -130,8 +131,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -179,8 +181,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -229,8 +232,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -278,8 +282,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -330,8 +335,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -381,8 +387,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -429,8 +436,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -477,8 +485,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -525,8 +534,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -575,8 +585,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -624,8 +635,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -673,8 +685,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -722,8 +735,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
index 91b1d7c6aa..a0033b3741 100644
--- a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
+++ b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
@@ -46,8 +46,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -96,8 +97,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-admx-com.md b/windows/client-management/mdm/policy-csp-admx-com.md
index 45c2e3e28b..d24c27f120 100644
--- a/windows/client-management/mdm/policy-csp-admx-com.md
+++ b/windows/client-management/mdm/policy-csp-admx-com.md
@@ -46,8 +46,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -98,8 +99,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-admx-controlpanel.md b/windows/client-management/mdm/policy-csp-admx-controlpanel.md
index 8f008a5bcd..c38abdd5cc 100644
--- a/windows/client-management/mdm/policy-csp-admx-controlpanel.md
+++ b/windows/client-management/mdm/policy-csp-admx-controlpanel.md
@@ -52,8 +52,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -108,8 +109,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -159,8 +161,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -217,8 +220,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md
index e8e6178c75..8a4ec1282c 100644
--- a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md
+++ b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md
@@ -112,8 +112,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -158,8 +159,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -202,8 +204,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -249,8 +252,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -297,8 +301,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -342,8 +347,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -391,8 +397,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -442,8 +449,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -487,8 +495,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -532,8 +541,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -581,8 +591,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -628,8 +639,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -680,8 +692,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -727,8 +740,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -772,8 +786,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -817,8 +832,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -860,8 +876,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -905,8 +922,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -950,8 +968,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1002,8 +1021,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1055,8 +1075,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1107,8 +1128,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1152,8 +1174,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1206,8 +1229,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-admx-cpls.md b/windows/client-management/mdm/policy-csp-admx-cpls.md
index 19f04975a7..0191a8c79c 100644
--- a/windows/client-management/mdm/policy-csp-admx-cpls.md
+++ b/windows/client-management/mdm/policy-csp-admx-cpls.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_Cpls
-description: Policy CSP - ADMX_Cpls
+description: Learn about the Policy CSP - ADMX_Cpls.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -43,8 +43,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -64,7 +65,7 @@ manager: dansimp
This policy setting allows an administrator to standardize the account pictures for all users on a system to the default account picture. One application for this policy setting is to standardize the account pictures to a company logo.
> [!NOTE]
-> The default account picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\user.jpg. The default guest picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\guest.jpg. If the default pictures do not exist, an empty frame is displayed.
+> The default account picture is stored at `%PROGRAMDATA%\Microsoft\User Account Pictures\user.jpg.` The default guest picture is stored at `%PROGRAMDATA%\Microsoft\User Account Pictures\guest.jpg.` If the default pictures do not exist, an empty frame is displayed.
If you enable this policy setting, the default user account picture will display for all users on the system with no customization allowed.
@@ -84,6 +85,8 @@ ADMX Info:
-
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-credentialproviders.md b/windows/client-management/mdm/policy-csp-admx-credentialproviders.md
index 92381f92cc..2787753ef1 100644
--- a/windows/client-management/mdm/policy-csp-admx-credentialproviders.md
+++ b/windows/client-management/mdm/policy-csp-admx-credentialproviders.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_CredentialProviders
-description: Policy CSP - ADMX_CredentialProviders
+description: Learn about the Policy CSP - ADMX_CredentialProviders.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -50,8 +50,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -100,8 +101,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -122,7 +124,7 @@ This policy setting allows the administrator to assign a specified credential pr
If you enable this policy setting, the specified credential provider is selected on other user tile.
-If you disable or do not configure this policy setting, the system picks the default credential provider on other user tile.
+If you disable or don't configure this policy setting, the system picks the default credential provider on other user tile.
> [!NOTE]
> A list of registered credential providers and their GUIDs can be found in the registry at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers.
@@ -149,8 +151,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -190,4 +193,8 @@ ADMX Info:
-
\ No newline at end of file
+
+
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-credssp.md b/windows/client-management/mdm/policy-csp-admx-credssp.md
index 18929d3fd6..fb24354248 100644
--- a/windows/client-management/mdm/policy-csp-admx-credssp.md
+++ b/windows/client-management/mdm/policy-csp-admx-credssp.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_CredSsp
-description: Policy CSP - ADMX_CredSsp
+description: Learn about the Policy CSP - ADMX_CredSsp.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -73,8 +73,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -130,8 +131,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -191,8 +193,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -247,8 +250,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -305,8 +309,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -363,8 +368,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -421,8 +427,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -479,8 +486,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -535,8 +543,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -591,8 +600,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -647,8 +657,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -699,3 +710,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-credui.md b/windows/client-management/mdm/policy-csp-admx-credui.md
index a62ce22ddd..133b87350c 100644
--- a/windows/client-management/mdm/policy-csp-admx-credui.md
+++ b/windows/client-management/mdm/policy-csp-admx-credui.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_CredUI
-description: Policy CSP - ADMX_CredUI
+description: Learn about the Policy CSP - ADMX_CredUI.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -46,8 +46,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -67,7 +68,7 @@ manager: dansimp
This policy setting requires the user to enter Microsoft Windows credentials using a trusted path, to prevent a Trojan horse or other types of malicious code from stealing the user’s Windows credentials.
> [!NOTE]
-> This policy affects nonlogon authentication tasks only. As a security best practice, this policy should be enabled.
+> This policy affects non-logon authentication tasks only. As a security best practice, this policy should be enabled.
If you enable this policy setting, users will be required to enter Windows credentials on the Secure Desktop through the trusted path mechanism.
@@ -94,8 +95,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -129,3 +131,6 @@ ADMX Info:
<
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md
index 89ce54faf5..22bb0e2b9c 100644
--- a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md
+++ b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_CtrlAltDel
-description: Policy CSP - ADMX_CtrlAltDel
+description: Learn about the Policy CSP - ADMX_CtrlAltDel.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -52,8 +52,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -74,7 +75,7 @@ This policy setting prevents users from changing their Windows password on deman
If you enable this policy setting, the **Change Password** button on the Windows Security dialog box won't appear when you press Ctrl+Alt+Del.
-However, users are still able to change their password when prompted by the system. The system prompts users for a new password when an administrator requires a new password or their password is expiring.
+However, users will still be able to change their password when prompted by the system. The system prompts users for a new password when an administrator requires a new password or their password is expiring.
@@ -99,8 +100,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -148,8 +150,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -195,8 +198,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -215,11 +219,11 @@ ADMX Info:
This policy setting disables or removes all menu items and buttons that log the user off the system.
-If you enable this policy setting, users won't see the Log off menu item when they press Ctrl+Alt+Del. This scenario will prevent them from logging off unless they restart or shut down the computer, or clicking Log off from the Start menu.
+If you enable this policy setting, users won't see the Logoff menu item when they press Ctrl+Alt+Del. This scenario will prevent them from logging off unless they restart or shut down the computer, or clicking Log off from the Start menu.
Also, see the 'Remove Logoff on the Start Menu' policy setting.
-If you disable or don't configure this policy setting, users can see and select the Log off menu item when they press Ctrl+Alt+Del.
+If you disable or don't configure this policy setting, users can see and select the Logoff menu item when they press Ctrl+Alt+Del.
@@ -237,3 +241,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-datacollection.md b/windows/client-management/mdm/policy-csp-admx-datacollection.md
index 33f7687705..9f7525d028 100644
--- a/windows/client-management/mdm/policy-csp-admx-datacollection.md
+++ b/windows/client-management/mdm/policy-csp-admx-datacollection.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_DataCollection
-description: Policy CSP - ADMX_DataCollection
+description: Learn about the Policy CSP - ADMX_DataCollection.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -43,8 +43,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -86,3 +87,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-dcom.md b/windows/client-management/mdm/policy-csp-admx-dcom.md
index 510d934391..4e3e20eb48 100644
--- a/windows/client-management/mdm/policy-csp-admx-dcom.md
+++ b/windows/client-management/mdm/policy-csp-admx-dcom.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_DCOM
-description: Policy CSP - ADMX_DCOM
+description: Learn about the Policy CSP - ADMX_DCOM.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -46,8 +46,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -66,9 +67,10 @@ manager: dansimp
This policy setting allows you to specify that local computer administrators can supplement the "Define Activation Security Check exemptions" list.
-- If you enable this policy setting, and DCOM doesn't find an explicit entry for a DCOM server application ID (appid) in the "Define Activation Security Check exemptions" policy (if enabled). Then DCOM will look for an entry in the locally configured list.
+If you enable this policy setting, and DCOM doesn't find an explicit entry for a DCOM server application ID (appid) in the "Define Activation Security Check exemptions" policy (if enabled). Then DCOM will look for an entry in the locally configured list.
+
+If you disable this policy setting, DCOM won't look in the locally configured DCOM activation security check exemption list.
-- If you disable this policy setting, DCOM won't look in the locally configured DCOM activation security check exemption list.
If you don't configure this policy setting, DCOM will only look in the locally configured exemption list if the "Define Activation Security Check exemptions" policy isn't configured.
> [!NOTE]
@@ -95,8 +97,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -120,14 +123,20 @@ DCOM server application IDs added to this policy must be listed in curly brace f
For example, `{b5dcb061-cefb-42e0-a1be-e6a6438133fe}`.
If you enter a non-existent or improperly formatted application, ID DCOM will add it to the list without checking for errors.
-- If you enable this policy setting, you can view and change the list of DCOM activation security check exemptions defined by Group Policy settings.
If you add an application ID to this list and set its value to one, DCOM won't enforce the Activation security check for that DCOM server.
If you add an application ID to this list and set its value to 0, DCOM will always enforce the Activation security check for that DCOM server regardless of local
-settings.
-- If you disable this policy setting, the application ID exemption list defined by Group Policy is deleted, and the one defined by local computer administrators is used.
+settings.
-If you don't configure this policy setting, the application ID exemption list defined by local computer administrators is used. Notes: The DCOM Activation security check is done after a DCOM server process is started, but before an object activation request is dispatched to the server process.
+If you enable this policy setting, you can view and change the list of DCOM activation security check exemptions defined by Group Policy settings.
+
+If you disable this policy setting, the application ID exemption list defined by Group Policy is deleted, and the one defined by local computer administrators is used.
+
+If you don't configure this policy setting, the application ID exemption list defined by local computer administrators is used.
+
+>[!Note]
+> The DCOM Activation security check is done after a DCOM server process is started, but before an object activation request is dispatched to the server process.
+
This access check is done against the DCOM server's custom launch permission security descriptor if it exists, or otherwise against the configured defaults. If the DCOM server's custom launch permission contains explicit DENY entries, then the object activations that would have previously succeeded for such specified users, once the DCOM server process was up and running, might now fail instead.
The proper action in this situation is to reconfigure the DCOM server's custom launch permission settings for correct security settings, but this policy setting may be used in the short term as an application compatibility deployment aid.
@@ -154,3 +163,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-desktop.md b/windows/client-management/mdm/policy-csp-admx-desktop.md
index a7ea8ccda9..5017634eeb 100644
--- a/windows/client-management/mdm/policy-csp-admx-desktop.md
+++ b/windows/client-management/mdm/policy-csp-admx-desktop.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_Desktop
-description: Policy CSP - ADMX_Desktop
+description: Learn about Policy CSP - ADMX_Desktop.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -127,8 +127,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -175,8 +176,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -225,8 +227,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -273,8 +276,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -321,8 +325,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -370,8 +375,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -413,8 +419,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -459,8 +466,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -508,8 +516,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -552,8 +561,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -603,8 +613,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -653,8 +664,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -700,8 +712,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -746,8 +759,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -776,7 +790,6 @@ If you disable or don't configure this policy setting, the Properties menu comma
-
ADMX Info:
- GP Friendly name: *Remove Properties from the Documents icon context menu*
@@ -796,8 +809,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -842,8 +856,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -890,8 +905,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -936,8 +952,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -980,8 +997,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1025,8 +1043,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1077,8 +1096,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1122,8 +1142,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1171,8 +1192,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1219,8 +1241,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1263,8 +1286,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1310,8 +1334,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1362,8 +1387,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1414,8 +1440,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1463,8 +1490,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1501,3 +1529,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-devicecompat.md b/windows/client-management/mdm/policy-csp-admx-devicecompat.md
index b1ccc54155..c1ac73f776 100644
--- a/windows/client-management/mdm/policy-csp-admx-devicecompat.md
+++ b/windows/client-management/mdm/policy-csp-admx-devicecompat.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_DeviceCompat
-description: Policy CSP - ADMX_DeviceCompat
+description: Learn about Policy CSP - ADMX_DeviceCompat.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -45,8 +45,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -86,8 +87,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -104,7 +106,7 @@ ADMX Info:
-Changes behavior of third-party drivers to work around incompatibilities introduced between OS versions.
+Changes behavior of third-party drivers to work around incompatibilities introduced between OS versions.
@@ -118,4 +120,8 @@ ADMX Info:
-
\ No newline at end of file
+
+
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-deviceguard.md b/windows/client-management/mdm/policy-csp-admx-deviceguard.md
index 5ac4d423c2..4a673e49f0 100644
--- a/windows/client-management/mdm/policy-csp-admx-deviceguard.md
+++ b/windows/client-management/mdm/policy-csp-admx-deviceguard.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_DeviceGuard
-description: Policy CSP - ADMX_DeviceGuard
+description: Learn about Policy CSP - ADMX_DeviceGuard.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -43,8 +43,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -68,11 +69,12 @@ If you deploy a Code Integrity Policy, Windows will restrict what can run in bot
To enable this policy, the machine must be rebooted.
The file path must be either a UNC path (for example, `\\ServerName\ShareName\SIPolicy.p7b`),
or a locally valid path (for example, `C:\FolderName\SIPolicy.p7b)`.
-
+
The local machine account (LOCAL SYSTEM) must have access permission to the policy file.
-If using a signed and protected policy, then disabling this policy setting doesn't remove the feature from the computer. Instead, you must either:
-1. First update the policy to a non-protected policy and then disable the setting.
-2. Disable the setting and then remove the policy from each computer, with a physically present user.
+If using a signed and protected policy, then disabling this policy setting doesn't remove the feature from the computer. Instead, you must either:
+
+- First update the policy to a non-protected policy and then disable the setting. (or)
+- Disable the setting and then remove the policy from each computer, with a physically present user.
@@ -89,3 +91,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md b/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md
index 62efd762ae..bbc9785c1b 100644
--- a/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md
+++ b/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_DeviceInstallation
-description: Policy CSP - ADMX_DeviceInstallation
+description: Learn about Policy CSP - ADMX_DeviceInstallation.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -64,8 +64,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -110,8 +111,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -156,8 +158,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -202,8 +205,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -248,8 +252,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -272,7 +277,8 @@ If you enable this policy setting, set the number of seconds you want the system
If you disable or don't configure this policy setting, the system doesn't force a reboot.
-Note: If no reboot is forced, the device installation restriction right won't take effect until the system is restarted.
+>[!Note]
+> If no reboot is forced, the device installation restriction right won't take effect until the system is restarted.
@@ -296,8 +302,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -341,8 +348,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -387,8 +395,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -426,4 +435,8 @@ ADMX Info:
-
\ No newline at end of file
+
+
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-devicesetup.md b/windows/client-management/mdm/policy-csp-admx-devicesetup.md
index c54fe1375e..d3b545c45a 100644
--- a/windows/client-management/mdm/policy-csp-admx-devicesetup.md
+++ b/windows/client-management/mdm/policy-csp-admx-devicesetup.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_DeviceSetup
-description: Policy CSP - ADMX_DeviceSetup
+description: Learn about Policy CSP - ADMX_DeviceSetup.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -46,8 +46,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -92,8 +93,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -114,7 +116,10 @@ This policy setting allows you to specify the order in which Windows searches so
If you enable this policy setting, you can select whether Windows searches for drivers on Windows Update unconditionally, only if necessary, or not at all.
-Searching always implies that Windows will attempt to search Windows Update exactly one time. With this setting, Windows won't continually search for updates. This setting is used to ensure that the best software will be found for the device, even if the network is temporarily available. If the setting for searching only if needed is specified, then Windows will search for a driver only if a driver isn't locally available on the system.
+>[!Note]
+> Searching always implies that Windows will attempt to search Windows Update exactly one time. With this setting, Windows won't continually search for updates.
+
+This setting is used to ensure that the best software will be found for the device, even if the network is temporarily available. If the setting for searching is enabled and only when needed is specified, then Windows will search for a driver only if a driver isn't locally available on the system.
If you disable or don't configure this policy setting, members of the Administrators group can determine the priority order in which Windows searches source locations for device drivers.
@@ -133,3 +138,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-dfs.md b/windows/client-management/mdm/policy-csp-admx-dfs.md
index 49774e691d..029c5a1884 100644
--- a/windows/client-management/mdm/policy-csp-admx-dfs.md
+++ b/windows/client-management/mdm/policy-csp-admx-dfs.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_DFS
-description: Policy CSP - ADMX_DFS
+description: Learn about Policy CSP - ADMX_DFS.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -42,8 +42,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -63,10 +64,9 @@ manager: dansimp
This policy setting allows you to configure how often a Distributed File System (DFS) client attempts to discover domain controllers on a network.
By default, a DFS client attempts to discover domain controllers every 15 minutes.
-- If you enable this policy setting, you can configure how often a DFS client attempts to discover domain controllers.
-This value is specified in minutes.
+If you enable this policy setting, you can configure how often a DFS client attempts to discover domain controllers. This value is specified in minutes.
-- If you disable or do not configure this policy setting, the default value of 15 minutes applies.
+If you disable or don't configure this policy setting, the default value of 15 minutes applies.
> [!NOTE]
> The minimum value you can select is 15 minutes. If you try to set this setting to a value less than 15 minutes, the default value of 15 minutes is applied.
@@ -87,3 +87,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-digitallocker.md b/windows/client-management/mdm/policy-csp-admx-digitallocker.md
index fafc357e89..0b11ba27af 100644
--- a/windows/client-management/mdm/policy-csp-admx-digitallocker.md
+++ b/windows/client-management/mdm/policy-csp-admx-digitallocker.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_DigitalLocker
-description: Policy CSP - ADMX_DigitalLocker
+description: Learn about Policy CSP - ADMX_DigitalLocker.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -46,8 +46,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -74,7 +75,6 @@ If you disable or don't configure this setting, Digital Locker can be run.
-
ADMX Info:
- GP Friendly name: *Do not allow Digital Locker to run*
@@ -94,8 +94,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -137,3 +138,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md b/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md
index 312e6550d5..206c700ce3 100644
--- a/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md
+++ b/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_DiskDiagnostic
-description: Policy CSP - ADMX_DiskDiagnostic
+description: Learn about Policy CSP - ADMX_DiskDiagnostic.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -46,8 +46,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -66,12 +67,13 @@ manager: dansimp
This policy setting substitutes custom alert text in the disk diagnostic message shown to users when a disk reports a S.M.A.R.T. fault.
-- If you enable this policy setting, Windows displays custom alert text in the disk diagnostic message. The custom text may not exceed 512 characters.
-- If you disable or do not configure this policy setting, Windows displays the default alert text in the disk diagnostic message.
+If you enable this policy setting, Windows displays custom alert text in the disk diagnostic message. The custom text may not exceed 512 characters.
-No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately.
+If you disable or don't configure this policy setting, Windows displays the default alert text in the disk diagnostic message.
-This policy setting only takes effect if the Disk Diagnostic scenario policy setting is enabled or not configured and the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, diagnostic scenarios are not executed.
+No reboots or service restarts are required for this policy setting to take effect, whereas changes take effect immediately.
+
+This policy setting only takes effect if the Disk Diagnostic scenario policy setting is enabled or not configured and the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, diagnostic scenarios aren't executed.
The DPS can be configured with the Services snap-in to the Microsoft Management Console.
> [!NOTE]
@@ -99,8 +101,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -121,12 +124,15 @@ This policy setting determines the execution level for S.M.A.R.T.-based disk dia
Self-Monitoring And Reporting Technology (S.M.A.R.T.) is a standard mechanism for storage devices to report faults to Windows. A disk that reports a S.M.A.R.T. fault may need to be repaired or replaced. The Diagnostic Policy Service (DPS) detects and logs S.M.A.R.T. faults to the event log when they occur.
-- If you enable this policy setting, the DPS also warns users of S.M.A.R.T. faults and guides them through backup and recovery to minimize potential data loss.
-- If you disable this policy, S.M.A.R.T. faults are still detected and logged, but no corrective action is taken.
-- If you do not configure this policy setting, the DPS enables S.M.A.R.T. fault resolution by default. This policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured.
+If you enable this policy setting, the DPS also warns users of S.M.A.R.T. faults and guides them through backup and recovery to minimize potential data loss.
-No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately.
-This policy setting takes effect only when the DPS is in the running state. When the service is stopped or disabled, diagnostic scenarios are not executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console.
+If you disable this policy, S.M.A.R.T. faults are still detected and logged, but no corrective action is taken.
+
+If you don't configure this policy setting, the DPS enables S.M.A.R.T. fault resolution by default. This policy setting takes effect only if the diagnostics-wide scenario execution policy isn't configured.
+
+No reboots or service restarts are required for this policy setting to take effect, whereas changes take effect immediately.
+
+This policy setting takes effect only when the DPS is in the running state. When the service is stopped or disabled, diagnostic scenarios aren't executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console.
> [!NOTE]
> For Windows Server systems, this policy setting applies only if the Desktop Experience optional component is installed and the Remote Desktop Services role is not installed.
@@ -147,3 +153,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-disknvcache.md b/windows/client-management/mdm/policy-csp-admx-disknvcache.md
index 6e82fec127..e3d2d46297 100644
--- a/windows/client-management/mdm/policy-csp-admx-disknvcache.md
+++ b/windows/client-management/mdm/policy-csp-admx-disknvcache.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_DiskNVCache
-description: Policy CSP - ADMX_DiskNVCache
+description: Learn about Policy CSP - ADMX_DiskNVCache.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -49,8 +49,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -71,7 +72,6 @@ This policy setting turns off the boot and resumes optimizations for the hybrid
If you enable this policy setting, the system doesn't use the non-volatile (NV) cache to optimize boot and resume.
-If you disable this policy setting, the system uses the NV cache to achieve faster boot and resume.
The system determines the data that will be stored in the NV cache to optimize boot and resume.
The required data is stored in the NV cache during shutdown and hibernate, respectively. This storage in such a location might cause a slight increase in the time taken for shutdown and hibernate. If you don't configure this policy setting, the default behavior is observed and the NV cache is used for boot and resume optimizations.
@@ -97,8 +97,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -125,8 +126,6 @@ If you disable this policy setting, the system will manage the NV cache on the d
This policy setting will take effect on next boot. If you don't configure this policy setting, the default behavior is to turn on support for the NV cache.
-
-
@@ -148,8 +147,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -172,7 +172,10 @@ If you enable this policy setting, frequently written files such as the file sys
If you disable this policy setting, the system will store frequently written data into the non-volatile (NV) cache. This storage allows the system to exclusively run out of the NV cache and power down the disk for longer periods to save power.
-This usage can cause increased wear of the NV cache. If you don't configure this policy setting, the default behavior of the system is observed and frequently written files will be stored in the NV cache. Note: This policy setting is applicable only if the NV cache feature is on.
+This can cause increased wear of the NV cache. If you don't configure this policy setting, the default behavior of the system is observed and frequently written files will be stored in the NV cache.
+
+>[!Note]
+> This policy setting is applicable only if the NV cache feature is on.
@@ -192,3 +195,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-diskquota.md b/windows/client-management/mdm/policy-csp-admx-diskquota.md
index 5982c438b4..ac4604b2d6 100644
--- a/windows/client-management/mdm/policy-csp-admx-diskquota.md
+++ b/windows/client-management/mdm/policy-csp-admx-diskquota.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_DiskQuota
-description: Policy CSP - ADMX_DiskQuota
+description: Learn about Policy CSP - ADMX_DiskQuota.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -59,8 +59,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -104,8 +105,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -158,8 +160,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -210,8 +213,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -260,8 +264,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -310,8 +315,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -354,3 +360,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md b/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md
index ff67fc4f25..098addf8db 100644
--- a/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md
+++ b/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_DistributedLinkTracking
-description: Policy CSP - ADMX_DistributedLinkTracking
+description: Learn about Policy CSP - ADMX_DistributedLinkTracking.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -43,8 +43,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -61,8 +62,10 @@ manager: dansimp
-This policy specifies that Distributed Link Tracking clients in this domain may use the Distributed Link Tracking (DLT) server, which runs on domain controllers.
-The DLT client enables programs to track linked files that are moved within an NTFS volume, to another NTFS volume on the same computer, or to an NTFS volume on another computer.
+This policy specifies that Distributed Link Tracking clients in this domain may use the Distributed Link Tracking (DLT) server, which runs on domain controllers.
+
+The DLT client enables programs to track linked files that are moved within an NTFS volume, to another NTFS volume on the same computer, or to an NTFS volume on another computer.
+
The DLT client can more reliably track links when allowed to use the DLT server.
This policy shouldn't be set unless the DLT server is running on all domain controllers in the domain.
@@ -85,3 +88,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-dnsclient.md b/windows/client-management/mdm/policy-csp-admx-dnsclient.md
index 8410109042..080d80ae3d 100644
--- a/windows/client-management/mdm/policy-csp-admx-dnsclient.md
+++ b/windows/client-management/mdm/policy-csp-admx-dnsclient.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_DnsClient
-description: Policy CSP - ADMX_DnsClient
+description: Learn about Policy CSP - ADMX_DnsClient.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -105,8 +105,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -150,8 +151,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -203,8 +205,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -249,8 +252,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -313,8 +317,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -359,8 +364,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -405,8 +411,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -453,8 +460,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -502,8 +510,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -554,8 +563,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -580,7 +590,8 @@ If you enable this policy setting, a computer will register A and PTR resource r
For example, with a computer name of mycomputer, a primary DNS suffix of microsoft.com, and a connection specific DNS suffix of VPNconnection, a computer will register A and PTR resource records for mycomputer.VPNconnection and mycomputer.microsoft.com when this policy setting is enabled.
-Important: This policy setting is ignored on a DNS client computer if dynamic DNS registration is disabled.
+>[!Important]
+> This policy setting is ignored on a DNS client computer if dynamic DNS registration is disabled.
If you disable this policy setting, or if you don't configure this policy setting, a DNS client computer won't register any A and PTR resource records using a connection-specific DNS suffix.
@@ -605,8 +616,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -631,7 +643,7 @@ If you enable this policy setting, registration of PTR records will be determine
To use this policy setting, click Enabled, and then select one of the following options from the drop-down list:
-- don't register: Computers won't attempt to register PTR resource records
+- Do not register: Computers won't attempt to register PTR resource records
- Register: Computers will attempt to register PTR resource records even if registration of the corresponding A records wasn't successful.
- Register only if A record registration succeeds: Computers will attempt to register PTR resource records only if registration of the corresponding A records was successful.
@@ -658,8 +670,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -704,8 +717,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -726,11 +740,11 @@ This policy setting specifies whether dynamic updates should overwrite existing
This policy setting is designed for computers that register address (A) resource records in DNS zones that don't use Secure Dynamic Updates. Secure Dynamic Update preserves ownership of resource records and doesn't allow a DNS client to overwrite records that are registered by other computers.
-During dynamic update of resource records in a zone that doesn't use Secure Dynamic Updates, an A resource record might exist that associates the client's host name with an IP address different than the one currently in use by the client. By default, the DNS client attempts to replace the existing A resource record with an A resource record that has the client's current IP address.
+During dynamic update of resource records in a zone that doesn't use Secure Dynamic Updates, an A resource record might exist that associates the client's host name with an IP address different than the one currently in use by the client. By default, the DNS client attempts to replace the existing (A) resource record with an (A) resource record that has the client's current IP address.
-If you enable this policy setting or if you don't configure this policy setting, DNS clients maintain their default behavior and will attempt to replace conflicting A resource records during dynamic update.
+If you enable this policy setting or if you don't configure this policy setting, DNS clients maintain their default behavior and will attempt to replace conflicting (A) resource records during dynamic update.
-If you disable this policy setting, existing A resource records that contain conflicting IP addresses won't be replaced during a dynamic update, and an error will be recorded in Event Viewer.
+If you disable this policy setting, existing (A) resource records that contain conflicting IP addresses won't be replaced during a dynamic update, and an error will be recorded in Event Viewer.
@@ -754,8 +768,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -807,8 +822,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -855,8 +871,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -908,8 +925,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -954,8 +972,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1002,8 +1021,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1054,8 +1074,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1102,8 +1123,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1166,8 +1188,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1207,3 +1230,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-dwm.md b/windows/client-management/mdm/policy-csp-admx-dwm.md
index 10b9761d52..a3118e564b 100644
--- a/windows/client-management/mdm/policy-csp-admx-dwm.md
+++ b/windows/client-management/mdm/policy-csp-admx-dwm.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_DWM
-description: Policy CSP - ADMX_DWM
+description: Learn about Policy CSP - ADMX_DWM.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -58,8 +58,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -107,8 +108,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -156,8 +158,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -204,8 +207,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -252,8 +256,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -301,8 +306,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -343,3 +349,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-eaime.md b/windows/client-management/mdm/policy-csp-admx-eaime.md
index 21ee8c0b36..6b81a966e1 100644
--- a/windows/client-management/mdm/policy-csp-admx-eaime.md
+++ b/windows/client-management/mdm/policy-csp-admx-eaime.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_EAIME
-description: Policy CSP - ADMX_EAIME
+description: Learn about the Policy CSP - ADMX_EAIME.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -76,8 +76,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -127,8 +128,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -190,8 +192,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -243,8 +246,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -293,8 +297,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -346,8 +351,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -396,8 +402,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -444,8 +451,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -494,8 +502,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -544,8 +553,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -594,8 +604,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -644,8 +655,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -686,3 +698,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md b/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md
index 00a8db9920..2ef08d8dea 100644
--- a/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md
+++ b/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_EncryptFilesonMove
-description: Policy CSP - ADMX_EncryptFilesonMove
+description: Learn about the Policy CSP - ADMX_EncryptFilesonMove.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -43,8 +43,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -63,9 +64,9 @@ manager: dansimp
This policy setting prevents File Explorer from encrypting files that are moved to an encrypted folder.
-If you enable this policy setting, File Explorer will not automatically encrypt files that are moved to an encrypted folder.
+If you enable this policy setting, File Explorer won't automatically encrypt files that are moved to an encrypted folder.
-If you disable or do not configure this policy setting, File Explorer automatically encrypts files that are moved to an encrypted folder.
+If you disable or don't configure this policy setting, File Explorer automatically encrypts files that are moved to an encrypted folder.
This setting applies only to files moved within a volume. When files are moved to other volumes, or if you create a new file in an encrypted folder, File Explorer encrypts those files automatically.
@@ -86,3 +87,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md b/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md
index 2ab763817c..7a97834588 100644
--- a/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md
+++ b/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_EnhancedStorage
-description: Policy CSP - ADMX_EnhancedStorage
+description: Learn about the Policy CSP - ADMX_EnhancedStorage.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -58,8 +58,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -76,7 +77,7 @@ manager: dansimp
-This policy setting allows you to configure a list of Enhanced Storage devices by manufacturer and product ID that are usable on your computer.
+This policy setting allows you to configure a list of Enhanced Storage devices that contain a manufacturer and product ID that are usable on your computer.
If you enable this policy setting, only Enhanced Storage devices that contain a manufacturer and product ID specified in this policy are usable on your computer.
@@ -103,8 +104,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -121,7 +123,7 @@ ADMX Info:
-This policy setting allows you to create a list of IEEE 1667 silos, compliant with the Institute of Electrical and Electronics Engineers, Inc. (IEEE) 1667 specification, that are usable on your computer.
+This policy setting allows you to create a list of IEEE 1667 silos, compliant with the Institute of Electrical and Electronics Engineers, Inc. (IEEE) 1667 specification, that is usable on your computer.
If you enable this policy setting, only IEEE 1667 silos that match a silo type identifier specified in this policy are usable on your computer.
@@ -148,8 +150,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -193,8 +196,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -238,8 +242,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -258,7 +263,8 @@ ADMX Info:
This policy setting locks Enhanced Storage devices when the computer is locked.
-This policy setting is supported in Windows Server SKUs only.
+>[!Note]
+>This policy setting is supported in Windows Server SKUs only.
If you enable this policy setting, the Enhanced Storage device remains locked when the computer is locked.
@@ -285,8 +291,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -324,3 +331,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-errorreporting.md b/windows/client-management/mdm/policy-csp-admx-errorreporting.md
index 7e72497d05..52dececdfe 100644
--- a/windows/client-management/mdm/policy-csp-admx-errorreporting.md
+++ b/windows/client-management/mdm/policy-csp-admx-errorreporting.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_ErrorReporting
-description: Policy CSP - ADMX_ErrorReporting
+description: Learn about the Policy CSP - ADMX_ErrorReporting.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -127,8 +127,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -178,8 +179,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -225,8 +227,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -249,11 +252,14 @@ To create a list of applications for which Windows Error Reporting never reports
If you enable this policy setting, you can create a list of applications that are always included in error reporting. To add applications to the list, click Show under the Report errors for applications on this list setting, and edit the list of application file names in the Show Contents dialog box. The file names must include the .exe file name extension (for example, notepad.exe). Errors that are generated by applications on this list are always reported, even if the Default dropdown in the Default application reporting policy setting is set to report no application errors.
-If the Report all errors in Microsoft applications or Report all errors in Windows components check boxes in the Default Application Reporting policy setting are filled, Windows Error Reporting reports errors as if all applications in these categories were added to the list in this policy setting. (Note: The Microsoft applications category includes the Windows components category.)
+If the Report all errors in Microsoft applications or Report all errors in Windows components check boxes in the Default Application Reporting policy setting are filled, Windows Error Reporting reports errors as if all applications in these categories were added to the list in this policy setting.
+
+>[!Note]
+>The Microsoft applications category includes the Windows components category.
If you disable this policy setting or don't configure it, the Default application reporting settings policy setting takes precedence.
-Also see the "Default Application Reporting" and "Application Exclusion List" policies.
+Also, see the "Default Application Reporting" and "Application Exclusion List" policies.
This setting will be ignored if the 'Configure Error Reporting' setting is disabled or not configured.
@@ -279,8 +285,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -307,22 +314,17 @@ This policy setting doesn't enable or disable Windows Error Reporting. To turn W
If you enable this policy setting, the setting overrides any user changes made to Windows Error Reporting settings in Control Panel, and default values are applied for any Windows Error Reporting policy settings that aren't configured (even if users have changed settings by using Control Panel). If you enable this policy setting, you can configure the following settings in the policy setting:
- "Do not display links to any Microsoft ‘More information’ websites": Select this option if you don't want error dialog boxes to display links to Microsoft websites.
-
- "Do not collect additional files": Select this option if you don't want extra files to be collected and included in error reports.
-
- "Do not collect additional computer data": Select this option if you don't want additional information about the computer to be collected and included in error reports.
-
- "Force queue mode for application errors": Select this option if you don't want users to report errors. When this option is selected, errors are stored in a queue directory, and the next administrator to sign in to the computer can send the error reports to Microsoft.
-
- "Corporate file path": Type a UNC path to enable Corporate Error Reporting. All errors are stored at the specified location instead of being sent directly to Microsoft, and the next administrator to sign in to the computer can send the error reports to Microsoft.
-
- "Replace instances of the word ‘Microsoft’ with": You can specify text with which to customize your error report dialog boxes. The word ""Microsoft"" is replaced with the specified text.
If you don't configure this policy setting, users can change Windows Error Reporting settings in Control Panel. By default, these settings are Enable Reporting on computers that are running Windows XP, and Report to Queue on computers that are running Windows Server 2003.
If you disable this policy setting, configuration settings in the policy setting are left blank.
-See related policy settings Display Error Notification (same folder as this policy setting), and Turn off Windows Error Reporting in Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication settings.
+See related policy settings Display Error Notification (same folder as this policy setting), and turn off Windows Error Reporting in Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication settings.
@@ -345,8 +347,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -394,8 +397,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -439,8 +443,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|No|No|
@@ -484,8 +489,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -529,8 +535,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|No|No|
@@ -572,8 +579,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -617,8 +625,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -662,8 +671,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -707,8 +717,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -752,8 +763,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -797,8 +809,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -842,8 +855,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -887,8 +901,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -910,13 +925,9 @@ This policy setting determines the consent behavior of Windows Error Reporting f
If you enable this policy setting, you can add specific event types to a list by clicking Show, and typing event types in the Value Name column of the Show Contents dialog box. Event types are those types meant for generic, non-fatal errors: crash, no response, and kernel fault errors. For each specified event type, you can set a consent level of 0, 1, 2, 3, or 4.
- 0 (Disable): Windows Error Reporting sends no data to Microsoft for this event type.
-
- 1 (Always ask before sending data): Windows prompts the user for consent to send reports.
-
- 2 (Send parameters): Windows Error Reporting automatically sends the minimum data required to check for an existing solution, and Windows prompts the user for consent to send more data requested by Microsoft.
-
- 3 (Send parameters and safe extra data): Windows Error Reporting automatically sends the minimum data required to check for an existing solution, and data which Windows has determined (within a high probability) doesn't contain personally identifiable data, and prompts the user for consent to send more data requested by Microsoft.
-
- 4 (Send all data): Any data requested by Microsoft is sent automatically.
If you disable or don't configure this policy setting, then the default consent settings that are applied are those settings specified by the user in Control Panel, or in the Configure Default Consent policy setting.
@@ -942,8 +953,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|No|No|
|Education|Yes|Yes|
@@ -987,8 +999,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1032,8 +1045,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1054,13 +1068,10 @@ This policy setting determines the default consent behavior of Windows Error Rep
If you enable this policy setting, you can set the default consent handling for error reports. The following list describes the Consent level settings that are available in the pull-down menu in this policy setting:
-- Always ask before sending data: Windows prompts users for consent to send reports.
-
-- Send parameters: Only the minimum data that is required to check for an existing solution is sent automatically, and Windows prompts users for consent to send more data that is requested by Microsoft.
-
-- Send parameters and safe extra data: the minimum data that is required to check for an existing solution, along with data which Windows has determined (within a high probability) doesn't contain personally identifiable information is sent automatically, and Windows prompts the user for consent to send more data that is requested by Microsoft.
-
-- Send all data: any error reporting data requested by Microsoft is sent automatically.
+- **Always ask before sending data**: Windows prompts users for consent to send reports.
+- **Send parameters**: Only the minimum data that is required to check for an existing solution is sent automatically, and Windows prompts users for consent to send more data that is requested by Microsoft.
+- **Send parameters and safe extra data**: the minimum data that is required to check for an existing solution, along with data which Windows has determined (within a high probability) doesn't contain personally identifiable information is sent automatically, and Windows prompts the user for consent to send more data that is requested by Microsoft.
+- **Send all data**: any error reporting data requested by Microsoft is sent automatically.
If this policy setting is disabled or not configured, then the consent level defaults to the highest-privacy setting: Always ask before sending data.
@@ -1085,8 +1096,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1107,13 +1119,10 @@ This policy setting determines the default consent behavior of Windows Error Rep
If you enable this policy setting, you can set the default consent handling for error reports. The following list describes the Consent level settings that are available in the pull-down menu in this policy setting:
-- Always ask before sending data: Windows prompts users for consent to send reports.
-
-- Send parameters: Only the minimum data that is required to check for an existing solution is sent automatically, and Windows prompts users for consent to send more data that is requested by Microsoft.
-
-- Send parameters and safe extra data: the minimum data that is required to check for an existing solution, along with data which Windows has determined (within a high probability) doesn't contain personally identifiable information is sent automatically, and Windows prompts the user for consent to send more data that is requested by Microsoft.
-
-- Send all data: any error reporting data requested by Microsoft is sent automatically.
+- **Always ask before sending data**: Windows prompts users for consent to send reports.
+- **Send parameters**: Only the minimum data that is required to check for an existing solution is sent automatically, and Windows prompts users for consent to send more data that is requested by Microsoft.
+- **Send parameters and safe extra data**: the minimum data that is required to check for an existing solution, along with data which Windows has determined (within a high probability) doesn't contain personally identifiable information is sent automatically, and Windows prompts the user for consent to send more data that is requested by Microsoft.
+- **Send all data**: any error reporting data requested by Microsoft is sent automatically.
If this policy setting is disabled or not configured, then the consent level defaults to the highest-privacy setting: Always ask before sending data.
@@ -1138,8 +1147,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1183,8 +1193,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1229,8 +1240,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1274,8 +1286,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1319,8 +1332,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1364,8 +1378,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1409,8 +1424,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1456,8 +1472,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1497,3 +1514,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-eventforwarding.md b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md
index ffd209aa8f..0eeeb1a2e2 100644
--- a/windows/client-management/mdm/policy-csp-admx-eventforwarding.md
+++ b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_EventForwarding
-description: Policy CSP - ADMX_EventForwarding
+description: Learn about the Policy CSP - ADMX_EventForwarding.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -47,8 +47,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -97,8 +98,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -122,11 +124,11 @@ If you enable this policy setting, you can configure the Source Computer to cont
Use the following syntax when using the HTTPS protocol:
``` syntax
-
Server=https://:5986/wsman/SubscriptionManager/WEC,Refresh=,IssuerCA=.
```
-When using the HTTP protocol, use port 5985.
+>[!Note]
+> When using the HTTP protocol, use port 5985.
If you disable or don't configure this policy setting, the Event Collector computer won't be specified.
@@ -146,3 +148,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-eventlog.md b/windows/client-management/mdm/policy-csp-admx-eventlog.md
index 5156768413..8e16b2c305 100644
--- a/windows/client-management/mdm/policy-csp-admx-eventlog.md
+++ b/windows/client-management/mdm/policy-csp-admx-eventlog.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_EventLog
-description: Policy CSP - ADMX_EventLog
+description: Learn about the Policy CSP - ADMX_EventLog.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -103,8 +103,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -125,7 +126,10 @@ This policy setting turns on logging.
If you enable or don't configure this policy setting, then events can be written to this log.
-If the policy setting is disabled, then no new events can be logged. Events can always be read from the log, regardless of this policy setting.
+If the policy setting is disabled, then no new events can be logged.
+
+>[!Note]
+> Events can always be read from the log, regardless of this policy setting.
@@ -148,8 +152,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -193,8 +198,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -238,8 +244,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -283,8 +290,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -328,8 +336,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -373,8 +382,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -420,8 +430,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -467,8 +478,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -514,8 +526,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -561,8 +574,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -609,8 +623,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -657,8 +672,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -705,8 +721,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -753,8 +770,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -800,8 +818,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -847,8 +866,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -894,8 +914,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -941,8 +962,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|No|No|
|Education|Yes|Yes|
@@ -965,7 +987,8 @@ If you enable this policy setting and a log file reaches its maximum size, new e
If you disable or don't configure this policy setting and a log file reaches its maximum size, new events overwrite old events.
-Note: Old events may or may not be retained according to the "Backup log automatically when full" policy setting.
+>[!Note]
+> Old events may or may not be retained according to the "Backup log automatically when full" policy setting.
@@ -988,8 +1011,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1012,7 +1036,8 @@ If you enable this policy setting and a log file reaches its maximum size, new e
If you disable or don't configure this policy setting and a log file reaches its maximum size, new events overwrite old events.
-Note: Old events may or may not be retained according to the "Backup log automatically when full" policy setting.
+>[!Note]
+> Old events may or may not be retained according to the "Backup log automatically when full" policy setting.
@@ -1036,8 +1061,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1060,7 +1086,8 @@ If you enable this policy setting and a log file reaches its maximum size, new e
If you disable or don't configure this policy setting and a log file reaches its maximum size, new events overwrite old events.
-Note: Old events may or may not be retained according to the "Backup log automatically when full" policy setting.
+>[!Note]
+> Old events may or may not be retained according to the "Backup log automatically when full" policy setting.
@@ -1077,3 +1104,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-eventlogging.md b/windows/client-management/mdm/policy-csp-admx-eventlogging.md
index 135c65ed8f..62d1bc8a55 100644
--- a/windows/client-management/mdm/policy-csp-admx-eventlogging.md
+++ b/windows/client-management/mdm/policy-csp-admx-eventlogging.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_EventLogging
-description: Policy CSP - ADMX_EventLogging
+description: Learn about the Policy CSP - ADMX_EventLogging.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -43,8 +43,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -63,11 +64,11 @@ manager: dansimp
This policy setting lets you configure Protected Event Logging.
-- If you enable this policy setting, components that support it will use the certificate you supply to encrypt potentially sensitive event log data before writing it to the event log. Data will be encrypted using the Cryptographic Message Syntax (CMS) standard and the public key you provide.
+If you enable this policy setting, components that support it will use the certificate you supply to encrypt potentially sensitive event log data before writing it to the event log. Data will be encrypted using the Cryptographic Message Syntax (CMS) standard and the public key you provide.
-You can use the Unprotect-CmsMessage PowerShell cmdlet to decrypt these encrypted messages, if you have access to the private key corresponding to the public key that they were encrypted with.
+You can use the `Unprotect-CmsMessage` PowerShell cmdlet to decrypt these encrypted messages, if you have access to the private key corresponding to the public key that they were encrypted with.
-- If you disable or don't configure this policy setting, components won't encrypt event log messages before writing them to the event log.
+If you disable or don't configure this policy setting, components won't encrypt event log messages before writing them to the event log.
@@ -85,3 +86,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-eventviewer.md b/windows/client-management/mdm/policy-csp-admx-eventviewer.md
index b5dd4d7f65..e04745a40b 100644
--- a/windows/client-management/mdm/policy-csp-admx-eventviewer.md
+++ b/windows/client-management/mdm/policy-csp-admx-eventviewer.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_EventViewer
-description: Policy CSP - ADMX_EventViewer
+description: Learn about the Policy CSP - ADMX_EventViewer.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -49,8 +49,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -91,8 +92,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -132,8 +134,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -150,9 +153,9 @@ ADMX Info:
-This URL is the one that will be passed to the Description area in the Event Properties dialog box.
-Change this value if you want to use a different Web server to handle event information requests.
+This URL is the one that will be passed to the Description area in the Event Properties dialog box.
+Change this value if you want to use a different Web server to handle event information requests.
@@ -170,3 +173,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-explorer.md b/windows/client-management/mdm/policy-csp-admx-explorer.md
index cc7f6818aa..36e0b39de2 100644
--- a/windows/client-management/mdm/policy-csp-admx-explorer.md
+++ b/windows/client-management/mdm/policy-csp-admx-explorer.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_Explorer
-description: Policy CSP - ADMX_Explorer
+description: Learn about the Policy CSP - ADMX_Explorer.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -55,8 +55,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -73,7 +74,7 @@ manager: dansimp
-Sets the target of the More Information link that will be displayed when the user attempts to run a program that is blocked by policy.
+This policy setting sets the target of the More Information link that will be displayed when the user attempts to run a program that is blocked by policy.
@@ -96,8 +97,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -145,8 +147,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -163,7 +166,7 @@ ADMX Info:
-This policy setting allows administrators who have configured roaming profile in conjunction with Delete Cached Roaming Profile Group Policy setting to ensure that Explorer won't reinitialize default program associations and other settings to default values.
+This policy setting allows administrators who have configured roaming profile with Delete Cached Roaming Profile Group Policy setting to ensure that Explorer won't reinitialize default program associations and other settings to default values.
If you enable this policy setting on a machine that doesn't contain all programs installed in the same manner as it was on the machine on which the user had last logged on, unexpected behavior could occur.
@@ -188,8 +191,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -206,14 +210,14 @@ ADMX Info:
-This policy setting allows administrators to prevent users from adding new items such as files or folders to the root of their Users Files folder in File Explorer.
+This policy setting allows administrators to prevent users from adding new items, such as files or folders to the root of their Users Files folder in File Explorer.
-If you enable this policy setting, users will no longer be able to add new items such as files or folders to the root of their Users Files folder in File Explorer.
+If you enable this policy setting, users will no longer be able to add new items, such as files or folders to the root of their Users Files folder in File Explorer.
If you disable or don't configure this policy setting, users will be able to add new items such as files or folders to the root of their Users Files folder in File Explorer.
> [!NOTE]
-> Enabling this policy setting doesn't prevent the user from being able to add new items such as files and folders to their actual file system profile folder at %userprofile%.
+> Enabling this policy setting doesn't prevent the user from being able to add new items, such as files and folders to their actual file system profile folder at %userprofile%.
@@ -236,8 +240,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -254,7 +259,9 @@ ADMX Info:
-This policy is similar to settings directly available to computer users. Disabling animations can improve usability for users with some visual disabilities, and also improve performance and battery life in some scenarios.
+This policy is similar to settings directly available to computer users.
+
+Disabling animations can improve usability for users with some visual disabilities, and also improve performance and battery life in some scenarios.
@@ -269,4 +276,8 @@ ADMX Info:
-
\ No newline at end of file
+
+
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-externalboot.md b/windows/client-management/mdm/policy-csp-admx-externalboot.md
index 88a074cba8..93b3bee4e0 100644
--- a/windows/client-management/mdm/policy-csp-admx-externalboot.md
+++ b/windows/client-management/mdm/policy-csp-admx-externalboot.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_ExternalBoot
-description: Policy CSP - ADMX_ExternalBoot
+description: Learn about the Policy CSP - ADMX_ExternalBoot.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -51,8 +51,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -71,9 +72,9 @@ manager: dansimp
This policy specifies whether the PC can use the hibernation sleep state (S4) when started from a Windows To Go workspace.
-- If you enable this setting, Windows, when started from a Windows To Go workspace, can hibernate the PC.
+If you enable this setting, Windows, when started from a Windows To Go workspace, can hibernate the PC.
-- If you disable or don't configure this setting, Windows, when started from a Windows To Go workspace, and can't hibernate the PC.
+If you disable or don't configure this setting, Windows, when started from a Windows To Go workspace, and can't hibernate the PC.
@@ -99,8 +100,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -145,8 +147,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -165,9 +168,9 @@ ADMX Info:
This policy setting controls whether the PC will boot to Windows To Go if a USB device containing a Windows To Go workspace is connected, and controls whether users can make changes using the Windows To Go Startup Options Control Panel item.
-- If you enable this setting, booting to Windows To Go when a USB device is connected will be enabled, and users won't be able to make changes using the Windows To Go Startup Options Control Panel item.
+If you enable this setting, booting to Windows To Go when a USB device is connected will be enabled, and users won't be able to make changes using the Windows To Go Startup Options Control Panel item.
-- If you disable this setting, booting to Windows To Go when a USB device is connected won't be enabled unless a user configures the option manually in the BIOS or other boot order configuration.
+If you disable this setting, booting to Windows To Go when a USB device is connected won't be enabled unless a user configures the option manually in the BIOS or other boot order configuration.
If you don't configure this setting, users who are members of the Administrators group can make changes using the Windows To Go Startup Options Control Panel item.
@@ -185,3 +188,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-filerecovery.md b/windows/client-management/mdm/policy-csp-admx-filerecovery.md
index 74cc4f3f50..b5239ba4b3 100644
--- a/windows/client-management/mdm/policy-csp-admx-filerecovery.md
+++ b/windows/client-management/mdm/policy-csp-admx-filerecovery.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_FileRecovery
-description: Policy CSP - ADMX_FileRecovery
+description: Learn about the Policy CSP - ADMX_FileRecovery.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -40,8 +40,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -74,3 +75,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-filerevocation.md b/windows/client-management/mdm/policy-csp-admx-filerevocation.md
index 3fd0807394..dedad2fa09 100644
--- a/windows/client-management/mdm/policy-csp-admx-filerevocation.md
+++ b/windows/client-management/mdm/policy-csp-admx-filerevocation.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_FileRevocation
-description: Policy CSP - ADMX_FileRevocation
+description: Learn about the Policy CSP - ADMX_FileRevocation.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -41,8 +41,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -60,9 +61,9 @@ manager: dansimp
Windows Runtime applications can protect content that has been associated with an enterprise identifier (EID), but can only revoke access to content it protected. To allow an application to revoke access to all content on the device that is protected by a particular enterprise, add an entry to the list on a new line that contains the enterprise identifier, separated by a comma, and the Package Family Name of the application. The EID must be an internet domain belonging to the enterprise in standard international domain name format.
Example value: `Contoso.com,ContosoIT.HumanResourcesApp_m5g0r7arhahqy`
-- If you enable this policy setting, the application identified by the Package Family Name will be permitted to revoke access to all content protected using the specified EID on the device.
+If you enable this policy setting, the application identified by the Package Family Name will be permitted to revoke access to all content protected using the specified EID on the device.
-- If you disable or don't configure this policy setting, the only Windows Runtime applications that can revoke access to all enterprise-protected content on the device are Windows Mail and the user-selected mailto protocol handler app.
+If you disable or don't configure this policy setting, the only Windows Runtime applications that can revoke access to all enterprise-protected content on the device are Windows Mail and the user-selected mailto protocol handler app.
Any other Windows Runtime application will only be able to revoke access to content it protected.
@@ -85,3 +86,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md b/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md
index 18ddd06906..71897ec183 100644
--- a/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md
+++ b/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_FileServerVSSProvider
-description: Policy CSP - ADMX_FileServerVSSProvider
+description: Learn about the Policy CSP - ADMX_FileServerVSSProvider.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -43,8 +43,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -86,3 +87,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-filesys.md b/windows/client-management/mdm/policy-csp-admx-filesys.md
index ab0c455e6b..0e4f4f4725 100644
--- a/windows/client-management/mdm/policy-csp-admx-filesys.md
+++ b/windows/client-management/mdm/policy-csp-admx-filesys.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_FileSys
-description: Policy CSP - ADMX_FileSys
+description: Learn about the Policy CSP - ADMX_FileSys.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -62,8 +62,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -99,12 +100,12 @@ ADMX Info:
**ADMX_FileSys/DisableDeleteNotification**
-
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -146,8 +147,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -164,8 +166,9 @@ ADMX Info:
-Encryption can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of encrypted files.
+Encryption can add to the processing overhead of filesystem operations.
+Enabling this setting will prevent access to and creation of encrypted files.
ADMX Info:
@@ -184,8 +187,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -202,7 +206,9 @@ ADMX Info:
-Encrypting the page file prevents malicious users from reading data that has been paged to disk, but also adds processing overhead for filesystem operations. Enabling this setting will cause the page files to be encrypted.
+Encrypting the page file prevents malicious users from reading data that has been paged to disk, but also adds processing overhead for filesystem operations.
+
+Enabling this setting will cause the page files to be encrypted.
@@ -223,8 +229,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -241,7 +248,9 @@ ADMX Info:
-Enabling Win32 long paths will allow manifested win32 applications and Windows Store applications to access paths beyond the normal 260 character limit per node on file systems that support it. Enabling this setting will cause the long paths to be accessible within the process.
+Enabling Win32 long paths will allow manifested win32 applications and Windows Store applications to access paths beyond the normal 260 character limit per node on file systems that support it.
+
+Enabling this setting will cause the long paths to be accessible within the process.
@@ -262,8 +271,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -282,7 +292,9 @@ ADMX Info:
This policy setting provides control over whether or not short names are generated during file creation. Some applications require short names for compatibility, but short names have a negative performance impact on the system.
-If you enable short names on all volumes, then short names will always be generated. If you disable them on all volumes, then they'll never be generated. If you set short name creation to be configurable on a per volume basis, then an on-disk flag will determine whether or not short names are created on a given volume. If you disable short name creation on all data volumes, then short names will only be generated for files created on the system volume.
+If you enable short names on all volumes, then short names will always be generated. If you disable them on all volumes, then they'll never be generated. If you set short name creation to be configurable on a per volume basis, then an on-disk flag will determine whether or not short names are created on a given volume.
+
+If you disable short name creation on all data volumes, then short names will only be generated for files created on the system volume.
@@ -304,8 +316,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -353,8 +366,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -390,3 +404,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-folderredirection.md b/windows/client-management/mdm/policy-csp-admx-folderredirection.md
index cebe91fbd3..fc2f29a559 100644
--- a/windows/client-management/mdm/policy-csp-admx-folderredirection.md
+++ b/windows/client-management/mdm/policy-csp-admx-folderredirection.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_FolderRedirection
-description: Policy CSP - ADMX_FolderRedirection
+description: Learn about the Policy CSP - ADMX_FolderRedirection.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -60,8 +60,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -111,8 +112,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -161,8 +163,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -206,8 +209,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -254,8 +258,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -301,8 +306,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -350,8 +356,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -395,3 +402,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-framepanes.md b/windows/client-management/mdm/policy-csp-admx-framepanes.md
index 4b83f0c105..ba90f4137d 100644
--- a/windows/client-management/mdm/policy-csp-admx-framepanes.md
+++ b/windows/client-management/mdm/policy-csp-admx-framepanes.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_FramePanes
-description: Policy CSP - ADMX_FramePanes
+description: Learn about the Policy CSP - ADMX_FramePanes.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -43,8 +43,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -63,14 +64,14 @@ manager: dansimp
This policy setting shows or hides the Details Pane in File Explorer.
-- If you enable this policy setting and configure it to hide the pane, the Details Pane in File Explorer is hidden and can't be turned on by the user.
+If you enable this policy setting and configure it to hide the pane, the Details Pane in File Explorer is hidden and can't be turned on by the user.
-- If you enable this policy setting and configure it to show the pane, the Details Pane is always visible and can't be hidden by the user.
+If you enable this policy setting and configure it to show the pane, the Details Pane is always visible and can't be hidden by the user.
> [!NOTE]
> This has a side effect of not being able to toggle to the Preview Pane since the two can't be displayed at the same time.
-- If you disable, or don't configure this policy setting, the Details Pane is hidden by default and can be displayed by the user.
+If you disable, or don't configure this policy setting, the Details Pane is hidden by default and can be displayed by the user.
This setting is the default policy setting.
@@ -94,8 +95,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -114,9 +116,9 @@ ADMX Info:
Hides the Preview Pane in File Explorer.
-- If you enable this policy setting, the Preview Pane in File Explorer is hidden and can't be turned on by the user.
+If you enable this policy setting, the Preview Pane in File Explorer is hidden and can't be turned on by the user.
-- If you disable, or don't configure this setting, the Preview Pane is hidden by default and can be displayed by the user.
+If you disable, or don't configure this setting, the Preview Pane is hidden by default and can be displayed by the user.
@@ -132,3 +134,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-fthsvc.md b/windows/client-management/mdm/policy-csp-admx-fthsvc.md
index 3cf5694548..a87f70ce8d 100644
--- a/windows/client-management/mdm/policy-csp-admx-fthsvc.md
+++ b/windows/client-management/mdm/policy-csp-admx-fthsvc.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_FTHSVC
-description: Policy CSP - ADMX_FTHSVC
+description: Learn about the Policy CSP - ADMX_FTHSVC.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -42,8 +42,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -62,12 +63,14 @@ manager: dansimp
This policy setting permits or prohibits the Diagnostic Policy Service (DPS) from automatically resolving any heap corruption problems.
-- If you enable this policy setting, the DPS detects, troubleshoots, and attempts to resolve automatically any heap corruption problems.
+If you enable this policy setting, the DPS detects, troubleshoots, and attempts to resolve automatically any heap corruption problems.
-- If you disable this policy setting, Windows cannot detect, troubleshoot, and attempt to resolve automatically any heap corruption problems that are handled by the DPS.
-If you do not configure this policy setting, the DPS enables Fault Tolerant Heap for resolution by default.
-This policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured.
-This policy setting takes effect only when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios are not executed.
+If you disable this policy setting, Windows can't detect, troubleshoot, and attempt to resolve automatically any heap corruption problems that are handled by the DPS.
+
+If you don't configure this policy setting, the DPS enables Fault Tolerant Heap for resolution by default.
+
+This policy setting takes effect only if the diagnostics-wide scenario execution policy isn't configured.
+This policy setting takes effect only when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios aren't executed.
The DPS can be configured with the Services snap-in to the Microsoft Management Console.
No system restart or service restart is required for this policy setting to take effect: changes take effect immediately.
@@ -87,3 +90,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-globalization.md b/windows/client-management/mdm/policy-csp-admx-globalization.md
index 45623d01c7..7483d618f1 100644
--- a/windows/client-management/mdm/policy-csp-admx-globalization.md
+++ b/windows/client-management/mdm/policy-csp-admx-globalization.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_Globalization
-description: Policy CSP - ADMX_Globalization
+description: Learn about the Policy CSP - ADMX_Globalization.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -112,8 +112,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -134,9 +135,9 @@ This policy prevents automatic copying of user input methods to the system accou
This confinement doesn't affect the availability of user input methods on the lock screen or with the UAC prompt.
-If the policy is Enabled, then the user will get input methods enabled for the system account on the sign-in page.
+If the policy is enabled, then the user will get input methods enabled for the system account on the sign-in page.
-If the policy is Disabled or Not Configured, then the user will be able to use input methods enabled for their user account on the sign-in page.
+If the policy is disabled or not configured, then the user will be able to use input methods enabled for their user account on the sign-in page.
@@ -160,8 +161,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -213,8 +215,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -266,8 +269,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -319,8 +323,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -369,8 +374,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -418,8 +424,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -465,8 +472,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -490,7 +498,7 @@ Automatic learning enables the collection and storage of text and ink written by
> [!NOTE]
> Automatic learning of both text and ink might not be available for all languages, even when handwriting personalization is available. For more information, see Tablet PC Help.
-If you enable this policy setting, automatic learning stops and any stored data is deleted. Users can't configure this setting in Control Panel.
+If you enable this policy setting, automatic learning stops and any stored data are deleted. Users can't configure this setting in Control Panel.
If you disable this policy setting, automatic learning is turned on. Users can't configure this policy setting in Control Panel. Collected data is only used for handwriting recognition, if handwriting personalization is turned on.
@@ -524,8 +532,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -549,7 +558,7 @@ Automatic learning enables the collection and storage of text and ink written by
> [!NOTE]
> Automatic learning of both text and ink might not be available for all languages, even when handwriting personalization is available. For more information, see Tablet PC Help.
-If you enable this policy setting, automatic learning stops and any stored data is deleted. Users can't configure this setting in Control Panel.
+If you enable this policy setting, automatic learning stops and any stored data are deleted. Users can't configure this setting in Control Panel.
If you disable this policy setting, automatic learning is turned on. Users can't configure this policy setting in Control Panel. Collected data is only used for handwriting recognition, if handwriting personalization is turned on.
@@ -583,8 +592,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -630,8 +640,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -679,8 +690,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -730,8 +742,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -777,8 +790,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -826,8 +840,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -875,8 +890,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -924,8 +940,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -977,8 +994,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1030,8 +1048,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1077,8 +1096,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1099,9 +1119,9 @@ This policy turns off the autocorrect misspelled words option. This turn off doe
The autocorrect misspelled words option controls whether or not errors in typed text will be automatically corrected.
-If the policy is Enabled, then the option will be locked to not autocorrect misspelled words.
+If the policy is enabled, then the option will be locked to not autocorrect misspelled words.
-If the policy is Disabled or Not Configured, then the user will be free to change the setting according to their preference.
+If the policy is disabled or not configured, then the user will be free to change the setting according to their preference.
The availability and function of this setting is dependent on supported languages being enabled.
@@ -1125,8 +1145,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1147,9 +1168,9 @@ This policy turns off the highlight misspelled words option. This turn off doesn
The highlight misspelled words option controls whether or next spelling errors in typed text will be highlighted.
-If the policy is Enabled, then the option will be locked to not highlight misspelled words.
+If the policy is enabled, then the option will be locked to not highlight misspelled words.
-If the policy is Disabled or Not Configured, then the user will be free to change the setting according to their preference.
+If the policy is disabled or not configured, then the user will be free to change the setting according to their preference.
The availability and function of this setting is dependent on supported languages being enabled.
@@ -1174,8 +1195,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1196,9 +1218,9 @@ This policy turns off the insert a space after selecting a text prediction optio
The insert a space after selecting a text prediction option controls whether or not a space will be inserted after the user selects a text prediction candidate when using the on-screen keyboard.
-If the policy is Enabled, then the option will be locked to not insert a space after selecting a text prediction.
+If the policy is enabled, then the option will be locked to not insert a space after selecting a text prediction.
-If the policy is Disabled or Not Configured, then the user will be free to change the setting according to their preference.
+If the policy is disabled or not configured, then the user will be free to change the setting according to their preference.
The availability and function of this setting is dependent on supported languages being enabled.
@@ -1222,8 +1244,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1244,9 +1267,9 @@ This policy turns off the offer text predictions as I type option. This turn off
The offer text predictions as I type option controls whether or not text prediction suggestions will be presented to the user on the on-screen keyboard.
-If the policy is Enabled, then the option will be locked to not offer text predictions.
+If the policy is enabled, then the option will be locked to not offer text predictions.
-If the policy is Disabled or Not Configured, then the user will be free to change the setting according to their preference.
+If the policy is disabled or not configured, then the user will be free to change the setting according to their preference.
The availability and function of this setting is dependent on supported languages being enabled.
@@ -1271,8 +1294,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1312,4 +1336,8 @@ ADMX Info:
-
\ No newline at end of file
+
+
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-grouppolicy.md b/windows/client-management/mdm/policy-csp-admx-grouppolicy.md
index f3e83e48f1..9b8a2007ca 100644
--- a/windows/client-management/mdm/policy-csp-admx-grouppolicy.md
+++ b/windows/client-management/mdm/policy-csp-admx-grouppolicy.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_GroupPolicy
-description: Policy CSP - ADMX_GroupPolicy
+description: Learn about the Policy CSP - ADMX_GroupPolicy.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -168,8 +168,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -224,8 +225,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -276,8 +278,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -330,8 +333,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -384,8 +388,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -436,8 +441,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -490,8 +496,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -544,8 +551,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -594,8 +602,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -646,8 +655,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -698,8 +708,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -754,8 +765,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -810,8 +822,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -856,8 +869,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -911,8 +925,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -966,8 +981,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1008,8 +1024,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1065,8 +1082,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1114,8 +1132,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1165,8 +1184,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1219,8 +1239,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1267,8 +1288,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1317,8 +1339,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1367,8 +1390,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1415,8 +1439,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1468,8 +1493,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1512,8 +1538,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1567,8 +1594,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1624,8 +1652,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1681,8 +1710,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1705,7 +1735,7 @@ In addition to background updates, Group Policy for the computer is always updat
By default, computer Group Policy is updated in the background every 90 minutes, with a random offset of 0 to 30 minutes.
-If you enable this setting, you can specify an update rate from 0 to 64,800 minutes (45 days). If you select 0 minutes, the computer tries to update Group Policy every 7 seconds. However, because updates might interfere with users' work and increase network traffic, very short update intervals aren't appropriate for most installations.
+If you enable this setting, you can specify an update rate from 0 to 64,800 minutes (45 days). If you select 0 minutes, the computer tries to update Group Policy every 7 seconds. However, because updates might interfere with users' work and increase network traffic, short update intervals aren't appropriate for most installations.
If you disable this setting, Group Policy is updated every 90 minutes (the default). To specify that Group Policy should never be updated while the computer is in use, select the "Turn off background refresh of Group Policy" policy.
@@ -1740,8 +1770,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1762,7 +1793,7 @@ This policy setting specifies how often Group Policy is updated on domain contro
By default, Group Policy on the domain controllers is updated every five minutes.
-If you enable this setting, you can specify an update rate from 0 to 64,800 minutes (45 days). If you select 0 minutes, the domain controller tries to update Group Policy every 7 seconds. However, because updates might interfere with users' work and increase network traffic, very short update intervals aren't appropriate for most installations.
+If you enable this setting, you can specify an update rate from 0 to 64,800 minutes (45 days). If you select 0 minutes, the domain controller tries to update Group Policy every 7 seconds. However, because updates might interfere with users' work and increase network traffic, short update intervals aren't appropriate for most installations.
If you disable or don't configure this setting, the domain controller updates Group Policy every 5 minutes (the default). To specify that Group Policies for users should never be updated while the computer is in use, select the "Turn off background refresh of Group Policy" setting.
@@ -1793,8 +1824,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1817,7 +1849,7 @@ In addition to background updates, Group Policy for users is always updated when
By default, user Group Policy is updated in the background every 90 minutes, with a random offset of 0 to 30 minutes.
-If you enable this setting, you can specify an update rate from 0 to 64,800 minutes (45 days). If you select 0 minutes, the computer tries to update user Group Policy every 7 seconds. However, because updates might interfere with users' work and increase network traffic, very short update intervals aren't appropriate for most installations.
+If you enable this setting, you can specify an update rate from 0 to 64,800 minutes (45 days). If you select 0 minutes, the computer tries to update user Group Policy every 7 seconds. However, because updates might interfere with users' work and increase network traffic, short update intervals aren't appropriate for most installations.
If you disable this setting, user Group Policy is updated every 90 minutes (the default). To specify that Group Policy for users should never be updated while the computer is in use, select the "Turn off background refresh of Group Policy" setting.
@@ -1854,8 +1886,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1906,8 +1939,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1954,8 +1988,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2000,8 +2035,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2025,7 +2061,6 @@ By default, when you edit a Group Policy Object (GPO) using the Group Policy Obj
This edit-option leads to the following behavior:
- If you originally created the GPO with, for example, an English system, the GPO contains English ADM files.
-
- If you later edit the GPO from a different-language system, you get the English ADM files as they were in the GPO.
You can change this behavior by using this setting.
@@ -2034,7 +2069,7 @@ If you enable this setting, the Group Policy Object Editor snap-in always uses l
This pattern leads to the following behavior:
-- If you had originally created the GPO with an English system, and then you edit the GPO with a Japanese system, the Group Policy Object Editor snap-in uses the local Japanese ADM files, and you see the text in Japanese under Administrative Templates.
+If you had originally created the GPO with an English system, and then you edit the GPO with a Japanese system, the Group Policy Object Editor snap-in uses the local Japanese ADM files, and you see the text in Japanese under Administrative Templates.
If you disable or don't configure this setting, the Group Policy Object Editor snap-in always loads all ADM files from the actual GPO.
@@ -2063,8 +2098,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2084,21 +2120,15 @@ ADMX Info:
This security feature provides a means to override individual process MitigationOptions settings. This security feature can be used to enforce many security policies specific to applications. The application name is specified as the Value name, including extension. The Value is specified as a bit field with a series of flags in particular positions. Bits can be set to either 0 (setting is forced off), 1 (setting is forced on), or ? (setting retains its existing value prior to GPO evaluation). The recognized bit locations are:
-PROCESS_CREATION_MITIGATION_POLICY_DEP_ENABLE (0x00000001)
-Enables data execution prevention (DEP) for the child process
+PROCESS_CREATION_MITIGATION_POLICY_DEP_ENABLE (0x00000001): Enables data execution prevention (DEP) for the child process
-PROCESS_CREATION_MITIGATION_POLICY_DEP_ATL_THUNK_ENABLE (0x00000002)
-Enables DEP-ATL thunk emulation for the child process. DEP-ATL thunk emulation causes the system to intercept NX faults that originate from the Active Template Library (ATL) thunk layer.
+PROCESS_CREATION_MITIGATION_POLICY_DEP_ATL_THUNK_ENABLE (0x00000002): Enables DEP-ATL thunk emulation for the child process. DEP-ATL thunk emulation causes the system to intercept NX faults that originate from the Active Template Library (ATL) thunk layer.
-PROCESS_CREATION_MITIGATION_POLICY_SEHOP_ENABLE (0x00000004)
-Enables structured exception handler overwrite protection (SEHOP) for the child process. SEHOP blocks exploits that use the structured exception handler (SEH) overwrite technique.
+PROCESS_CREATION_MITIGATION_POLICY_SEHOP_ENABLE (0x00000004): Enables structured exception handler overwrite protection (SEHOP) for the child process. SEHOP blocks exploits that use the structured exception handler (SEH) overwrite technique.
-PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_ON (0x00000100)
-The force Address Space Layout Randomization (ASLR) policy forcibly rebases images that aren't dynamic base compatible by acting as though an image base collision happened at load time. If relocations are required, images that don't have a base relocation section won't be loaded.
+PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_ON (0x00000100): The force Address Space Layout Randomization (ASLR) policy forcibly rebases images that aren't dynamic base compatible by acting as though an image base collision happened at load time. If relocations are required, images that don't have a base relocation section won't be loaded.
-PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_ALWAYS_ON (0x00010000)
-PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_ALWAYS_OFF (0x00020000)
-The bottom-up randomization policy, which includes stack randomization options, causes a random location to be used as the lowest user address.
+PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_ALWAYS_ON (0x00010000),PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_ALWAYS_OFF (0x00020000): The bottom-up randomization policy, which includes stack randomization options, causes a random location to be used as the lowest user address.
For instance, to enable PROCESS_CREATION_MITIGATION_POLICY_DEP_ENABLE and PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_ON, disable PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_ALWAYS_OFF, and to leave all other options at their default values, specify a value of:
???????????????0???????1???????1
@@ -2127,8 +2157,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2178,8 +2209,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2220,8 +2252,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2271,8 +2304,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2325,8 +2359,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2371,8 +2406,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2391,13 +2427,12 @@ ADMX Info:
This policy setting directs the system to apply the set of Group Policy objects for the computer to any user who signs in to a computer affected by this setting. It's intended for special-use computers, such as those in public places, laboratories, and classrooms, where you must modify the user setting based on the computer that is being used.
-By default, the user's Group Policy Objects determine which user settings apply. If this setting is enabled, then, when a user signs in to this computer, the computer's Group Policy Objects determine which set of Group Policy Objects applies.
+By default, the user's Group Policy Objects determine which user settings apply. If this setting is enabled, then when a user signs in to this computer, the computer's Group Policy Objects determine which set of Group Policy Objects applies.
If you enable this setting, you can select one of the following modes from the Mode box:
-"Replace" indicates that the user settings defined in the computer's Group Policy Objects replace the user settings normally applied to the user.
-
-"Merge" indicates that the user settings defined in the computer's Group Policy Objects and the user settings normally applied to the user are combined. If the settings conflict, the user settings in the computer's Group Policy Objects take precedence over the user's normal settings.
+- "Replace" indicates that the user settings defined in the computer's Group Policy Objects replace the user settings normally applied to the user.
+- "Merge" indicates that the user settings defined in the computer's Group Policy Objects and the user settings normally applied to the user are combined. If the settings conflict, the user settings in the computer's Group Policy Objects take precedence over the user's normal settings.
If you disable this setting or don't configure it, the user's Group Policy Objects determines which user settings apply.
@@ -2419,4 +2454,8 @@ ADMX Info:
-
\ No newline at end of file
+
+
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-help.md b/windows/client-management/mdm/policy-csp-admx-help.md
index 3bdf5aa985..603e13fa68 100644
--- a/windows/client-management/mdm/policy-csp-admx-help.md
+++ b/windows/client-management/mdm/policy-csp-admx-help.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_Help
-description: Policy CSP - ADMX_Help
+description: Learn about the Policy CSP - ADMX_Help.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -22,7 +22,7 @@ manager: dansimp
-
## ADMX_Help policies
@@ -51,8 +51,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -82,7 +83,7 @@ If you disable or don't configure this policy setting, DEP is turned on for HTML
ADMX Info:
-- GP Friendly name: *Turn off Data Execution Prevention for HTML Help Executible*
+- GP Friendly name: *Turn off Data Execution Prevention for HTML Help Executable*
- GP name: *DisableHHDEP*
- GP path: *System*
- GP ADMX file name: *Help.admx*
@@ -99,8 +100,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -159,8 +161,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -210,8 +213,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -256,3 +260,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-helpandsupport.md b/windows/client-management/mdm/policy-csp-admx-helpandsupport.md
index 806207275f..d1db72afc5 100644
--- a/windows/client-management/mdm/policy-csp-admx-helpandsupport.md
+++ b/windows/client-management/mdm/policy-csp-admx-helpandsupport.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_HelpAndSupport
-description: Policy CSP - ADMX_HelpAndSupport
+description: Learn about the Policy CSP - ADMX_HelpAndSupport.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -51,8 +51,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -71,9 +72,9 @@ manager: dansimp
This policy setting specifies whether active content links in trusted assistance content are rendered. By default, the Help viewer renders trusted assistance content with active elements such as ShellExecute links and Guided Help links.
-If you enable this policy setting, active content links are not rendered. The text is displayed, but there are no clickable links for these elements.
+If you enable this policy setting, active content links aren't rendered. The text is displayed, but there are no clickable links for these elements.
-If you disable or do not configure this policy setting, the default behavior applies (Help viewer renders trusted assistance content with active elements).
+If you disable or don't configure this policy setting, the default behavior applies (Help viewer renders trusted assistance content with active elements).
@@ -97,8 +98,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -117,9 +119,9 @@ ADMX Info:
This policy setting specifies whether users can provide ratings for Help content.
-If you enable this policy setting, ratings controls are not added to Help content.
+If you enable this policy setting, ratings controls aren't added to Help content.
-If you disable or do not configure this policy setting, ratings controls are added to Help topics.
+If you disable or don't configure this policy setting, ratings controls are added to Help topics.
Users can use the control to provide feedback on the quality and usefulness of the Help and Support content.
@@ -144,8 +146,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -164,9 +167,9 @@ ADMX Info:
This policy setting specifies whether users can participate in the Help Experience Improvement program. The Help Experience Improvement program collects information about how customers use Windows Help so that Microsoft can improve it.
-If you enable this policy setting, users cannot participate in the Help Experience Improvement program.
+If you enable this policy setting, users can't participate in the Help Experience Improvement program.
-If you disable or do not configure this policy setting, users can turn on the Help Experience Improvement program feature from the Help and Support settings page.
+If you disable or don't configure this policy setting, users can turn on the Help Experience Improvement program feature from the Help and Support settings page.
@@ -190,8 +193,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -212,7 +216,7 @@ This policy setting specifies whether users can search and view content from Win
If you enable this policy setting, users are prevented from accessing online assistance content from Windows Online.
-If you disable or do not configure this policy setting, users can access online assistance if they have a connection to the Internet and have not disabled Windows Online from the Help and Support Options page.
+If you disable or don't configure this policy setting, users can access online assistance if they have a connection to the Internet and haven't disabled Windows Online from the Help and Support Options page.
@@ -232,3 +236,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-hotspotauth.md b/windows/client-management/mdm/policy-csp-admx-hotspotauth.md
index bf33f5110d..48356bdf1a 100644
--- a/windows/client-management/mdm/policy-csp-admx-hotspotauth.md
+++ b/windows/client-management/mdm/policy-csp-admx-hotspotauth.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_HotSpotAuth
-description: Policy CSP - ADMX_HotSpotAuth
+description: Learn about the Policy CSP - ADMX_HotSpotAuth.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -42,8 +42,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -66,9 +67,9 @@ This policy setting defines whether WLAN hotspots are probed for Wireless Intern
- If authentication is successful, users will be connected automatically on subsequent attempts. Credentials can also be configured by network operators.
-- If you enable this policy setting, or if you do not configure this policy setting, WLAN hotspots are automatically probed for WISPR protocol support.
+- If you enable this policy setting, or if you don't configure this policy setting, WLAN hotspots are automatically probed for WISPR protocol support.
-- If you disable this policy setting, WLAN hotspots are not probed for WISPr protocol support, and users can only authenticate with WLAN hotspots using a web browser.
+- If you disable this policy setting, WLAN hotspots aren't probed for WISPr protocol support, and users can only authenticate with WLAN hotspots using a web browser.
@@ -87,3 +88,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-icm.md b/windows/client-management/mdm/policy-csp-admx-icm.md
index 2f9b7183ac..c80b5b8007 100644
--- a/windows/client-management/mdm/policy-csp-admx-icm.md
+++ b/windows/client-management/mdm/policy-csp-admx-icm.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_ICM
-description: Policy CSP - ADMX_ICM
+description: Learn about the Policy CSP - ADMX_ICM.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -117,8 +117,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -165,8 +166,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -213,8 +215,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -264,8 +267,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -317,8 +321,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -370,8 +375,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -420,8 +426,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -470,8 +477,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -518,8 +526,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -566,8 +575,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -613,8 +623,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -659,8 +670,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -707,8 +719,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -759,8 +772,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -808,8 +822,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -859,8 +874,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -907,8 +923,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -955,8 +972,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1003,8 +1021,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1051,8 +1070,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1099,8 +1119,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1145,8 +1166,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1193,8 +1215,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1239,8 +1262,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1287,8 +1311,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1337,8 +1362,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1384,3 +1410,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-iis.md b/windows/client-management/mdm/policy-csp-admx-iis.md
index 424b4a38f2..c68c2b9d10 100644
--- a/windows/client-management/mdm/policy-csp-admx-iis.md
+++ b/windows/client-management/mdm/policy-csp-admx-iis.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_IIS
-description: Policy CSP - ADMX_IIS
+description: Learn about the Policy CSP - ADMX_IIS.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -42,8 +42,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -62,11 +63,11 @@ manager: dansimp
This policy setting prevents installation of Internet Information Services (IIS) on this computer.
-- If you enable this policy setting, Internet Information Services (IIS) can't be installed, and you'll not be able to install Windows components or applications that require IIS. Users installing Windows components or applications that require IIS might not receive a warning that IIS can't be installed because of this Group Policy setting.
+If you enable this policy setting, Internet Information Services (IIS) can't be installed, and you'll not be able to install Windows components or applications that require IIS. Users installing Windows components or applications that require IIS might not receive a warning that IIS can't be installed because of this Group Policy setting.
-Enabling this setting won't have any effect on IIS if IIS is already installed on the computer.
+Enabling this setting won't have any effect on IIS, if IIS is already installed on the computer.
-- If you disable or don't configure this policy setting, IIS can be installed, and all the programs and applications that require IIS to run."
+If you disable or don't configure this policy setting, IIS can be installed, and all the programs and applications that require IIS to run."
@@ -86,3 +87,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-iscsi.md b/windows/client-management/mdm/policy-csp-admx-iscsi.md
index c9465d3231..67786a4e35 100644
--- a/windows/client-management/mdm/policy-csp-admx-iscsi.md
+++ b/windows/client-management/mdm/policy-csp-admx-iscsi.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_iSCSI
-description: Policy CSP - ADMX_iSCSI
+description: Learn about the Policy CSP - ADMX_iSCSI.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -49,8 +49,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -93,8 +94,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -136,8 +138,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -175,3 +178,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-kdc.md b/windows/client-management/mdm/policy-csp-admx-kdc.md
index 1173ca86f8..5ea252a9f3 100644
--- a/windows/client-management/mdm/policy-csp-admx-kdc.md
+++ b/windows/client-management/mdm/policy-csp-admx-kdc.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_kdc
-description: Policy CSP - ADMX_kdc
+description: Learn about the Policy CSP - ADMX_kdc.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -13,6 +13,7 @@ manager: dansimp
---
# Policy CSP - ADMX_kdc
+
>[!TIP]
> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
@@ -57,8 +58,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -106,7 +108,7 @@ Impact on domain controller performance when this policy setting is enabled:
- Secure Kerberos domain capability discovery is required, resulting in more message exchanges.
- Claims and compound authentication for Dynamic Access Control increase the size and complexity of the data in the message, which results in more processing time and greater Kerberos service ticket size.
-- Kerberos armoring fully encrypts Kerberos messages and signs Kerberos errors, which results in increased processing time, but doesn't change the service ticket size.
+- Kerberos armoring fully encrypts Kerberos messages and signs Kerberos errors, which result in increased processing time, but doesn't change the service ticket size.
@@ -130,8 +132,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -178,8 +181,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -230,8 +234,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -279,8 +284,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -325,8 +331,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -372,3 +379,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-kerberos.md b/windows/client-management/mdm/policy-csp-admx-kerberos.md
index 998eb8189d..a70fa508b8 100644
--- a/windows/client-management/mdm/policy-csp-admx-kerberos.md
+++ b/windows/client-management/mdm/policy-csp-admx-kerberos.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_Kerberos
-description: Policy CSP - ADMX_Kerberos
+description: Learn about the Policy CSP - ADMX_Kerberos.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -13,6 +13,7 @@ manager: dansimp
---
# Policy CSP - ADMX_Kerberos
+
>[!TIP]
> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
@@ -63,8 +64,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -112,8 +114,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -165,8 +168,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -213,8 +217,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -261,8 +266,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -307,8 +313,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -355,8 +362,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -409,8 +417,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -449,3 +458,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-lanmanserver.md b/windows/client-management/mdm/policy-csp-admx-lanmanserver.md
index a905d94c9a..4baef48f3a 100644
--- a/windows/client-management/mdm/policy-csp-admx-lanmanserver.md
+++ b/windows/client-management/mdm/policy-csp-admx-lanmanserver.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_LanmanServer
-description: Policy CSP - ADMX_LanmanServer
+description: Learn about the Policy CSP - ADMX_LanmanServer.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -13,6 +13,7 @@ manager: dansimp
---
# Policy CSP - ADMX_LanmanServer
+
>[!TIP]
> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
@@ -51,8 +52,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -117,8 +119,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -177,8 +180,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -199,9 +203,7 @@ This policy setting specifies whether the BranchCache hash generation service su
If you specify only one version that is supported, content information for that version is the only type that is generated by BranchCache, and it's the only type of content information that can be retrieved by client computers. For example, if you enable support for V1 hashes, BranchCache generates only V1 hashes and client computers can retrieve only V1 hashes.
-Policy configuration
-
-Select one of the following options:
+For policy configuration, select one of the following options:
- Not Configured. With this selection, BranchCache settings aren't applied to client computers by this policy setting. In this circumstance, which is the default, both V1 and V2 hash generation and retrieval are supported.
- Enabled. With this selection, the policy setting is applied and the hash version(s) that are specified in "Hash version supported" are generated and retrieved.
@@ -237,8 +239,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -282,3 +285,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md b/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md
index 8fcfe9af1e..1459422b9a 100644
--- a/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md
+++ b/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_LanmanWorkstation
-description: Policy CSP - ADMX_LanmanWorkstation
+description: Learn about the Policy CSP - ADMX_LanmanWorkstation.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -13,6 +13,7 @@ manager: dansimp
---
# Policy CSP - ADMX_LanmanWorkstation
+
>[!TIP]
> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
@@ -48,8 +49,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -115,8 +117,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -164,8 +167,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -207,4 +211,8 @@ ADMX Info:
-
\ No newline at end of file
+
+
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md b/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md
index a362e05ab9..abf93f8dcf 100644
--- a/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md
+++ b/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_LeakDiagnostic
-description: Policy CSP - ADMX_LeakDiagnostic
+description: Learn about the Policy CSP - ADMX_LeakDiagnostic.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -42,8 +42,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -62,13 +63,13 @@ manager: dansimp
This policy setting substitutes custom alert text in the disk diagnostic message shown to users when a disk reports a S.M.A.R.T. fault.
-- If you enable this policy setting, Windows displays custom alert text in the disk diagnostic message. The custom text may not exceed 512 characters.
+If you enable this policy setting, Windows displays custom alert text in the disk diagnostic message. The custom text may not exceed 512 characters.
-- If you disable or do not configure this policy setting, Windows displays the default alert text in the disk diagnostic message.
+If you disable or don't configure this policy setting, Windows displays the default alert text in the disk diagnostic message.
No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately.
-This policy setting only takes effect if the Disk Diagnostic scenario policy setting is enabled or not configured and the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, diagnostic scenarios are not executed.
+This policy setting only takes effect if the Disk Diagnostic scenario policy setting is enabled or not configured and the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, diagnostic scenarios aren't executed.
The DPS can be configured with the Services snap-in to the Microsoft Management Console.
@@ -94,3 +95,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md b/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md
index 841a1b47a1..8af8087093 100644
--- a/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md
+++ b/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_LinkLayerTopologyDiscovery
-description: Policy CSP - ADMX_LinkLayerTopologyDiscovery
+description: Learn about Policy CSP - ADMX_LinkLayerTopologyDiscovery.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -13,6 +13,7 @@ manager: dansimp
---
# Policy CSP - ADMX_LinkLayerTopologyDiscovery
+
>[!TIP]
> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
@@ -45,8 +46,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -93,8 +95,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -137,3 +140,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md b/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md
index 9b40c8b242..34d7b1561d 100644
--- a/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md
+++ b/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_LocationProviderAdm
-description: Policy CSP - ADMX_LocationProviderAdm
+description: Learn about Policy CSP - ADMX_LocationProviderAdm.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -13,9 +13,16 @@ manager: dansimp
---
# Policy CSP - ADMX_LocationProviderAdm
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!WARNING]
+> Some information relates to pre-released products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -38,8 +45,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -58,17 +66,11 @@ manager: dansimp
This policy setting turns off the Windows Location Provider feature for this computer.
-- If you enable this policy setting, the Windows Location Provider feature will be turned off, and all programs on this computer will not be able to use the Windows Location Provider feature.
+- If you enable this policy setting, the Windows Location Provider feature will be turned off, and all programs on this computer won't be able to use the Windows Location Provider feature.
-- If you disable or do not configure this policy setting, all programs on this computer can use the Windows Location Provider feature.
+- If you disable or don't configure this policy setting, all programs on this computer can use the Windows Location Provider feature.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -82,7 +84,10 @@ ADMX Info:
> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+> These policies are currently only available as a part of Windows Insider release.
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-logon.md b/windows/client-management/mdm/policy-csp-admx-logon.md
index 2f68cebffb..39410f580e 100644
--- a/windows/client-management/mdm/policy-csp-admx-logon.md
+++ b/windows/client-management/mdm/policy-csp-admx-logon.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_Logon
-description: Policy CSP - ADMX_Logon
+description: Learn about Policy CSP - ADMX_Logon.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -13,6 +13,7 @@ manager: dansimp
---
# Policy CSP - ADMX_Logon
+
>[!TIP]
> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
@@ -84,8 +85,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -102,7 +104,7 @@ manager: dansimp
-This policy prevents the user from showing account details (email address or user name) on the sign-in screen.
+This policy prevents the user from showing account details (email address or user name) on the sign-in screen.
If you enable this policy setting, the user can't choose to show account details on the sign-in screen.
@@ -110,7 +112,6 @@ If you disable or don't configure this policy setting, the user may choose to sh
-
ADMX Info:
- GP Friendly name: *Block user from showing account details on sign-in*
@@ -130,8 +131,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -176,8 +178,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -225,8 +228,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -274,8 +278,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -327,8 +332,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -380,8 +386,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -426,8 +433,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -472,8 +480,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -529,8 +538,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -583,8 +593,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -636,8 +647,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -690,8 +702,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -710,7 +723,7 @@ ADMX Info:
This policy setting determines whether Group Policy processing is synchronous (that is, whether computers wait for the network to be fully initialized during computer startup and user sign in). By default, on client computers, Group Policy processing isn't synchronous; client computers typically don't wait for the network to be fully initialized at startup and sign in. Existing users are signed in using cached credentials, which results in shorter sign-in times. Group Policy is applied in the background after the network becomes available.
-Because this process (of applying Group Policy) is a background refresh, extensions such as Software Installation and Folder Redirection take two sign-ins to apply changes. To be able to operate safely, these extensions require that no users be signed in. Therefore, they must be processed in the foreground before users are actively using the computer. In addition, changes that are made to the user object, such as adding a roaming profile path, home directory, or user object logon script, may take up to two sign-ins to be detected.
+Because this process (of applying Group Policy) is a background refresh, extensions such as Software Installation and Folder Redirection take two sign-ins to apply changes. To be able to operate safely, these extensions require that no users be signed in. Therefore, they must be processed in the foreground before users are actively using the computer. In addition, changes that are made to the user object, such as adding a roaming profile path, home directory, or user object logon script may take up to two sign-ins to be detected.
If a user with a roaming profile, home directory, or user object logon script signs in to a computer, computers always wait for the network to be initialized before signing in the user. If a user has never signed in to this computer before, computers always wait for the network to be initialized.
@@ -754,8 +767,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -800,8 +814,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -847,3 +862,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
index c2d83759c2..b600ea3664 100644
--- a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
+++ b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_MicrosoftDefenderAntivirus
-description: Policy CSP - ADMX_MicrosoftDefenderAntivirus
+description: Learn about Policy CSP - ADMX_MicrosoftDefenderAntivirus.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -318,8 +318,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -364,8 +365,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -414,8 +416,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -434,14 +437,9 @@ ADMX Info:
Allows an administrator to specify if Automatic Exclusions feature for Server SKUs should be turned off.
-Disabled (Default):
-Microsoft Defender Antivirus will exclude pre-defined list of paths from the scan to improve performance.
+If you disable or don't configure this policy setting, Microsoft Defender Antivirus will exclude pre-defined list of paths from the scan to improve performance. It is disabled by default.
-Enabled:
-Microsoft Defender Antivirus won't exclude pre-defined list of paths from scans. This non-exclusion can impact machine performance in some scenarios.
-
-Not configured:
-Same as Disabled.
+If you enable this policy setting, Microsoft Defender Antivirus won't exclude pre-defined list of paths from scans. This non-exclusion can impact machine performance in some scenarios.
@@ -465,8 +463,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -485,8 +484,8 @@ ADMX Info:
This feature ensures the device checks in real time with the Microsoft Active Protection Service (MAPS) before allowing certain content to be run or accessed. If this feature is disabled, the check won't occur, which will lower the protection state of the device.
-Enabled – The Block at First Sight setting is turned on.
-Disabled – The Block at First Sight setting is turned off.
+If you enable this feature, the Block at First Sight setting is turned on.
+If you disable this feature, the Block at First Sight setting is turned off.
This feature requires these Policy settings to be set as follows:
@@ -497,7 +496,6 @@ This feature requires these Policy settings to be set as follows:
-
ADMX Info:
- GP Friendly name: *Configure the 'Block at First Sight' feature*
@@ -517,8 +515,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -563,8 +562,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -611,8 +611,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -657,8 +658,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -699,8 +701,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -743,8 +746,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -785,8 +789,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -842,8 +847,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -915,8 +921,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -974,8 +981,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1034,8 +1042,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1085,8 +1094,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1131,8 +1141,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1173,8 +1184,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1219,8 +1231,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1265,8 +1278,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1317,8 +1331,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1369,8 +1384,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1415,8 +1431,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1461,8 +1478,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1507,8 +1525,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1553,8 +1572,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1599,8 +1619,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1645,8 +1666,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1691,8 +1713,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1737,8 +1760,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1783,8 +1807,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1829,8 +1854,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1875,8 +1901,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1921,8 +1948,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1967,8 +1995,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2013,8 +2042,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2059,8 +2089,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2117,8 +2148,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2163,8 +2195,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2205,8 +2238,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2247,8 +2281,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2292,8 +2327,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2338,8 +2374,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2378,8 +2415,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2420,8 +2458,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2462,8 +2501,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2511,8 +2551,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2557,8 +2598,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2603,8 +2645,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2650,8 +2693,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2696,8 +2740,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2742,8 +2787,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2788,8 +2834,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2834,8 +2881,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2880,8 +2928,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2926,8 +2975,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2971,8 +3021,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3017,8 +3068,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3063,8 +3115,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3109,8 +3162,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3155,8 +3209,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3201,8 +3256,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3247,8 +3303,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3293,8 +3350,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3339,8 +3397,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3385,8 +3444,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3431,8 +3491,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3477,8 +3538,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3523,8 +3585,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3581,8 +3644,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3627,8 +3691,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3673,8 +3738,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3721,8 +3787,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3767,8 +3834,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3813,8 +3881,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3859,8 +3928,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3905,8 +3975,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3951,8 +4022,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3999,8 +4071,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4045,8 +4118,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4091,8 +4165,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4149,8 +4224,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4195,8 +4271,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4239,8 +4316,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4285,8 +4363,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4331,8 +4410,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4377,8 +4457,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4437,8 +4518,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4484,8 +4566,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4532,8 +4615,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4578,8 +4662,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4624,8 +4709,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4668,8 +4754,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4708,3 +4795,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-mmc.md b/windows/client-management/mdm/policy-csp-admx-mmc.md
index 33f6ed7399..66f7ee9fa5 100644
--- a/windows/client-management/mdm/policy-csp-admx-mmc.md
+++ b/windows/client-management/mdm/policy-csp-admx-mmc.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_MMC
-description: Policy CSP - ADMX_MMC
+description: Learn about Policy CSP - ADMX_MMC.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -54,8 +54,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -110,8 +111,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -166,8 +168,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -222,8 +225,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -272,8 +276,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -323,3 +328,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md
index 1514a912be..42d6a7faa7 100644
--- a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md
+++ b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_MMCSnapins
-description: Policy CSP - ADMX_MMCSnapins
+description: Learn about Policy CSP - ADMX_MMCSnapins.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -351,8 +351,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -373,7 +374,7 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted. It can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited. It cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited. It can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
@@ -405,8 +406,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -427,7 +429,7 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted. It can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited. It cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited. It can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
@@ -460,8 +462,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -482,15 +485,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -515,8 +518,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -537,15 +541,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -570,8 +574,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -592,15 +597,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -625,8 +630,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -645,17 +651,17 @@ ADMX Info:
This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -680,8 +686,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -702,13 +709,13 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -735,8 +742,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -757,15 +765,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted. It can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -790,8 +798,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -812,15 +821,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -845,8 +854,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -867,15 +877,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -900,8 +910,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -922,15 +933,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -955,8 +966,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -977,15 +989,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -1009,8 +1021,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1031,15 +1044,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -1063,8 +1076,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1085,15 +1099,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -1117,8 +1131,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1139,15 +1154,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -1171,8 +1186,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1193,15 +1209,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -1225,8 +1241,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1247,15 +1264,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -1279,8 +1296,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1301,15 +1319,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -1333,8 +1351,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1355,15 +1374,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -1387,8 +1406,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1409,15 +1429,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -1441,8 +1461,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1463,15 +1484,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -1495,8 +1516,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1517,15 +1539,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -1549,8 +1571,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1571,15 +1594,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -1603,8 +1626,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1625,15 +1649,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -1657,8 +1681,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1679,15 +1704,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -1711,8 +1736,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1733,15 +1759,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -1765,8 +1791,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1787,15 +1814,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -1819,8 +1846,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1841,15 +1869,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -1873,8 +1901,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1895,15 +1924,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -1928,8 +1957,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1950,15 +1980,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -1982,8 +2012,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2004,15 +2035,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -2036,8 +2067,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2058,15 +2090,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -2090,8 +2122,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2112,15 +2145,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -2144,8 +2177,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2166,15 +2200,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -2198,8 +2232,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2220,15 +2255,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -2252,8 +2287,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2274,15 +2310,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -2306,8 +2342,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2328,15 +2365,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -2360,8 +2397,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2380,19 +2418,19 @@ ADMX Info:
This policy setting permits or prohibits use of the Group Policy tab in property sheets for the Active Directory Users and Computers and Active Directory Sites and Services snap-ins.
-If you enable this setting, the Group Policy tab is displayed in the property sheet for a site, domain, or organizational unit displayed by the Active Directory Users and Computers and Active Directory Sites and Services snap-ins. If you disable the setting, the Group Policy tab is not displayed in those snap-ins.
+If you enable this setting, the Group Policy tab is displayed in the property sheet for a site, domain, or organizational unit displayed by the Active Directory Users and Computers and Active Directory Sites and Services snap-ins. If you disable the setting, the Group Policy tab isn't displayed in those snap-ins.
-If this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this tab is displayed.
+If this setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this tab is displayed.
- If "Restrict users to the explicitly permitted list of snap-ins" is enabled, users will not have access to the Group Policy tab.
-To explicitly permit use of the Group Policy tab, enable this setting. If this setting is not configured (or disabled), the Group Policy tab is inaccessible.
+To explicitly permit use of the Group Policy tab, enable this setting. If this setting isn't configured (or disabled), the Group Policy tab is inaccessible.
- If "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users will have access to the Group Policy tab.
-To explicitly prohibit use of the Group Policy tab, disable this setting. If this setting is not configured (or enabled), the Group Policy tab is accessible.
+To explicitly prohibit use of the Group Policy tab, disable this setting. If this setting isn't configured (or enabled), the Group Policy tab is accessible.
-When the Group Policy tab is inaccessible, it does not appear in the site, domain, or organizational unit property sheets.
+When the Group Policy tab is inaccessible, it doesn't appear in the site, domain, or organizational unit property sheets.
@@ -2416,8 +2454,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2438,15 +2477,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -2470,8 +2509,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2492,15 +2532,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -2524,8 +2564,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2546,15 +2587,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -2578,8 +2619,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2600,15 +2642,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -2632,8 +2674,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2654,15 +2697,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -2686,8 +2729,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2708,15 +2752,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -2740,8 +2784,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2762,15 +2807,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -2794,8 +2839,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2816,15 +2862,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -2848,8 +2894,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2870,15 +2917,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -2902,8 +2949,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2924,15 +2972,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -2956,8 +3004,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2978,15 +3027,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -3010,8 +3059,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3032,15 +3082,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -3064,8 +3114,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3086,15 +3137,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -3118,8 +3169,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3140,15 +3192,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -3172,8 +3224,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3194,15 +3247,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -3226,8 +3279,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3248,15 +3302,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -3280,8 +3334,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3302,15 +3357,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -3334,8 +3389,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3356,15 +3412,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -3388,8 +3444,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3410,15 +3467,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -3442,8 +3499,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3464,15 +3522,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -3496,8 +3554,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3518,15 +3577,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -3550,8 +3609,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3572,15 +3632,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -3604,8 +3664,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3626,15 +3687,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -3658,8 +3719,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3680,15 +3742,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -3712,8 +3774,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3734,15 +3797,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -3766,8 +3829,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3788,15 +3852,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -3820,8 +3884,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3842,15 +3907,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -3874,8 +3939,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3896,15 +3962,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -3928,8 +3994,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3950,15 +4017,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -3982,8 +4049,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4004,15 +4072,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -4036,8 +4104,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4058,15 +4127,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -4090,8 +4159,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4112,15 +4182,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -4144,8 +4214,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4166,15 +4237,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -4198,8 +4269,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4220,15 +4292,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -4252,8 +4324,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4274,15 +4347,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -4306,8 +4379,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4328,15 +4402,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -4360,8 +4434,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4382,15 +4457,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -4414,8 +4489,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4436,15 +4512,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -4468,8 +4544,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4490,15 +4567,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -4522,8 +4599,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4544,15 +4622,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -4576,8 +4654,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4598,15 +4677,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -4630,8 +4709,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4652,15 +4732,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -4684,8 +4764,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4706,15 +4787,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -4738,8 +4819,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4760,15 +4842,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -4792,8 +4874,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4814,15 +4897,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -4846,8 +4929,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4868,15 +4952,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -4900,8 +4984,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4922,15 +5007,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -4954,8 +5039,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4976,15 +5062,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -5008,8 +5094,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5030,15 +5117,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -5062,8 +5149,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5084,15 +5172,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -5116,8 +5204,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5138,15 +5227,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -5170,8 +5259,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5192,15 +5282,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -5224,8 +5314,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5246,15 +5337,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -5278,8 +5369,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5300,15 +5392,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -5332,8 +5424,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5354,15 +5447,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -5386,8 +5479,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5408,15 +5502,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -5440,8 +5534,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5462,15 +5557,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -5494,8 +5589,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5516,15 +5612,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -5548,8 +5644,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5570,15 +5667,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -5602,8 +5699,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5624,15 +5722,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -5656,8 +5754,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5678,15 +5777,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -5710,8 +5809,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5732,15 +5832,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -5764,8 +5864,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5786,15 +5887,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -5818,8 +5919,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5840,15 +5942,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -5872,8 +5974,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5894,15 +5997,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -5926,8 +6029,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5948,15 +6052,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -5980,8 +6084,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6002,15 +6107,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -6027,3 +6132,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md b/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md
index 1b428b1884..5beff76d0e 100644
--- a/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md
+++ b/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_MobilePCMobilityCenter
-description: Policy CSP - ADMX_MobilePCMobilityCenter
+description: Learn about Policy CSP - ADMX_MobilePCMobilityCenter.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -46,8 +46,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -65,11 +66,11 @@ manager: dansimp
This policy setting turns off Windows Mobility Center.
-- If you enable this policy setting, the user is unable to invoke Windows Mobility Center. The Windows Mobility Center UI is removed from all shell entry points and the .exe file does not launch it.
+- If you enable this policy setting, the user is unable to invoke Windows Mobility Center. The Windows Mobility Center UI is removed from all shell entry points and the .exe file doesn't launch it.
- If you disable this policy setting, the user is able to invoke Windows Mobility Center and the .exe file launches it.
-If you do not configure this policy setting, Windows Mobility Center is on by default.
+If you don't configure this policy setting, Windows Mobility Center is on by default.
@@ -93,8 +94,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -111,12 +113,12 @@ ADMX Info:
-This policy setting turns off Windows Mobility Center.
-- If you enable this policy setting, the user is unable to invoke Windows Mobility Center. The Windows Mobility Center UI is removed from all shell entry points and the .exe file does not launch it.
+This policy setting turns off Windows Mobility Center.
+- If you enable this policy setting, the user is unable to invoke Windows Mobility Center. The Windows Mobility Center UI is removed from all shell entry points and the .exe file doesn't launch it.
- If you disable this policy setting, the user is able to invoke Windows Mobility Center and the .exe file launches it.
-If you do not configure this policy setting, Windows Mobility Center is on by default.
+If you don't configure this policy setting, Windows Mobility Center is on by default.
@@ -133,3 +135,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md b/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md
index f9fe20c69c..382e64f23d 100644
--- a/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md
+++ b/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_MobilePCPresentationSettings
-description: Policy CSP - ADMX_MobilePCPresentationSettings
+description: Learn about Policy CSP - ADMX_MobilePCPresentationSettings.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -47,8 +47,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -67,9 +68,9 @@ manager: dansimp
This policy setting turns off Windows presentation settings.
-- If you enable this policy setting, Windows presentation settings cannot be invoked.
+If you enable this policy setting, Windows presentation settings can't be invoked.
-- If you disable this policy setting, Windows presentation settings can be invoked.
+If you disable this policy setting, Windows presentation settings can be invoked.
The presentation settings icon will be displayed in the notification area. This will give users a quick and easy way to configure their system settings before a presentation to block system notifications and screen blanking, adjust speaker volume, and apply a custom background image.
@@ -100,8 +101,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -120,14 +122,15 @@ ADMX Info:
This policy setting turns off Windows presentation settings.
-- If you enable this policy setting, Windows presentation settings cannot be invoked.
+If you enable this policy setting, Windows presentation settings can't be invoked.
-- If you disable this policy setting, Windows presentation settings can be invoked.
+If you disable this policy setting, Windows presentation settings can be invoked.
The presentation settings icon will be displayed in the notification area. This will give users a quick and easy way to configure their system settings before a presentation to block system notifications and screen blanking, adjust speaker volume, and apply a custom background image.
> [!NOTE]
> Users will be able to customize their system settings for presentations in Windows Mobility Center.
+
If you do not configure this policy setting, Windows presentation settings can be invoked.
@@ -145,3 +148,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-msapolicy.md b/windows/client-management/mdm/policy-csp-admx-msapolicy.md
index 21ecaf3e29..e95aac830e 100644
--- a/windows/client-management/mdm/policy-csp-admx-msapolicy.md
+++ b/windows/client-management/mdm/policy-csp-admx-msapolicy.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_MSAPolicy
-description: Policy CSP - ADMX_MSAPolicy
+description: Learn about Policy CSP - ADMX_MSAPolicy.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -42,8 +42,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -60,7 +61,7 @@ manager: dansimp
-This policy setting controls whether users can provide Microsoft accounts for authentication for applications or services. If this setting is enabled, all applications and services on the device are prevented from using Microsoft accounts for authentication.
+This policy setting controls whether users can provide Microsoft accounts for authentication, applications or services. If this setting is enabled, all applications and services on the device are prevented from using Microsoft accounts for authentication.
This functionality applies both to existing users of a device and new users who may be added. However, any application or service that has already authenticated a user won't be affected by enabling this setting until the authentication cache expires.
@@ -82,7 +83,8 @@ ADMX Info:
-
-
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-msched.md b/windows/client-management/mdm/policy-csp-admx-msched.md
index 4bcef7a8d0..a3e9d15464 100644
--- a/windows/client-management/mdm/policy-csp-admx-msched.md
+++ b/windows/client-management/mdm/policy-csp-admx-msched.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_msched
-description: Policy CSP - ADMX_msched
+description: Learn about Policy CSP - ADMX_msched.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -13,6 +13,7 @@ manager: dansimp
---
# Policy CSP - ADMX_msched
+
>[!TIP]
> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
@@ -45,8 +46,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -91,8 +93,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -133,8 +136,8 @@ ADMX Info:
-
-
-
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-msdt.md b/windows/client-management/mdm/policy-csp-admx-msdt.md
index 74fa908dc8..01e72fdc64 100644
--- a/windows/client-management/mdm/policy-csp-admx-msdt.md
+++ b/windows/client-management/mdm/policy-csp-admx-msdt.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_MSDT
-description: Policy CSP - ADMX_MSDT
+description: Learn about Policy CSP - ADMX_MSDT.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -48,8 +48,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -100,8 +101,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -164,8 +166,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -212,3 +215,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-msi.md b/windows/client-management/mdm/policy-csp-admx-msi.md
index acdf31ff93..af31120c3c 100644
--- a/windows/client-management/mdm/policy-csp-admx-msi.md
+++ b/windows/client-management/mdm/policy-csp-admx-msi.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_MSI
-description: Policy CSP - ADMX_MSI
+description: Learn about Policy CSP - ADMX_MSI.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -110,8 +110,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -161,8 +162,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -185,7 +187,7 @@ If you enable this policy setting, all users are permitted to install programs f
This policy setting doesn't affect installations that run in the user's security context. By default, users can install from removable media when the installation runs in their own security context.
-If you disable or don't configure this policy setting, by default, users can install programs from removable media only when the installation runs in the user's security context. During privileged installations, such as those offered on the desktop or displayed in Add or Remove Programs, only system administrators can install from removable media.
+If you disable or don't configure this policy setting, users can install programs from removable media by default, only when the installation runs in the user's security context. During privileged installations, such as those offered on the desktop or displayed in Add or Remove Programs, only system administrators can install from removable media.
Also, see the "Prevent removable media source for any install" policy setting.
@@ -212,8 +214,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -260,8 +263,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -313,8 +317,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -366,8 +371,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -413,8 +419,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -464,8 +471,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -517,8 +525,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -568,8 +577,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -620,8 +630,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -668,8 +679,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -717,8 +729,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -764,8 +777,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -814,8 +828,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -864,8 +879,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -914,8 +930,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -962,8 +979,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1010,8 +1028,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1063,8 +1082,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1116,8 +1136,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1163,8 +1184,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1212,8 +1234,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1265,8 +1288,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1309,7 +1333,8 @@ ADMX Info:
+
+## Related topics
-
-
\ No newline at end of file
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md b/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md
index 2d23267cbd..54717a8f50 100644
--- a/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md
+++ b/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_MsiFileRecovery
-description: Policy CSP - ADMX_MsiFileRecovery
+description: Learn about Policy CSP - ADMX_MsiFileRecovery.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -42,8 +42,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -94,4 +95,8 @@ ADMX Info:
-
\ No newline at end of file
+
+
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-nca.md b/windows/client-management/mdm/policy-csp-admx-nca.md
index 4a0b0ee3ae..2b520f4ec5 100644
--- a/windows/client-management/mdm/policy-csp-admx-nca.md
+++ b/windows/client-management/mdm/policy-csp-admx-nca.md
@@ -63,8 +63,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -119,8 +120,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -161,8 +163,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -209,8 +212,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -253,8 +257,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -306,8 +311,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -349,8 +355,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -395,8 +402,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -431,7 +439,8 @@ ADMX Info:
-
-
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-ncsi.md b/windows/client-management/mdm/policy-csp-admx-ncsi.md
index 2560340dd7..41bfae8db7 100644
--- a/windows/client-management/mdm/policy-csp-admx-ncsi.md
+++ b/windows/client-management/mdm/policy-csp-admx-ncsi.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_NCSI
-description: Policy CSP - ADMX_NCSI
+description: Learn about Policy CSP - ADMX_NCSI.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -13,6 +13,7 @@ manager: dansimp
---
# Policy CSP - ADMX_NCSI
+
>[!TIP]
> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
@@ -60,8 +61,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -78,11 +80,10 @@ manager: dansimp
-This policy setting enables you to specify the expected address of the host name used for the DNS probe. Successful resolution of the host name to this address indicates corporate connectivity.
+This policy setting enables you to specify the expected address of the host name used for the DNS probe. Successful resolution of the host name to this address indicates corporate connectivity.
-
ADMX Info:
- GP Friendly name: *Specify corporate DNS probe host address*
@@ -102,8 +103,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -144,8 +146,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -162,7 +165,7 @@ ADMX Info:
-This policy setting enables you to specify the list of IPv6 corporate site prefixes to monitor for corporate connectivity. Reachability of addresses with any of these prefixes indicates corporate connectivity.
+This policy setting enables you to specify the list of IPv6 corporate site prefixes to monitor for corporate connectivity. Reachability of addresses with any of the prefixes indicates corporate connectivity.
@@ -186,8 +189,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -231,8 +235,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -249,7 +254,7 @@ ADMX Info:
-This policy setting enables you to specify the HTTPS URL of the corporate website that clients use to determine the current domain location (i.e. whether the computer is inside or outside the corporate network). Reachability of the URL destination indicates that the client location is inside corporate network; otherwise it is outside the network.
+This policy setting enables you to specify the HTTPS URL of the corporate website that clients use to determine the current domain location (that is, whether the computer is inside or outside the corporate network). Reachability of the URL destination indicates that the client location is inside corporate network; otherwise it is outside the network.
@@ -273,8 +278,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -291,7 +297,7 @@ ADMX Info:
-This policy setting enables you to specify DNS binding behavior. NCSI by default will restrict DNS lookups to the interface it is currently probing on. If you enable this setting, NCSI will allow the DNS lookups to happen on any interface.
+This policy setting enables you to specify DNS binding behavior. NCSI by default will restrict DNS lookups to the interface it's currently probing on. If you enable this setting, NCSI will allow the DNS lookups to happen on any interface.
@@ -315,8 +321,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -352,3 +359,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-netlogon.md b/windows/client-management/mdm/policy-csp-admx-netlogon.md
index 4527aa2946..517f41ab17 100644
--- a/windows/client-management/mdm/policy-csp-admx-netlogon.md
+++ b/windows/client-management/mdm/policy-csp-admx-netlogon.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_Netlogon
-description: Policy CSP - ADMX_Netlogon
+description: Learn about Policy CSP - ADMX_Netlogon.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -13,6 +13,7 @@ manager: dansimp
---
# Policy CSP - ADMX_Netlogon
+
>[!TIP]
> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
@@ -144,8 +145,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -198,8 +200,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -228,7 +231,6 @@ If you don't configure this policy setting, DC Locator APIs can return IPv4/IPv6
-
ADMX Info:
- GP Friendly name: *Return domain controller address type*
@@ -250,8 +252,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -268,13 +271,13 @@ ADMX Info:
-This policy setting specifies whether the computers to which this setting is applied attempts DNS name resolution of single-label domain names, by appending different registered DNS suffixes, and uses NetBIOS name resolution only if DNS name resolution fails. This policy, including the specified default behavior, isn't used if the AllowSingleLabelDnsDomain policy setting is enabled.
+This policy setting specifies whether the computers to which this setting is applied attempts DNS name resolution of single-label domain names, by appending different registered DNS suffixes, and uses NetBIOS name resolution only if DNS name resolution fails. This policy, including the specified default behavior, isn't used if the `AllowSingleLabelDnsDomain` policy setting is enabled.
-By default, when no setting is specified for this policy, the behavior is the same as explicitly enabling this policy, unless the AllowSingleLabelDnsDomain policy setting is enabled.
+By default, when no setting is specified for this policy, the behavior is the same as explicitly enabling this policy, unless the `AllowSingleLabelDnsDomain` policy setting is enabled.
-If you enable this policy setting, when the AllowSingleLabelDnsDomain policy isn't enabled, computers to which this policy is applied, will locate a domain controller hosting an Active Directory domain specified with a single-label name, by appending different registered DNS suffixes to perform DNS name resolution. The single-label name isn't used without appending DNS suffixes unless the computer is joined to a domain that has a single-label DNS name in the Active Directory forest. NetBIOS name resolution is performed on the single-label name only, if DNS resolution fails.
+If you enable this policy setting, when the `AllowSingleLabelDnsDomain` policy isn't enabled, computers to which this policy is applied, will locate a domain controller hosting an Active Directory domain specified with a single-label name, by appending different registered DNS suffixes to perform DNS name resolution. The single-label name isn't used without appending DNS suffixes unless the computer is joined to a domain that has a single-label DNS name in the Active Directory forest. NetBIOS name resolution is performed on the single-label name only, if DNS resolution fails.
-If you disable this policy setting, when the AllowSingleLabelDnsDomain policy isn't enabled, computers to which this policy is applied, will only use NetBIOS name resolution to attempt to locate a domain controller hosting an Active Directory domain specified with a single-label name. The computers won't attempt DNS name resolution in this case, unless the computer is searching for a domain with a single label DNS name to which this computer is joined, in the Active Directory forest.
+If you disable this policy setting, when the `AllowSingleLabelDnsDomain` policy isn't enabled, computers to which this policy is applied, will only use NetBIOS name resolution to attempt to locate a domain controller hosting an Active Directory domain specified with a single-label name. The computers won't attempt DNS name resolution in this case, unless the computer is searching for a domain with a single label DNS name to which this computer is joined, in the Active Directory forest.
@@ -300,8 +303,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -352,8 +356,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -372,11 +377,11 @@ ADMX Info:
This policy setting specifies whether the computers to which this setting is applied attempt DNS name resolution of a single-label domain name.
-By default, the behavior specified in the AllowDnsSuffixSearch is used. If the AllowDnsSuffixSearch policy is disabled, then NetBIOS name resolution is used exclusively, to locate a domain controller hosting an Active Directory domain specified with a single-label name.
+By default, the behavior specified in the `AllowDnsSuffixSearch` is used. If the `AllowDnsSuffixSearch` policy is disabled, then NetBIOS name resolution is used exclusively, to locate a domain controller hosting an Active Directory domain specified with a single-label name.
If you enable this policy setting, computers to which this policy is applied will attempt to locate a domain controller hosting an Active Directory domain specified with a single-label name using DNS name resolution.
-If you disable this policy setting, computers to which this setting is applied will use the AllowDnsSuffixSearch policy, if it isn't disabled or perform NetBIOS name resolution otherwise, to attempt to locate a domain controller that hosts an Active Directory domain specified with a single-label name. the computers won't the DNS name resolution in this case, unless the computer is searching for a domain with a single label DNS name that exists in the Active Directory forest to which this computer is joined.
+If you disable this policy setting, computers to which this setting is applied will use the `AllowDnsSuffixSearch` policy, if it isn't disabled or perform NetBIOS name resolution otherwise, to attempt to locate a domain controller that hosts an Active Directory domain specified with a single-label name. The computers won't use the DNS name resolution in this case, unless the computer is searching for a domain with a single label DNS name that exists in the Active Directory forest to which this computer is joined.
If you don't configure this policy setting, it isn't applied to any computers, and computers use their local configuration.
@@ -404,8 +409,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -454,8 +460,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -507,8 +514,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -559,8 +567,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -614,8 +623,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -671,8 +681,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -720,8 +731,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -764,8 +776,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -816,8 +829,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -892,8 +906,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -945,8 +960,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -998,8 +1014,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1045,8 +1062,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1065,7 +1083,7 @@ ADMX Info:
This policy setting specifies the extra time for the computer to wait for the domain controller’s (DC) response when logging on to the network.
-To specify the expected dial-up delay at sign in, click Enabled, and then enter the desired value in seconds (for example, the value "60" is 1 minute).
+To specify the expected dial-up delay at sign-in, click Enabled, and then enter the desired value in seconds (for example, the value "60" is 1 minute).
If you don't configure this policy setting, it isn't applied to any computers, and computers use their local configuration.
@@ -1093,8 +1111,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1145,8 +1164,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1163,7 +1183,7 @@ ADMX Info:
-This policy setting specifies the sites for which the global catalogs (GC) should register site-specific GC locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the GC resides, and records registered by a GC configured to register GC Locator DNS SRV records for those sites without a GC that are closest to it.
+This policy setting specifies the sites for which the global catalogs (GC) should register site-specific GC locator DNS SRV resource records. The records are registered in addition to the site-specific SRV records registered for the site where the GC resides, and records registered by a GC configured to register GC Locator DNS SRV records for those sites without a GC that are closest to it.
The GC Locator DNS records and the site-specific SRV records are dynamically registered by the Net Logon service, and they're used to locate the GC. An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication. A GC is a domain controller that contains a partial replica of every domain in Active Directory.
@@ -1195,8 +1215,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1248,8 +1269,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1298,8 +1320,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1348,8 +1371,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1396,8 +1420,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1446,8 +1471,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1466,7 +1492,7 @@ ADMX Info:
This policy setting specifies the amount of time (in seconds) the DC locator remembers that a domain controller (DC) couldn't be found in a domain. When a subsequent attempt to locate the DC occurs within the time set in this setting, DC Discovery immediately fails, without attempting to find the DC.
-The default value for this setting is 45 seconds. The maximum value for this setting is 7 days (7*24*60*60). The minimum value for this setting is 0.
+The default value for this setting is 45 seconds. The maximum value for this setting is seven days (7*24*60*60). The minimum value for this setting is 0.
> [!WARNING]
> If the value for this setting is too large, a client won't attempt to find any DCs that were initially unavailable. If the value for this setting is too small, clients will attempt to find DCs even when none are available.
@@ -1495,8 +1521,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1550,8 +1577,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1596,8 +1624,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1651,8 +1680,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1705,8 +1735,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1755,8 +1786,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1805,8 +1837,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1860,8 +1893,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1912,8 +1946,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1955,3 +1990,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-networkconnections.md b/windows/client-management/mdm/policy-csp-admx-networkconnections.md
index 5da60f709b..210fdcd3ca 100644
--- a/windows/client-management/mdm/policy-csp-admx-networkconnections.md
+++ b/windows/client-management/mdm/policy-csp-admx-networkconnections.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_NetworkConnections
-description: Policy CSP - ADMX_NetworkConnections
+description: Learn about Policy CSP - ADMX_NetworkConnections.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -121,8 +121,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -178,8 +179,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -231,8 +233,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -289,8 +292,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -342,8 +346,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -401,8 +406,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -458,8 +464,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -508,8 +515,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -554,8 +562,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -606,8 +615,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -656,8 +666,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -702,8 +713,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -763,8 +775,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -816,8 +829,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -871,8 +885,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -924,8 +939,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -979,8 +995,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1038,8 +1055,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1097,8 +1115,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1145,8 +1164,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1202,8 +1222,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1259,8 +1280,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1314,8 +1336,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1367,8 +1390,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1420,8 +1444,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1446,7 +1471,7 @@ If you enable this setting, ICS can't be enabled or configured by administrators
If you disable this setting or don't configure it and have two or more connections, administrators can enable ICS. The Advanced tab in the properties dialog box for a LAN or remote access connection is available. In addition, the user is presented with the option to enable Internet Connection Sharing in the Network Setup Wizard and Make New Connection Wizard.
-By default, ICS is disabled when you create a remote access connection, but administrators can use the Advanced tab to enable it. When running the New Connection Wizard or Network Setup Wizard, administrators can choose to enable ICS.
+By default, ICS is disabled when you create a remote access connection, but administrators can use the Advanced tab to enable it. When administrators are running the New Connection Wizard or Network Setup Wizard, they can choose to enable ICS.
> [!NOTE]
> Internet Connection Sharing is only available when two or more network connections are present.
@@ -1479,8 +1504,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1529,8 +1555,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1567,5 +1594,8 @@ ADMX Info:
+
-
\ No newline at end of file
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-offlinefiles.md b/windows/client-management/mdm/policy-csp-admx-offlinefiles.md
index 6a461fb657..7d60db6150 100644
--- a/windows/client-management/mdm/policy-csp-admx-offlinefiles.md
+++ b/windows/client-management/mdm/policy-csp-admx-offlinefiles.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_OfflineFiles
-description: Policy CSP - ADMX_OfflineFiles
+description: Learn about Policy CSP - ADMX_OfflineFiles.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -13,6 +13,7 @@ manager: dansimp
---
# Policy CSP - ADMX_OfflineFiles
+
>[!TIP]
> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
@@ -177,8 +178,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -225,8 +227,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -247,7 +250,7 @@ This policy setting lists network files and folders that are always available fo
If you enable this policy setting, the files you enter are always available offline to users of the computer. To specify a file or folder, click Show. In the Show Contents dialog box in the Value Name column, type the fully qualified UNC path to the file or folder. Leave the Value column field blank.
-If you disable this policy setting, the list of files or folders made always available offline (including those files or folders inherited from lower precedence GPOs) is deleted and no files or folders are made available for offline use by Group Policy (though users can still specify their own files and folders for offline use).
+If you disable this policy setting, the list of files or folders made always available offline (including those files or folders inherited from lower precedence GPOs) is deleted. And, no files or folders are made available for offline use by Group Policy (though users can still specify their own files and folders for offline use).
If you don't configure this policy setting, no files or folders are made available for offline use by Group Policy.
@@ -276,8 +279,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -298,7 +302,7 @@ This policy setting lists network files and folders that are always available fo
If you enable this policy setting, the files you enter are always available offline to users of the computer. To specify a file or folder, click Show. In the Show Contents dialog box in the Value Name column, type the fully qualified UNC path to the file or folder. Leave the Value column field blank.
-If you disable this policy setting, the list of files or folders made always available offline (including those files or folders inherited from lower precedence GPOs) is deleted and no files or folders are made available for offline use by Group Policy (though users can still specify their own files and folders for offline use).
+If you disable this policy setting, the list of files or folders made always available offline (including those files or folders inherited from lower precedence GPOs) is deleted. And, no files or folders are made available for offline use by Group Policy (though users can still specify their own files and folders for offline use).
If you don't configure this policy setting, no files or folders are made available for offline use by Group Policy.
@@ -327,8 +331,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -375,8 +380,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -433,8 +439,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -458,7 +465,6 @@ This setting also disables the "When a network connection is lost" option on the
If you enable this setting, you can use the "Action" box to specify how computers in the group respond.
- "Work offline" indicates that the computer can use local copies of network files while the server is inaccessible.
-
- "Never go offline" indicates that network files aren't available while the server is inaccessible.
If you disable this setting or select the "Work offline" option, users can work offline if disconnected.
@@ -494,8 +500,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -518,8 +525,7 @@ This setting also disables the "When a network connection is lost" option on the
If you enable this setting, you can use the "Action" box to specify how computers in the group respond.
-- "Work offline" indicates that the computer can use local copies of network files while the server is inaccessible.
-
+- "Work offline" indicates that the computer can use local copies of network files while the server is inaccessible.
- "Never go offline" indicates that network files aren't available while the server is inaccessible.
If you disable this setting or select the "Work offline" option, users can work offline if disconnected.
@@ -555,8 +561,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -612,8 +619,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -663,8 +671,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -694,7 +703,7 @@ If you don't configure this policy setting, encryption of the Offline Files cach
> [!NOTE]
> By default, this cache is protected on NTFS partitions by ACLs.
-This setting is applied at user sign in. If this setting is changed after user sign in, then user sign out and sign in is required for this setting to take effect.
+This setting is applied at user sign-in. If this setting is changed after user sign-in, then user sign-out and sign-in is required for this setting to take effect.
@@ -717,8 +726,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -737,7 +747,7 @@ ADMX Info:
This policy setting determines which events the Offline Files feature records in the event log.
-Offline Files records events in the Application log in Event Viewer when it detects errors. By default, Offline Files records an event only when the offline files storage cache is corrupted. However, you can use this setting to specify the other events you want Offline Files to record.
+Offline Files records events in the Application login Event Viewer when it detects errors. By default, Offline Files records an event only when the offline files storage cache is corrupted. However, you can use this setting to specify the other events you want Offline Files to record.
To use this setting, in the "Enter" box, select the number corresponding to the events you want the system to log. The levels are cumulative; that is, each level includes the events in all preceding levels.
@@ -774,8 +784,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -794,16 +805,13 @@ ADMX Info:
This policy setting determines which events the Offline Files feature records in the event log.
-Offline Files records events in the Application log in Event Viewer when it detects errors. By default, Offline Files records an event only when the offline files storage cache is corrupted. However, you can use this setting to specify the other events you want Offline Files to record.
+Offline Files records events in the Application login Event Viewer when it detects errors. By default, Offline Files records an event only when the offline files storage cache is corrupted. However, you can use this setting to specify the other events you want Offline Files to record.
To use this setting, in the "Enter" box, select the number corresponding to the events you want the system to log. The levels are cumulative; that is, each level includes the events in all preceding levels.
-- "0" records an error when the offline storage cache is corrupted.
-
+- "0" records an error when the offline storage cache is corrupted.
- "1" also records an event when the server hosting the offline file is disconnected from the network.
-
- "2" also records events when the local computer is connected and disconnected from the network.
-
- "3" also records an event when the server hosting the offline file is reconnected to the network.
> [!NOTE]
@@ -831,8 +839,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -877,8 +886,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -897,7 +907,7 @@ ADMX Info:
Lists types of files that can't be used offline.
-This setting lets you exclude certain types of files from automatic and manual caching for offline use. The system doesn't cache files of the type specified in this setting even when they reside on a network share configured for automatic caching. Also, if users try to make a file of this type available offline, the operation will fail and the following message will be displayed in the Synchronization Manager progress dialog box: "Files of this type cannot be made available offline."
+This setting lets you exclude certain types of files from automatic and manual caching for offline use. The system doesn't cache files of the type specified in this setting even when they reside on a network share configured for automatic caching. Also, if users try to make a file of this type available offline, the operation will fail and the following message will be displayed in the Synchronization Manager progress dialog box: "Files of this type can't be made available offline."
This setting is designed to protect files that can't be separated, such as database components.
@@ -928,8 +938,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -989,8 +1000,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1050,8 +1062,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1101,8 +1114,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1152,8 +1166,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1203,8 +1218,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1254,8 +1270,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1304,8 +1321,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1354,8 +1372,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1408,8 +1427,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1462,8 +1482,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1519,8 +1540,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1576,8 +1598,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1626,8 +1649,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1674,8 +1698,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1723,8 +1748,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1743,7 +1769,7 @@ ADMX Info:
This policy setting allows you to turn on economical application of administratively assigned Offline Files.
-If you enable or don't configure this policy setting, only new files and folders in administratively assigned folders are synchronized at sign in. Files and folders that are already available offline are skipped and are synchronized later.
+If you enable or don't configure this policy setting, only new files and folders in administratively assigned folders are synchronized at sign-in. Files and folders that are already available offline are skipped and are synchronized later.
If you disable this policy setting, all administratively assigned folders are synchronized at logon.
@@ -1769,8 +1795,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1820,8 +1847,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1871,8 +1899,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1917,8 +1946,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1963,8 +1993,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2009,8 +2040,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2055,8 +2087,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2111,8 +2144,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2161,8 +2195,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2216,8 +2251,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2271,8 +2307,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2293,7 +2330,7 @@ This policy setting determines whether offline files are fully synchronized when
This setting also disables the "Synchronize all offline files before logging on" option on the Offline Files tab. This disablement prevents users from trying to change the option while a setting controls it.
-If you enable this setting, offline files are fully synchronized at sign in. Full synchronization ensures that offline files are complete and current. Enabling this setting automatically enables logon synchronization in Synchronization Manager.
+If you enable this setting, offline files are fully synchronized at sign-in. Full synchronization ensures that offline files are complete and current. Enabling this setting automatically enables logon synchronization in Synchronization Manager.
If this setting is disabled and Synchronization Manager is configured for logon synchronization, the system performs only a quick synchronization. Quick synchronization ensures that files are complete but doesn't ensure that they're current.
@@ -2328,8 +2365,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2350,11 +2388,11 @@ This policy setting determines whether offline files are fully synchronized when
This setting also disables the "Synchronize all offline files before logging on" option on the Offline Files tab. This disablement prevents users from trying to change the option while a setting controls it.
-If you enable this setting, offline files are fully synchronized at sign in. Full synchronization ensures that offline files are complete and current. Enabling this setting automatically enables logon synchronization in Synchronization Manager.
+If you enable this setting, offline files are fully synchronized at sign-in. Full synchronization ensures that offline files are complete and current. Enabling this setting automatically enables logon synchronization in Synchronization Manager.
If this setting is disabled and Synchronization Manager is configured for logon synchronization, the system performs only a quick synchronization. Quick synchronization ensures that files are complete but doesn't ensure that they're current.
-If you don't configure this setting and Synchronization Manager is configured for logon synchronization, the system performs a quick synchronization by default, but users can change this option.
+If you don't configure this setting and Synchronization Manager is configured for logon synchronization, the system performs a quick synchronization by default. However, users can change this option.
This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
@@ -2383,8 +2421,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2432,8 +2471,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2481,8 +2521,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2527,8 +2568,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2573,8 +2615,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2615,3 +2658,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-pca.md b/windows/client-management/mdm/policy-csp-admx-pca.md
index 940b2bc510..21b21c87e2 100644
--- a/windows/client-management/mdm/policy-csp-admx-pca.md
+++ b/windows/client-management/mdm/policy-csp-admx-pca.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_pca
-description: Policy CSP - ADMX_pca
+description: Learn about Policy CSP - ADMX_pca.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -61,8 +61,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -81,10 +82,11 @@ manager: dansimp
This policy setting configures the Program Compatibility Assistant (PCA) to diagnose failures with application and driver compatibility.
-- If you enable this policy setting, the PCA is configured to detect failures during application installation, failures during application runtime, and drivers blocked due to compatibility issues. When failures are detected, the PCA will provide options to run the application in a compatibility mode or get help online through a Microsoft website.
-- If you disable this policy setting, the PCA does not detect compatibility issues for applications and drivers.
+If you enable this policy setting, the PCA is configured to detect failures during application installation, failures during application runtime, and drivers blocked due to compatibility issues. When failures are detected, the PCA will provide options to run the application in a compatibility mode or get help online through a Microsoft website.
-If you do not configure this policy setting, the PCA is configured to detect failures during application installation, failures during application runtime, and drivers blocked due to compatibility issues.
+If you disable this policy setting, the PCA doesn't detect compatibility issues for applications and drivers.
+
+If you don't configure this policy setting, the PCA is configured to detect failures during application installation, failures during application runtime, and drivers blocked due to compatibility issues.
> [!NOTE]
> This policy setting has no effect if the "Turn off Program Compatibility Assistant" policy setting is enabled.
@@ -112,8 +114,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -130,7 +133,7 @@ ADMX Info:
-This setting exists only for backward compatibility, and is not valid for this version of Windows.
+This setting exists only for backward compatibility, and isn't valid for this version of Windows.
To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative
Templates\Windows Components\Application Compatibility.
@@ -157,8 +160,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -176,7 +180,7 @@ ADMX Info:
-This setting exists only for backward compatibility, and is not valid for this version of Windows. To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility.
+This setting exists only for backward compatibility, and isn't valid for this version of Windows. To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility.
@@ -198,8 +202,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -217,7 +222,7 @@ ADMX Info:
-This setting exists only for backward compatibility, and is not valid for this version of Windows. To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility.
+This setting exists only for backward compatibility, and isn't valid for this version of Windows. To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility.
@@ -240,8 +245,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -259,7 +265,8 @@ ADMX Info:
-This setting exists only for backward compatibility, and is not valid for this version of Windows.
+This setting exists only for backward compatibility, and isn't valid for this version of Windows.
+
To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility.
@@ -283,8 +290,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -302,7 +310,8 @@ ADMX Info:
-This setting exists only for backward compatibility, and is not valid for this version of Windows.
+This setting exists only for backward compatibility, and isn't valid for this version of Windows.
+
To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility.
@@ -326,8 +335,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -345,7 +355,8 @@ ADMX Info:
-This setting exists only for backward compatibility, and is not valid for this version of Windows.
+This setting exists only for backward compatibility, and isn't valid for this version of Windows.
+
To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility.
@@ -364,3 +375,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md b/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md
index d6a2ec5b2f..7218cc97d6 100644
--- a/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md
+++ b/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_PeerToPeerCaching
-description: Policy CSP - ADMX_PeerToPeerCaching
+description: Learn about Policy CSP - ADMX_PeerToPeerCaching.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -13,6 +13,7 @@ manager: dansimp
---
# Policy CSP - ADMX_PeerToPeerCaching
+
>[!TIP]
> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
@@ -65,8 +66,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -89,9 +91,7 @@ This policy setting specifies whether BranchCache is enabled on client computers
- Set BranchCache Hosted Cache mode
- Configure Hosted Cache Servers
-Policy configuration
-
-Select one of the following options:
+For policy configuration, select one of the following options:
- Not Configured: With this selection, BranchCache settings aren't applied to client computers by this policy. In the circumstance where client computers are domain members but you don't want to enable BranchCache on all client computers, you can specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache on individual client computers. Because the domain Group Policy setting isn't configured, it won't over-write the enabled setting that you use on individual client computers where you want to enable BranchCache.
- Enabled: With this selection, BranchCache is turned on for all client computers where the policy is applied. For example, if this policy is enabled in domain Group Policy, BranchCache is turned on for all domain member client computers to which the policy is applied.
@@ -122,8 +122,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -144,9 +145,7 @@ This policy setting specifies whether BranchCache distributed cache mode is enab
In distributed cache mode, client computers download content from BranchCache-enabled main office content servers, cache the content locally, and serve the content to other BranchCache distributed cache mode clients in the branch office.
-Policy configuration
-
-Select one of the following options:
+For policy configuration, select one of the following options:
- Not Configured: With this selection, BranchCache settings aren't applied to client computers by this policy. In the circumstance where client computers are domain members but you don't want to enable BranchCache on all client computers, you can specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache on individual client computers. Because the domain Group Policy setting isn't configured, it won't over-write the enabled setting that you use on individual client computers where you want to enable BranchCache.
- Enabled: With this selection, BranchCache distributed cache mode is enabled for all client computers where the policy is applied. For example, if this policy is enabled in domain Group Policy, BranchCache distributed cache mode is turned on for all domain member client computers to which the policy is applied.
@@ -177,8 +176,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -199,9 +199,7 @@ This policy setting specifies whether BranchCache hosted cache mode is enabled o
When a client computer is configured as a hosted cache mode client, it's able to download cached content from a hosted cache server that is located at the branch office. In addition, when the hosted cache client obtains content from a content server, the client can upload the content to the hosted cache server for access by other hosted cache clients at the branch office.
-Policy configuration
-
-Select one of the following options:
+For policy configuration, select one of the following options:
- Not Configured: With this selection, BranchCache settings aren't applied to client computers by this policy. In the circumstance where client computers are domain members but you don't want to enable BranchCache on all client computers, you can specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache on individual client computers. Because the domain Group Policy setting isn't configured, it won't over-write the enabled setting that you use on individual client computers where you want to enable BranchCache.
- Enabled: With this selection, BranchCache hosted cache mode is enabled for all client computers where the policy is applied. For example, if this policy is enabled in domain Group Policy, BranchCache hosted cache mode is turned on for all domain member client computers to which the policy is applied.
@@ -238,8 +236,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -272,9 +271,7 @@ This policy setting can only be applied to client computers that are running at
If you disable, or don't configure this setting, a client won't attempt to discover hosted cache servers by service connection point.
-Policy configuration
-
-Select one of the following options:
+For policy configuration, select one of the following options:
- Not Configured: With this selection, BranchCache settings aren't applied to client computers by this policy setting, and client computers don't perform hosted cache server discovery.
- Enabled: With this selection, the policy setting is applied to client computers, which perform automatically hosted cache server discovery and which are configured as hosted cache mode clients.
@@ -302,8 +299,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -324,13 +322,11 @@ This policy setting specifies whether client computers are configured to use hos
If you enable this policy setting and specify valid computer names of hosted cache servers, hosted cache mode is enabled for all client computers to which the policy setting is applied. For this policy setting to take effect, you must also enable the "Turn on BranchCache" policy setting.
-This policy setting can only be applied to client computers that are running at least Windows 8. This policy has no effect on computers that are running Windows 7 or Windows Vista. Client computers to which this policy setting is applied, in addition to the "Set BranchCache Hosted Cache mode" policy setting, use the hosted cache servers that are specified in this policy setting and don't use the hosted cache server that is configured in the policy setting "Set BranchCache Hosted Cache Mode."
+This policy setting can only be applied to client computers that are running at least Windows 8. This policy has no effect on computers that are running Windows 7 or Windows Vista. Client computers to which this policy setting is applied, in addition to the "Set BranchCache Hosted Cache mode" policy setting, use the hosted cache servers that are specified in this policy setting and don't use the hosted cache server that is configured in the policy setting "Set BranchCache Hosted Cache Mode".
If you don't configure this policy setting, or if you disable this policy setting, client computers that are configured with hosted cache mode still function correctly.
-Policy configuration
-
-Select one of the following options:
+For policy configuration, select one of the following options:
- Not Configured: With this selection, BranchCache settings aren't applied to client computers by this policy setting.
- Enabled: With this selection, the policy setting is applied to client computers, which are configured as hosted cache mode clients that use the hosted cache servers that you specify in "Hosted cache servers."
@@ -362,8 +358,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -382,9 +379,7 @@ ADMX Info:
This policy setting is used only when you've deployed one or more BranchCache-enabled file servers at your main office. This policy setting specifies when client computers in branch offices start caching content from file servers based on the network latency - or delay - that occurs when the clients download content from the main office over a Wide Area Network (WAN) link. When you configure a value for this setting, which is the maximum round trip network latency allowed before caching begins, clients don't cache content until the network latency reaches the specified value; when network latency is greater than the value, clients begin caching content after they receive it from the file servers.
-Policy configuration
-
-Select one of the following options:
+For policy configuration, select one of the following options:
- Not Configured: With this selection, BranchCache latency settings aren't applied to client computers by this policy. In the circumstance where client computers are domain members but you don't want to configure a BranchCache latency setting on all client computers, you can specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache latency settings on individual client computers. Because the domain Group Policy setting isn't configured, it won't over-write the latency setting that you use on individual client computers.
- Enabled: With this selection, the BranchCache maximum round trip latency setting is enabled for all client computers where the policy is applied. For example, if Configure BranchCache for network files is enabled in domain Group Policy, the BranchCache latency setting that you specify in the policy is turned on for all domain member client computers to which the policy is applied.
@@ -416,8 +411,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -440,9 +436,7 @@ If you enable this policy setting, you can configure the percentage of total dis
If you disable or don't configure this policy setting, the cache is set to 5 percent of the total disk space on the client computer.
-Policy configuration
-
-Select one of the following options:
+For policy configuration, select one of the following options:
- Not Configured: With this selection, BranchCache client computer cache settings aren't applied to client computers by this policy. In the circumstance where client computers are domain members but you don't want to configure a BranchCache client computer cache setting on all client computers, you can specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache client computer cache settings on individual client computers. Because the domain Group Policy setting isn't configured, it won't over-write the client computer cache setting that you use on individual client computers.
- Enabled: With this selection, the BranchCache client computer cache setting is enabled for all client computers where the policy is applied. For example, if Set percentage of disk space used for client computer cache is enabled in domain Group Policy, the BranchCache client computer cache setting that you specify in the policy is turned on for all domain member client computers to which the policy is applied.
@@ -477,8 +471,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -501,9 +496,7 @@ If you enable this policy setting, you can configure the age for segments in the
If you disable or don't configure this policy setting, the age is set to 28 days.
-Policy configuration
-
-Select one of the following options:
+For policy configuration, select one of the following options:
- Not Configured: With this selection, BranchCache client computer cache age settings aren't applied to client computers by this policy. In the circumstance where client computers are domain members but you don't want to configure a BranchCache client computer cache age setting on all client computers, you can specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache client computer cache age settings on individual client computers. Because the domain Group Policy setting isn't configured, it won't over-write the client computer cache age setting that you use on individual client computers.
- Enabled: With this selection, the BranchCache client computer cache age setting is enabled for all client computers where the policy is applied. For example, if this policy setting is enabled in domain Group Policy, the BranchCache client computer cache age that you specify in the policy is turned on for all domain member client computers to which the policy is applied.
@@ -535,8 +528,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -559,9 +553,7 @@ If you enable this policy setting, all clients use the version of BranchCache th
If you don't configure this setting, all clients will use the version of BranchCache that matches their operating system.
-Policy configuration
-
-Select one of the following options:
+For policy configuration, select one of the following options:
- Not Configured: With this selection, this policy setting isn't applied to client computers, and the clients run the version of BranchCache that is included with their operating system.
- Enabled: With this selection, this policy setting is applied to client computers based on the value of the option setting "Select from the following versions" that you specify.
@@ -591,3 +583,7 @@ ADMX Info:
+
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-pentraining.md b/windows/client-management/mdm/policy-csp-admx-pentraining.md
index e3c4ae75b9..faf9afb98a 100644
--- a/windows/client-management/mdm/policy-csp-admx-pentraining.md
+++ b/windows/client-management/mdm/policy-csp-admx-pentraining.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_PenTraining
-description: Policy CSP - ADMX_PenTraining
+description: Learn about Policy CSP - ADMX_PenTraining.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -45,8 +45,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -65,9 +66,9 @@ manager: dansimp
Turns off Tablet PC Pen Training.
-- If you enable this policy setting, users cannot open Tablet PC Pen Training.
+- If you enable this policy setting, users can't open Tablet PC Pen Training.
-- If you disable or do not configure this policy setting, users can open Tablet PC Pen Training.
+- If you disable or don't configure this policy setting, users can open Tablet PC Pen Training.
@@ -91,8 +92,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -111,9 +113,9 @@ ADMX Info:
Turns off Tablet PC Pen Training.
-- If you enable this policy setting, users cannot open Tablet PC Pen Training.
+- If you enable this policy setting, users can't open Tablet PC Pen Training.
-- If you disable or do not configure this policy setting, users can open Tablet PC Pen Training.
+- If you disable or don't configure this policy setting, users can open Tablet PC Pen Training.
@@ -131,3 +133,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md b/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md
index 639a44a171..18ce028bb6 100644
--- a/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md
+++ b/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_PerformanceDiagnostics
-description: Policy CSP - ADMX_PerformanceDiagnostics
+description: Learn about Policy CSP - ADMX_PerformanceDiagnostics.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -13,6 +13,7 @@ manager: dansimp
---
# Policy CSP - ADMX_PerformanceDiagnostics
+
>[!TIP]
> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
@@ -51,8 +52,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -71,7 +73,7 @@ manager: dansimp
This policy setting determines the execution level for Windows Boot Performance Diagnostics.
-If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Boot Performance problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect Windows Boot Performance problems and indicate to the user that assisted resolution is available.
+If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Boot Performance problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting, and resolution, the DPS will detect Windows Boot Performance problems and indicate to the user that assisted resolution is available.
If you disable this policy setting, Windows won't be able to detect, troubleshoot or resolve any Windows Boot Performance problems that are handled by the DPS.
@@ -79,7 +81,8 @@ If you don't configure this policy setting, the DPS will enable Windows Boot Per
This policy setting takes effect only if the diagnostics-wide scenario execution policy isn't configured.
-No system restart or service restart is required for this policy to take effect: changes take effect immediately.
+>[!Note]
+>No system restart or service restart is required for this policy to take effect; changes take effect immediately.
This policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios won't be executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console.
@@ -105,8 +108,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -125,7 +129,7 @@ ADMX Info:
Determines the execution level for Windows Standby/Resume Performance Diagnostics.
-If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Standby/Resume Performance problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect Windows Standby/Resume Performance problems and indicate to the user that assisted resolution is available.
+If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Standby/Resume Performance problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting, and resolution, the DPS will detect Windows Standby/Resume Performance problems and indicate to the user that assisted resolution is available.
If you disable this policy setting, Windows won't be able to detect, troubleshoot or resolve any Windows Standby/Resume Performance problems that are handled by the DPS.
@@ -159,8 +163,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -179,7 +184,7 @@ ADMX Info:
This policy setting determines the execution level for Windows Shutdown Performance Diagnostics.
-If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Shutdown Performance problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect Windows Shutdown Performance problems and indicate to the user that assisted resolution is available.
+If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Shutdown Performance problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting, and resolution, the DPS will detect Windows Shutdown Performance problems and indicate to the user that assisted resolution is available.
If you disable this policy setting, Windows won't be able to detect, troubleshoot or resolve any Windows Shutdown Performance problems that are handled by the DPS.
@@ -213,8 +218,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -233,7 +239,7 @@ ADMX Info:
Determines the execution level for Windows Standby/Resume Performance Diagnostics.
-If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Standby/Resume Performance problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect Windows Standby/Resume Performance problems and indicate to the user that assisted resolution is available.
+If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Standby/Resume Performance problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting, and resolution, the DPS will detect Windows Standby/Resume Performance problems and indicate to the user that assisted resolution is available.
If you disable this policy setting, Windows won't be able to detect, troubleshoot or resolve any Windows Standby/Resume Performance problems that are handled by the DPS.
@@ -263,3 +269,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-power.md b/windows/client-management/mdm/policy-csp-admx-power.md
index 31a6511577..d77be55b2b 100644
--- a/windows/client-management/mdm/policy-csp-admx-power.md
+++ b/windows/client-management/mdm/policy-csp-admx-power.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_Power
-description: Policy CSP - ADMX_Power
+description: Learn about Policy CSP - ADMX_Power.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -13,6 +13,7 @@ manager: dansimp
---
# Policy CSP - ADMX_Power
+
>[!TIP]
> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
@@ -114,8 +115,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -136,9 +138,9 @@ This policy setting allows you to control the network connectivity state in stan
If you enable this policy setting, network connectivity will be maintained in standby.
-If you disable this policy setting, network connectivity in standby is not guaranteed. This connectivity restriction currently applies to WLAN networks only, and is subject to change.
+If you disable this policy setting, network connectivity in standby isn't guaranteed. This connectivity restriction currently applies to WLAN networks only, and is subject to change.
-If you do not configure this policy setting, users control this setting.
+If you don't configure this policy setting, users control this setting.
@@ -162,8 +164,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -184,7 +187,7 @@ This policy setting allows you to turn on the ability for applications and servi
If you enable this policy setting, an application or service may prevent the system from sleeping (Hybrid Sleep, Stand By, or Hibernate).
-If you disable or do not configure this policy setting, users control this setting.
+If you disable or don't configure this policy setting, users control this setting.
@@ -208,8 +211,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -234,7 +238,7 @@ If you enable this policy setting, select one of the following actions:
- Hibernate
- Shut down
-If you disable this policy or do not configure this policy setting, users control this setting.
+If you disable this policy or don't configure this policy setting, users control this setting.
@@ -258,8 +262,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -280,7 +285,7 @@ This policy setting allows applications and services to prevent automatic sleep.
If you enable this policy setting, any application, service, or device driver prevents Windows from automatically transitioning to sleep after a period of user inactivity.
-If you disable or do not configure this policy setting, applications, services, or drivers do not prevent Windows from automatically transitioning to sleep. Only user input is used to determine if Windows should automatically sleep.
+If you disable or don't configure this policy setting, applications, services, or drivers don't prevent Windows from automatically transitioning to sleep. Only user input is used to determine if Windows should automatically sleep.
@@ -304,8 +309,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -326,7 +332,7 @@ This policy setting allows applications and services to prevent automatic sleep.
If you enable this policy setting, any application, service, or device driver prevents Windows from automatically transitioning to sleep after a period of user inactivity.
-If you disable or do not configure this policy setting, applications, services, or drivers do not prevent Windows from automatically transitioning to sleep. Only user input is used to determine if Windows should automatically sleep.
+If you disable or don't configure this policy setting, applications, services, or drivers don't prevent Windows from automatically transitioning to sleep. Only user input is used to determine if Windows should automatically sleep.
@@ -350,8 +356,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -372,7 +379,7 @@ This policy setting allows you to manage automatic sleep with open network files
If you enable this policy setting, the computer automatically sleeps when network files are open.
-If you disable or do not configure this policy setting, the computer does not automatically sleep when network files are open.
+If you disable or don't configure this policy setting, the computer doesn't automatically sleep when network files are open.
@@ -396,8 +403,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -418,7 +426,7 @@ This policy setting allows you to manage automatic sleep with open network files
If you enable this policy setting, the computer automatically sleeps when network files are open.
-If you disable or do not configure this policy setting, the computer does not automatically sleep when network files are open.
+If you disable or don't configure this policy setting, the computer doesn't automatically sleep when network files are open.
@@ -442,8 +450,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -460,11 +469,11 @@ ADMX Info:
-This policy setting specifies the active power plan from a specified power plan’s GUID. The GUID for a custom power plan GUID can be retrieved by using powercfg, the power configuration command line tool.
+This policy setting specifies the active power plan from a specified power plan’s GUID. The GUID for a custom power plan GUID can be retrieved by using `powercfg`, the power configuration command line tool.
If you enable this policy setting, you must specify a power plan, specified as a GUID using the following format: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX (For example, 103eea6e-9fcd-4544-a713-c282d8e50083), indicating the power plan to be active.
-If you disable or do not configure this policy setting, users can see and change this setting.
+If you disable or don't configure this policy setting, users can see and change this setting.
@@ -488,8 +497,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -515,7 +525,7 @@ If you enable this policy setting, select one of the following actions:
- Hibernate
- Shut down
-If you disable or do not configure this policy setting, users control this setting.
+If you disable or don't configure this policy setting, users control this setting.
@@ -539,8 +549,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -566,7 +577,7 @@ If you enable this policy setting, select one of the following actions:
- Hibernate
- Shut down
-If you disable or do not configure this policy setting, users control this setting.
+If you disable or don't configure this policy setting, users control this setting.
@@ -590,8 +601,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -614,7 +626,7 @@ If you enable this policy setting, you must enter a numeric value (percentage) t
To set the action that is triggered, see the "Critical Battery Notification Action" policy setting.
-If you disable this policy setting or do not configure it, users control this setting.
+If you disable this policy setting or don't configure it, users control this setting.
@@ -638,8 +650,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -664,7 +677,7 @@ To configure the low battery notification level, see the "Low Battery Notificati
The notification will only be shown if the "Low Battery Notification Action" policy setting is configured to "No Action".
-If you disable or do not configure this policy setting, users can control this setting.
+If you disable or don't configure this policy setting, users can control this setting.
@@ -688,8 +701,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -712,7 +726,7 @@ If you enable this policy setting, you must enter a numeric value (percentage) t
To set the action that is triggered, see the "Low Battery Notification Action" policy setting.
-If you disable this policy setting or do not configure it, users control this setting.
+If you disable this policy setting or don't configure it, users control this setting.
@@ -736,8 +750,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -758,9 +773,9 @@ This policy setting allows you to control the network connectivity state in stan
If you enable this policy setting, network connectivity will be maintained in standby.
-If you disable this policy setting, network connectivity in standby is not guaranteed. This connectivity restriction currently applies to WLAN networks only, and is subject to change.
+If you disable this policy setting, network connectivity in standby isn't guaranteed. This connectivity restriction currently applies to WLAN networks only, and is subject to change.
-If you do not configure this policy setting, users control this setting.
+If you don't configure this policy setting, users control this setting.
@@ -784,8 +799,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -806,7 +822,7 @@ This policy setting allows you to turn on the ability for applications and servi
If you enable this policy setting, an application or service may prevent the system from sleeping (Hybrid Sleep, Stand By, or Hibernate).
-If you disable or do not configure this policy setting, users control this setting.
+If you disable or don't configure this policy setting, users control this setting.
@@ -830,8 +846,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -856,7 +873,7 @@ If you enable this policy setting, select one of the following actions:
- Hibernate
- Shut down
-If you disable this policy or do not configure this policy setting, users control this setting.
+If you disable this policy or don't configure this policy setting, users control this setting.
@@ -880,8 +897,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -902,7 +920,7 @@ This policy setting specifies the period of inactivity before Windows turns off
If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the hard disk.
-If you disable or do not configure this policy setting, users can see and change this setting.
+If you disable or don't configure this policy setting, users can see and change this setting.
@@ -926,8 +944,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -948,7 +967,7 @@ This policy setting specifies the period of inactivity before Windows turns off
If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the hard disk.
-If you disable or do not configure this policy setting, users can see and change this setting.
+If you disable or don't configure this policy setting, users can see and change this setting.
@@ -972,8 +991,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -992,7 +1012,7 @@ ADMX Info:
This policy setting allows you to configure whether power is automatically turned off when Windows shutdown completes.
-This setting does not affect Windows shutdown behavior when shutdown is manually selected using the Start menu or Task Manager user interfaces.
+This setting doesn't affect Windows shutdown behavior when shutdown is manually selected using the Start menu or Task Manager user interfaces.
Applications such as UPS software may rely on Windows shutdown behavior.
@@ -1000,7 +1020,7 @@ This setting is only applicable when Windows shutdown is initiated by software p
If you enable this policy setting, the computer system safely shuts down and remains in a powered state, ready for power to be safely removed.
-If you disable or do not configure this policy setting, the computer system safely shuts down to a fully powered-off state.
+If you disable or don't configure this policy setting, the computer system safely shuts down to a fully powered-off state.
@@ -1024,8 +1044,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1048,7 +1069,7 @@ If you enable this policy setting, desktop background slideshow is enabled.
If you disable this policy setting, the desktop background slideshow is disabled.
-If you disable or do not configure this policy setting, users control this setting.
+If you disable or don't configure this policy setting, users control this setting.
@@ -1072,8 +1093,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1096,7 +1118,7 @@ If you enable this policy setting, desktop background slideshow is enabled.
If you disable this policy setting, the desktop background slideshow is disabled.
-If you disable or do not configure this policy setting, users control this setting.
+If you disable or don't configure this policy setting, users control this setting.
@@ -1120,8 +1142,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1142,7 +1165,7 @@ This policy setting specifies the active power plan from a list of default Windo
If you enable this policy setting, specify a power plan from the Active Power Plan list.
-If you disable or do not configure this policy setting, users control this setting.
+If you disable or don't configure this policy setting, users control this setting.
@@ -1166,8 +1189,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1186,9 +1210,9 @@ ADMX Info:
This policy setting allows you to configure client computers to lock and prompt for a password when resuming from a hibernate or suspend state.
-If you enable this policy setting, the client computer is locked and prompted for a password when it is resumed from a suspend or hibernate state.
+If you enable this policy setting, the client computer is locked and prompted for a password when it's resumed from a suspend or hibernate state.
-If you disable or do not configure this policy setting, users control if their computer is automatically locked or not after performing a resume operation.
+If you disable or don't configure this policy setting, users control if their computer is automatically locked or not after performing a resume operation.
@@ -1212,8 +1236,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1234,7 +1259,7 @@ This policy setting allows you to turn off Power Throttling.
If you enable this policy setting, Power Throttling will be turned off.
-If you disable or do not configure this policy setting, users control this setting.
+If you disable or don't configure this policy setting, users control this setting.
@@ -1258,8 +1283,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1280,7 +1306,7 @@ This policy setting specifies the percentage of battery capacity remaining that
If you enable this policy setting, you must enter a numeric value (percentage) to set the battery level that triggers the reserve power notification.
-If you disable or do not configure this policy setting, users can see and change this setting.
+If you disable or don't configure this policy setting, users can see and change this setting.
@@ -1299,3 +1325,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md b/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md
index 0f0b567c4d..d9933722cc 100644
--- a/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md
+++ b/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_PowerShellExecutionPolicy
-description: Policy CSP - ADMX_PowerShellExecutionPolicy
+description: Learn about Policy CSP - ADMX_PowerShellExecutionPolicy.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -13,6 +13,7 @@ manager: dansimp
---
# Policy CSP - ADMX_PowerShellExecutionPolicy
+
>[!TIP]
> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
@@ -51,8 +52,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -72,7 +74,7 @@ manager: dansimp
This policy setting allows you to turn on logging for Windows PowerShell modules.
-If you enable this policy setting, pipeline execution events for members of the specified modules are recorded in the Windows PowerShell log in Event Viewer. Enabling this policy setting for a module is equivalent to setting the LogPipelineExecutionDetails property of the module to True.
+If you enable this policy setting, pipeline execution events for members of the specified modules are recorded in the Windows PowerShell login Event Viewer. Enabling this policy setting for a module is equivalent to setting the LogPipelineExecutionDetails property of the module to True.
If you disable this policy setting, logging of execution events is disabled for all Windows PowerShell modules. Disabling this policy setting for a module is equivalent to setting the LogPipelineExecutionDetails property of the module to False. If this policy setting isn't configured, the LogPipelineExecutionDetails property of a module or snap-in determines whether the execution events of a module or snap-in are logged. By default, the LogPipelineExecutionDetails property of all modules and snap-ins is set to False.
@@ -103,8 +105,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -126,7 +129,7 @@ This policy setting lets you configure the script execution policy, controlling
If you enable this policy setting, the scripts selected in the drop-down list are allowed to run. The "Allow only signed scripts" policy setting allows scripts to execute only if they're signed by a trusted publisher.
-The "Allow local scripts and remote signed scripts" policy setting allows any local scripts to run; scripts that originate from the Internet must be signed by a trusted publisher. The "Allow all scripts" policy setting allows all scripts to run.
+The "Allow local scripts and remote signed scripts" policy setting allows any local scripts to run. And, the scripts that originate from the Internet must be signed by a trusted publisher. The "Allow all scripts" policy setting allows all scripts to run.
If you disable this policy setting, no scripts are allowed to run.
@@ -155,8 +158,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -207,8 +211,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -251,4 +256,8 @@ ADMX Info:
-
\ No newline at end of file
+
+
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-previousversions.md b/windows/client-management/mdm/policy-csp-admx-previousversions.md
index 690fb95593..cb7bb6a236 100644
--- a/windows/client-management/mdm/policy-csp-admx-previousversions.md
+++ b/windows/client-management/mdm/policy-csp-admx-previousversions.md
@@ -14,9 +14,6 @@ manager: dansimp
# Policy CSP - ADMX_PreviousVersions
-
-
-
## ADMX_PreviousVersions policies
> [!TIP]
@@ -26,6 +23,10 @@ manager: dansimp
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+
+
ADMX_PreviousVersions/DisableLocalPage_1
@@ -64,8 +65,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -84,13 +86,10 @@ manager: dansimp
This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file.
-- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a local file.
-
-- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a local file.
-
-- If the user clicks the Restore button, Windows attempts to restore the file from the local disk.
-
-- If you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a local file.
+- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a local file.
+- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a local file.
+- If the user clicks the Restore button, Windows attempts to restore the file from the local disk.
+- If you don't configure this policy setting, it's disabled by default. The Restore button is active when the previous version is of a local file.
@@ -114,8 +113,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -134,13 +134,10 @@ ADMX Info:
This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file.
-- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a local file.
-
-- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a local file.
-
-- If the user clicks the Restore button, Windows attempts to restore the file from the local disk.
-
-- If you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a local file.
+- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a local file.
+- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a local file.
+- If the user clicks the Restore button, Windows attempts to restore the file from the local disk.
+- If you don't configure this policy setting, it's disabled by default. The Restore button is active when the previous version is of a local file.
@@ -164,8 +161,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -184,13 +182,10 @@ ADMX Info:
This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.
-- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share.
-
-- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share.
-
-- If the user clicks the Restore button, Windows attempts to restore the file from the file share.
-
-- If you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a file on a file share.
+- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share.
+- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share.
+- If the user clicks the Restore button, Windows attempts to restore the file from the file share.
+- If you don't configure this policy setting, it's disabled by default. The Restore button is active when the previous version is of a file on a file share.
@@ -214,8 +209,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -234,13 +230,10 @@ ADMX Info:
This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.
-- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share.
-
-- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share.
-
-- If the user clicks the Restore button, Windows attempts to restore the file from the file share.
-
-- If you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a file on a file share.
+- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share.
+- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share.
+- If the user clicks the Restore button, Windows attempts to restore the file from the file share.
+- If you don't configure this policy setting, it's disabled by default. The Restore button is active when the previous version is of a file on a file share.
@@ -265,8 +258,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -285,11 +279,9 @@ ADMX Info:
This policy setting lets you hide entries in the list of previous versions of a file in which the previous version is located on backup media. Previous versions can come from the on-disk restore points or the backup media.
-- If you enable this policy setting, users cannot see any previous versions corresponding to backup copies, and can see only previous versions corresponding to on-disk restore points.
-
-- If you disable this policy setting, users can see previous versions corresponding to backup copies as well as previous versions corresponding to on-disk restore points.
-
-If you do not configure this policy setting, it is disabled by default.
+- If you enable this policy setting, users can't see any previous versions corresponding to backup copies, and can see only previous versions corresponding to on-disk restore points.
+- If you disable this policy setting, users can see previous versions corresponding to backup copies and previous versions corresponding to on-disk restore points.
+- If you don't configure this policy setting, it's disabled by default.
@@ -313,8 +305,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -333,11 +326,9 @@ ADMX Info:
This policy setting lets you hide entries in the list of previous versions of a file in which the previous version is located on backup media. Previous versions can come from the on-disk restore points or the backup media.
-- If you enable this policy setting, users cannot see any previous versions corresponding to backup copies, and can see only previous versions corresponding to on-disk restore points.
-
-- If you disable this policy setting, users can see previous versions corresponding to backup copies as well as previous versions corresponding to on-disk restore points.
-
-If you do not configure this policy setting, it is disabled by default.
+- If you enable this policy setting, users can't see any previous versions corresponding to backup copies, and can see only previous versions corresponding to on-disk restore points.
+- If you disable this policy setting, users can see previous versions corresponding to backup copies and previous versions corresponding to on-disk restore points.
+- If you don't configure this policy setting, it's disabled by default.
@@ -361,8 +352,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -381,13 +373,10 @@ ADMX Info:
This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.
-- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share.
-
-- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share.
-
-- If the user clicks the Restore button, Windows attempts to restore the file from the file share.
-
-- If you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a file on a file share.
+- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share.
+- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share.
+- If the user clicks the Restore button, Windows attempts to restore the file from the file share.
+- If you don't configure this policy setting, it's disabled by default. The Restore button is active when the previous version is of a file on a file share.
@@ -411,8 +400,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -431,13 +421,10 @@ ADMX Info:
This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.
-- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share.
-
-- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share.
-
-- If the user clicks the Restore button, Windows attempts to restore the file from the file share.
-
-- If you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a file on a file share.
+- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share.
+- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share.
+- If the user clicks the Restore button, Windows attempts to restore the file from the file share.
+- If you don't configure this policy setting, it's disabled by default. The Restore button is active when the previous version is of a file on a file share.
@@ -452,3 +439,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-printing.md b/windows/client-management/mdm/policy-csp-admx-printing.md
index 0ea4840878..fa322d02d0 100644
--- a/windows/client-management/mdm/policy-csp-admx-printing.md
+++ b/windows/client-management/mdm/policy-csp-admx-printing.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_Printing
-description: Policy CSP - ADMX_Printing
+description: Learn about Policy CSP - ADMX_Printing.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -13,6 +13,7 @@ manager: dansimp
---
# Policy CSP - ADMX_Printing
+
>[!TIP]
> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
@@ -118,8 +119,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -171,8 +173,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -224,8 +227,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -249,7 +253,8 @@ If you enable this policy setting, you replace the "Get help with printing" defa
If you disable this setting or don't configure it, or if you don't enter an alternate Internet address, the default link will appear in the Printers folder.
> [!NOTE]
-> Web pages links only appear in the Printers folder when Web view is enabled. If Web view is disabled, the setting has no effect. (To enable Web view, open the Printers folder, and, on the Tools menu, click Folder Options, click the General tab, and then click "Enable Web content in folders.")
+> Web pages links only appear in the Printers folder when Web view is enabled. If Web view is disabled, the setting has no effect.
+> To enable Web view, open the Printers folder, and, on the Tools menu, click Folder Options, click the General tab, and then click "Enable Web content in folders."
Also, see the "Activate Internet printing" setting in this setting folder and the "Browse a common web site to find printers" setting in User Configuration\Administrative Templates\Control Panel\Printers.
@@ -277,8 +282,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -303,10 +309,8 @@ If you disable this policy setting, the client computer will only search the loc
This policy setting isn't configured by default, and the behavior depends on the version of Windows that you're using.
-
-
ADMX Info:
- GP Friendly name: *Extend Point and Print connection to search Windows Update*
@@ -326,8 +330,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -386,8 +391,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -435,8 +441,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -492,8 +499,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -536,8 +544,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -586,8 +595,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -636,8 +646,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -684,8 +695,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -730,8 +742,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -778,8 +791,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -835,8 +849,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -881,8 +896,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -927,8 +943,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -977,8 +994,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1027,8 +1045,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1077,8 +1096,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1125,8 +1145,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1176,8 +1197,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1227,8 +1249,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1275,8 +1298,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1328,8 +1352,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1377,8 +1402,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1418,5 +1444,8 @@ ADMX Info:
+
-
\ No newline at end of file
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-printing2.md b/windows/client-management/mdm/policy-csp-admx-printing2.md
index 87ff13e471..74159d9d3c 100644
--- a/windows/client-management/mdm/policy-csp-admx-printing2.md
+++ b/windows/client-management/mdm/policy-csp-admx-printing2.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_Printing2
-description: Policy CSP - ADMX_Printing2
+description: Learn about Policy CSP - ADMX_Printing2.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -13,6 +13,7 @@ manager: dansimp
---
# Policy CSP - ADMX_Printing2
+
>[!TIP]
> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
@@ -66,8 +67,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -117,8 +119,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -168,8 +171,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -186,7 +190,7 @@ ADMX Info:
-Determines whether the pruning service on a domain controller prunes printer objects that aren't automatically republished whenever the host computer doesn't respond, just as it does with Windows 2000 printers. This setting applies to printers running operating systems other than Windows 2000 and to Windows 2000 printers published outside their forest.
+This policy setting determines whether the pruning service on a domain controller prunes printer objects that aren't automatically republished whenever the host computer doesn't respond, just as it does with Windows 2000 printers. This setting applies to printers running operating systems other than Windows 2000 and to Windows 2000 printers published outside their forest.
The Windows pruning service prunes printer objects from Active Directory when the computer that published them doesn't respond to contact requests. Computers running Windows 2000 Professional detect and republish deleted printer objects when they rejoin the network. However, because non-Windows 2000 computers and computers in other domains can't republish printers in Active Directory automatically, by default, the system never prunes their printer objects.
@@ -226,8 +230,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -279,8 +284,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -330,8 +336,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -383,8 +390,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -409,10 +417,8 @@ If you enable this policy setting, the contact events are recorded in the event
If you disable or don't configure this policy setting, the contact events aren't recorded in the event log.
-Note: This setting doesn't affect the logging of pruning events; the actual pruning of a printer is always logged.
-
> [!NOTE]
-> This setting is used only on domain controllers.
+> This setting doesn't affect the logging of pruning events; the actual pruning of a printer is always logged. This setting is used only on domain controllers.
@@ -436,8 +442,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -484,8 +491,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -525,4 +533,8 @@ ADMX Info:
-
\ No newline at end of file
+
+
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-programs.md b/windows/client-management/mdm/policy-csp-admx-programs.md
index c1089d79fe..681645a684 100644
--- a/windows/client-management/mdm/policy-csp-admx-programs.md
+++ b/windows/client-management/mdm/policy-csp-admx-programs.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_Programs
-description: Policy CSP - ADMX_Programs
+description: Learn about Policy CSP - ADMX_Programs.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -13,6 +13,7 @@ manager: dansimp
---
# Policy CSP - ADMX_Programs
+
>[!TIP]
> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
@@ -60,8 +61,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -82,7 +84,7 @@ This setting removes the Set Program Access and Defaults page from the Programs
The Set Program Access and Computer Defaults page allows administrators to specify default programs for certain activities, such as Web browsing or sending e-mail, as well as specify the programs that are accessible from the Start menu, desktop, and other locations.
-If this setting is disabled or not configured, the Set Program Access and Defaults button is available to all users.
+If this setting is disabled or not configured, the "Set Program Access and Defaults" button is available to all users.
This setting doesn't prevent users from using other tools and methods to change program access or defaults.
@@ -90,7 +92,6 @@ This setting doesn't prevent the Default Programs icon from appearing on the Sta
-
ADMX Info:
- GP Friendly name: *Hide "Set Program Access and Computer Defaults" page*
@@ -110,8 +111,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -163,8 +165,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -211,8 +214,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -257,8 +261,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -307,8 +312,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -353,8 +359,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -400,3 +407,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md b/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md
index 5339356365..4e6309ff2a 100644
--- a/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md
+++ b/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_PushToInstall
-description: Policy CSP - ADMX_PushToInstall
+description: Learn about Policy CSP - ADMX_PushToInstall.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -14,11 +14,6 @@ manager: dansimp
# Policy CSP - ADMX_PushToInstall
-
-
-
-## ADMX_PushToInstall policies
-
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
@@ -26,6 +21,11 @@ manager: dansimp
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+
+## ADMX_PushToInstall policies
+
ADMX_PushToInstall/DisablePushToInstall
@@ -43,8 +43,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -77,3 +78,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-radar.md b/windows/client-management/mdm/policy-csp-admx-radar.md
index 80e2f293b0..dc01eef4a8 100644
--- a/windows/client-management/mdm/policy-csp-admx-radar.md
+++ b/windows/client-management/mdm/policy-csp-admx-radar.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_Radar
-description: Policy CSP - ADMX_Radar
+description: Learn about Policy CSP - ADMX_Radar.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -14,11 +14,6 @@ manager: dansimp
# Policy CSP - ADMX_Radar
-
-
-
-## ADMX_Radar policies
-
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
@@ -26,6 +21,11 @@ manager: dansimp
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+
+## ADMX_Radar policies
+
ADMX_Radar/WdiScenarioExecutionPolicy
@@ -43,8 +43,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -63,14 +64,19 @@ manager: dansimp
This policy determines the execution level for Windows Resource Exhaustion Detection and Resolution.
-- If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Resource Exhaustion problems and attempt to determine their root causes.
+If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Resource Exhaustion problems and attempt to determine their root causes.
-These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect Windows Resource Exhaustion problems and indicate to the user that assisted resolution is available.
+These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting, and resolution, the DPS will detect Windows Resource Exhaustion problems and indicate to the user that assisted resolution is available.
-- If you disable this policy setting, Windows won't be able to detect, troubleshoot or resolve any Windows Resource Exhaustion problems that are handled by the DPS.
+If you disable this policy setting, Windows won't be able to detect, troubleshoot or resolve any Windows Resource Exhaustion problems that are handled by the DPS.
If you don't configure this policy setting, the DPS will enable Windows Resource Exhaustion for resolution by default.
-This policy setting takes effect only if the diagnostics-wide scenario execution policy isn't configured. No system restart or service restart is required for this policy to take effect: changes take effect immediately. This policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios won't be executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console.
+This policy setting takes effect only if the diagnostics-wide scenario execution policy isn't configured.
+
+No system restart or service restart is required for this policy to take effect; changes take effect immediately.
+
+>[!Note]
+> This policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios won't be executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console.
@@ -88,3 +94,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-reliability.md b/windows/client-management/mdm/policy-csp-admx-reliability.md
index 006b2c772d..fd6026410b 100644
--- a/windows/client-management/mdm/policy-csp-admx-reliability.md
+++ b/windows/client-management/mdm/policy-csp-admx-reliability.md
@@ -51,8 +51,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -104,8 +105,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -156,8 +158,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -209,8 +212,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-admx-remoteassistance.md b/windows/client-management/mdm/policy-csp-admx-remoteassistance.md
index 31a892b671..5433779640 100644
--- a/windows/client-management/mdm/policy-csp-admx-remoteassistance.md
+++ b/windows/client-management/mdm/policy-csp-admx-remoteassistance.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_RemoteAssistance
-description: Policy CSP - ADMX_RemoteAssistance
+description: Learn about Policy CSP - ADMX_RemoteAssistance.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -45,8 +45,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -69,7 +70,7 @@ If you enable this policy setting, only computers running this version (or later
If you disable this policy setting, computers running this version and a previous version of the operating system can connect to this computer.
-If you don't configure this policy setting, users can configure the setting in System Properties in the Control Panel.
+If you don't configure this policy setting, users can configure this setting in System Properties in the Control Panel.
@@ -93,8 +94,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -150,4 +152,8 @@ ADMX Info:
-
\ No newline at end of file
+
+
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-removablestorage.md b/windows/client-management/mdm/policy-csp-admx-removablestorage.md
index 7ce8e84d8f..a823f286cf 100644
--- a/windows/client-management/mdm/policy-csp-admx-removablestorage.md
+++ b/windows/client-management/mdm/policy-csp-admx-removablestorage.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_RemovableStorage
-description: Policy CSP - ADMX_RemovableStorage
+description: Learn about Policy CSP - ADMX_RemovableStorage.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -135,8 +135,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -157,7 +158,7 @@ This policy setting configures the amount of time (in seconds) that the operatin
If you enable this policy setting, you can set the number of seconds you want the system to wait until a reboot.
-If you disable or do not configure this setting, the operating system does not force a reboot.
+If you disable or don't configure this setting, the operating system does not force a reboot.
> [!NOTE]
> If no reboot is forced, the access right does not take effect until the operating system is restarted.
@@ -184,8 +185,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -206,7 +208,7 @@ This policy setting configures the amount of time (in seconds) that the operatin
If you enable this policy setting, you can set the number of seconds you want the system to wait until a reboot.
-If you disable or do not configure this setting, the operating system does not force a reboot
+If you disable or don't configure this setting, the operating system does not force a reboot
> [!NOTE]
> If no reboot is forced, the access right does not take effect until the operating system is restarted.
@@ -233,8 +235,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -255,7 +258,7 @@ This policy setting denies execute access to the CD and DVD removable storage cl
If you enable this policy setting, execute access is denied to this removable storage class.
-If you disable or do not configure this policy setting, execute access is allowed to this removable storage class.
+If you disable or don't configure this policy setting, execute access is allowed to this removable storage class.
@@ -279,8 +282,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -301,7 +305,7 @@ This policy setting denies read access to the CD and DVD removable storage class
If you enable this policy setting, read access is denied to this removable storage class.
-If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
+If you disable or don't configure this policy setting, read access is allowed to this removable storage class.
@@ -324,8 +328,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -346,7 +351,7 @@ This policy setting denies read access to the CD and DVD removable storage class
If you enable this policy setting, read access is denied to this removable storage class.
-If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
+If you disable or don't configure this policy setting, read access is allowed to this removable storage class.
@@ -370,8 +375,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -392,7 +398,7 @@ This policy setting denies write access to the CD and DVD removable storage clas
If you enable this policy setting, write access is denied to this removable storage class.
-If you disable or do not configure this policy setting, write access is allowed to this removable storage class.
+If you disable or don't configure this policy setting, write access is allowed to this removable storage class.
@@ -416,8 +422,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -438,7 +445,7 @@ This policy setting denies write access to the CD and DVD removable storage clas
If you enable this policy setting, write access is denied to this removable storage class.
-If you disable or do not configure this policy setting, write access is allowed to this removable storage class.
+If you disable or don't configure this policy setting, write access is allowed to this removable storage class.
@@ -462,8 +469,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -484,7 +492,7 @@ This policy setting denies read access to custom removable storage classes.
If you enable this policy setting, read access is denied to these removable storage classes.
-If you disable or do not configure this policy setting, read access is allowed to these removable storage classes.
+If you disable or don't configure this policy setting, read access is allowed to these removable storage classes.
@@ -508,8 +516,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -530,7 +539,7 @@ This policy setting denies read access to custom removable storage classes.
If you enable this policy setting, read access is denied to these removable storage classes.
-If you disable or do not configure this policy setting, read access is allowed to these removable storage classes.
+If you disable or don't configure this policy setting, read access is allowed to these removable storage classes.
@@ -554,8 +563,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -576,7 +586,7 @@ This policy setting denies write access to custom removable storage classes.
If you enable this policy setting, write access is denied to these removable storage classes.
-If you disable or do not configure this policy setting, write access is allowed to these removable storage classes.
+If you disable or don't configure this policy setting, write access is allowed to these removable storage classes.
@@ -599,8 +609,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -621,7 +632,7 @@ This policy setting denies write access to custom removable storage classes.
If you enable this policy setting, write access is denied to these removable storage classes.
-If you disable or do not configure this policy setting, write access is allowed to these removable storage classes.
+If you disable or don't configure this policy setting, write access is allowed to these removable storage classes.
@@ -644,8 +655,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -666,7 +678,7 @@ This policy setting denies execute access to the Floppy Drives removable storage
If you enable this policy setting, execute access is denied to this removable storage class.
-If you disable or do not configure this policy setting, execute access is allowed to this removable storage class.
+If you disable or don't configure this policy setting, execute access is allowed to this removable storage class.
@@ -689,8 +701,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -711,7 +724,7 @@ This policy setting denies read access to the Floppy Drives removable storage cl
If you enable this policy setting, read access is denied to this removable storage class.
-If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
+If you disable or don't configure this policy setting, read access is allowed to this removable storage class.
@@ -734,8 +747,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -756,7 +770,7 @@ This policy setting denies read access to the Floppy Drives removable storage cl
If you enable this policy setting, read access is denied to this removable storage class.
-If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
+If you disable or don't configure this policy setting, read access is allowed to this removable storage class.
@@ -779,8 +793,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -801,7 +816,7 @@ This policy setting denies write access to the Floppy Drives removable storage c
If you enable this policy setting, write access is denied to this removable storage class.
-If you disable or do not configure this policy setting, write access is allowed to this removable storage class.
+If you disable or don't configure this policy setting, write access is allowed to this removable storage class.
@@ -823,8 +838,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -845,7 +861,7 @@ This policy setting denies write access to the Floppy Drives removable storage c
If you enable this policy setting, write access is denied to this removable storage class.
-If you disable or do not configure this policy setting, write access is allowed to this removable storage class.
+If you disable or don't configure this policy setting, write access is allowed to this removable storage class.
@@ -868,8 +884,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -890,7 +907,7 @@ This policy setting denies execute access to removable disks.
If you enable this policy setting, execute access is denied to this removable storage class.
-If you disable or do not configure this policy setting, execute access is allowed to this removable storage class.
+If you disable or don't configure this policy setting, execute access is allowed to this removable storage class.
@@ -912,8 +929,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -934,7 +952,7 @@ This policy setting denies read access to removable disks.
If you enable this policy setting, read access is denied to this removable storage class.
-If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
+If you disable or don't configure this policy setting, read access is allowed to this removable storage class.
@@ -957,8 +975,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -979,7 +998,7 @@ This policy setting denies read access to removable disks.
If you enable this policy setting, read access is denied to this removable storage class.
-If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
+If you disable or don't configure this policy setting, read access is allowed to this removable storage class.
@@ -1001,8 +1020,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1023,7 +1043,7 @@ This policy setting denies write access to removable disks.
If you enable this policy setting, write access is denied to this removable storage class.
-If you disable or do not configure this policy setting, write access is allowed to this removable storage class.
+If you disable or don't configure this policy setting, write access is allowed to this removable storage class.
> [!NOTE]
> To require that users write data to BitLocker-protected storage, enable the policy setting "Deny write access to drives not protected by BitLocker," which is located in "Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives."
@@ -1049,8 +1069,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1073,7 +1094,7 @@ This policy setting takes precedence over any individual removable storage polic
If you enable this policy setting, no access is allowed to any removable storage class.
-If you disable or do not configure this policy setting, write and read accesses are allowed to all removable storage classes.
+If you disable or don't configure this policy setting, write and read accesses are allowed to all removable storage classes.
@@ -1096,8 +1117,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1120,7 +1142,7 @@ This policy setting takes precedence over any individual removable storage polic
If you enable this policy setting, no access is allowed to any removable storage class.
-If you disable or do not configure this policy setting, write and read accesses are allowed to all removable storage classes.
+If you disable or don't configure this policy setting, write and read accesses are allowed to all removable storage classes.
@@ -1143,8 +1165,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1165,7 +1188,7 @@ This policy setting grants normal users direct access to removable storage devic
If you enable this policy setting, remote users can open direct handles to removable storage devices in remote sessions.
-If you disable or do not configure this policy setting, remote users cannot open direct handles to removable storage devices in remote sessions.
+If you disable or don't configure this policy setting, remote users cannot open direct handles to removable storage devices in remote sessions.
@@ -1188,8 +1211,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1210,7 +1234,7 @@ This policy setting denies execute access to the Tape Drive removable storage cl
If you enable this policy setting, execute access is denied to this removable storage class.
-If you disable or do not configure this policy setting, execute access is allowed to this removable storage class.
+If you disable or don't configure this policy setting, execute access is allowed to this removable storage class.
@@ -1233,8 +1257,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1255,7 +1280,7 @@ This policy setting denies read access to the Tape Drive removable storage class
If you enable this policy setting, read access is denied to this removable storage class.
-If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
+If you disable or don't configure this policy setting, read access is allowed to this removable storage class.
@@ -1277,8 +1302,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1299,7 +1325,7 @@ This policy setting denies read access to the Tape Drive removable storage class
If you enable this policy setting, read access is denied to this removable storage class.
-If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
+If you disable or don't configure this policy setting, read access is allowed to this removable storage class.
@@ -1322,8 +1348,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1344,7 +1371,7 @@ This policy setting denies write access to the Tape Drive removable storage clas
If you enable this policy setting, write access is denied to this removable storage class.
-If you disable or do not configure this policy setting, write access is allowed to this removable storage class.
+If you disable or don't configure this policy setting, write access is allowed to this removable storage class.
@@ -1366,8 +1393,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1388,7 +1416,7 @@ This policy setting denies write access to the Tape Drive removable storage clas
If you enable this policy setting, write access is denied to this removable storage class.
-If you disable or do not configure this policy setting, write access is allowed to this removable storage class.
+If you disable or don't configure this policy setting, write access is allowed to this removable storage class.
@@ -1411,8 +1439,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1433,7 +1462,7 @@ This policy setting denies read access to removable disks, which may include med
If you enable this policy setting, read access is denied to this removable storage class.
-If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
+If you disable or don't configure this policy setting, read access is allowed to this removable storage class.
@@ -1456,8 +1485,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1478,7 +1508,7 @@ This policy setting denies read access to removable disks, which may include med
If you enable this policy setting, read access is denied to this removable storage class.
-If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
+If you disable or don't configure this policy setting, read access is allowed to this removable storage class.
@@ -1500,8 +1530,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1522,7 +1553,7 @@ This policy setting denies write access to removable disks, which may include me
If you enable this policy setting, write access is denied to this removable storage class.
-If you disable or do not configure this policy setting, write access is allowed to this removable storage class.
+If you disable or don't configure this policy setting, write access is allowed to this removable storage class.
@@ -1545,8 +1576,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1563,11 +1595,11 @@ ADMX Info:
-This policy setting denies write access to removable disks, which may include media players, cellular phones, auxiliary displays, and CE devices.
+This policy setting denies write access to removable disks that may include media players, cellular phones, auxiliary displays, and CE devices.
If you enable this policy setting, write access is denied to this removable storage class.
-If you disable or do not configure this policy setting, write access is allowed to this removable storage class.
+If you disable or don't configure this policy setting, write access is allowed to this removable storage class.
@@ -1584,4 +1616,8 @@ ADMX Info:
-
\ No newline at end of file
+
+
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-rpc.md b/windows/client-management/mdm/policy-csp-admx-rpc.md
index 24ee32b891..5215c95259 100644
--- a/windows/client-management/mdm/policy-csp-admx-rpc.md
+++ b/windows/client-management/mdm/policy-csp-admx-rpc.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_RPC
-description: Policy CSP - ADMX_RPC
+description: Learn about Policy CSP - ADMX_RPC.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -51,8 +51,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -79,7 +80,7 @@ If you don't configure this policy setting, it remains disabled. It will only g
If you enable this policy setting, the RPC runtime will generate extended error information.
-You must select an error response type in the drop-down box.
+You must select an error response type from the folowing options in the drop-down box:
- "Off" disables all extended error information for all processes. RPC only generates an error code.
- "On with Exceptions" enables extended error information, but lets you disable it for selected processes. To disable extended error information for a process while this policy setting is in effect, the command that starts the process must begin with one of the strings in the Extended Error Information Exception field.
@@ -93,7 +94,7 @@ You must select an error response type in the drop-down box.
>
> The default policy setting, "Off," is designed for systems where extended error information is considered to be sensitive, and it should not be made available remotely.
>
-> This policy setting will not be applied until the system is rebooted.
+> This policy setting won't be applied until the system is rebooted.
@@ -116,8 +117,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -145,11 +147,10 @@ If you don't configure this policy setting, it remains disabled and will generat
If you enable this policy setting, then:
- "Off" directs the RPC Runtime to generate RPC_S_SEC_PKG_ERROR if the client asks for delegation, but the created security context doesn't support delegation.
-
- "On" directs the RPC Runtime to accept security contexts that don't support delegation even if delegation was asked for.
> [!NOTE]
-> This policy setting will not be applied until the system is rebooted.
+> This policy setting won't be applied until the system is rebooted.
@@ -174,8 +175,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -207,7 +209,7 @@ If you don't configure this policy setting, it will remain disabled. The idle c
If you enable this policy setting, and the IIS server running the RPC HTTP proxy is configured with a lower idle connection timeout, the timeout on the IIS server is used. Otherwise, the provided timeout value is used. The timeout is given in seconds.
> [!NOTE]
-> This policy setting will not be applied until the system is rebooted.
+> This policy setting won't be applied until the system is rebooted.
@@ -231,8 +233,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -255,22 +258,18 @@ If you disable this policy setting, the RPC runtime defaults to "Auto2" level.
If you don't configure this policy setting, the RPC defaults to "Auto2" level.
-If you enable this policy setting, you can use the drop-down box to determine which systems maintain RPC state information.
+If you enable this policy setting, you can use the drop-down box to determine which systems maintain RPC state information from the following:
- "None" indicates that the system doesn't maintain any RPC state information. Note: Because the basic state information required for troubleshooting has a negligible effect on performance and uses only about 4K of memory, this setting isn't recommended for most installations.
-
- "Auto1" directs RPC to maintain basic state information only if the computer has at least 64 MB of memory.
-
- "Auto2" directs RPC to maintain basic state information only if the computer has at least 128 MB of memory and is running Windows 2000 Server, Windows 2000 Advanced Server, or Windows 2000 Datacenter Server.
-
- "Server" directs RPC to maintain basic state information on the computer, regardless of its capacity.
-
- "Full" directs RPC to maintain complete RPC state information on the system, regardless of its capacity. Because this level can degrade performance, it's recommended for use only while you're investigating an RPC problem.
> [!NOTE]
> To retrieve the RPC state information from a system that maintains it, you must use a debugging tool.
>
-> This policy setting will not be applied until the system is rebooted.
+> This policy setting won't be applied until the system is rebooted.
@@ -288,3 +287,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-scripts.md b/windows/client-management/mdm/policy-csp-admx-scripts.md
index 46d2eeb48e..06fc58ebc7 100644
--- a/windows/client-management/mdm/policy-csp-admx-scripts.md
+++ b/windows/client-management/mdm/policy-csp-admx-scripts.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_Scripts
-description: Policy CSP - ADMX_Scripts
+description: Learn about Policy CSP - ADMX_Scripts.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -75,8 +75,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -121,8 +122,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -147,7 +149,7 @@ If you enable this setting, then, in the Seconds box, you can type a number from
This interval is important when other system tasks must wait while the scripts complete. By default, each startup script must complete before the next one runs. Also, you can use the "Run logon scripts synchronously" setting to direct the system to wait for the logon scripts to complete before loading the desktop.
-An excessively long interval can delay the system and inconvenience users. However, if the interval is too short, prerequisite tasks might not be done, and the system can appear to be ready prematurely.
+An excessively long interval can delay the system and cause inconvenience to users. However, if the interval is too short, prerequisite tasks might not be done, and the system can appear to be ready prematurely.
If you disable or don't configure this setting, the system lets the combined set of scripts run for up to 600 seconds (10 minutes). This value is the default value.
@@ -173,8 +175,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -201,19 +204,19 @@ There are three GPOs (GPO A, GPO B, and GPO C). This policy setting is enabled i
GPO B and GPO C include the following computer startup scripts:
-GPO B: B.cmd, B.ps1
-GPO C: C.cmd, C.ps1
+- GPO B: B.cmd, B.ps1
+- GPO C: C.cmd, C.ps1
Assume also that there are two computers, DesktopIT and DesktopSales.
For DesktopIT, GPOs A, B, and C are applied. Therefore, the scripts for GPOs B and C run in the following order for DesktopIT:
-Within GPO B: B.ps1, B.cmd
-Within GPO C: C.ps1, C.cmd
+- Within GPO B: B.ps1, B.cmd
+- Within GPO C: C.ps1, C.cmd
For DesktopSales, GPOs B and C are applied, but not GPO A. Therefore, the scripts for GPOs B and C run in the following order for DesktopSales:
-Within GPO B: B.cmd, B.ps1
-Within GPO C: C.cmd, C.ps1
+- Within GPO B: B.cmd, B.ps1
+- Within GPO C: C.cmd, C.ps1
> [!NOTE]
> This policy setting determines the order in which computer startup and shutdown scripts are run within all applicable GPOs. You can override this policy setting for specific script types within a specific GPO by configuring the following policy settings for the GPO:
@@ -242,8 +245,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -292,8 +296,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -340,8 +345,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -388,8 +394,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -436,8 +443,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -484,8 +492,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -532,8 +541,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -583,8 +593,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -634,8 +645,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -663,19 +675,19 @@ There are three GPOs (GPO A, GPO B, and GPO C). This policy setting is enabled i
GPO B and GPO C include the following user logon scripts:
-GPO B: B.cmd, B.ps1
-GPO C: C.cmd, C.ps1
+- GPO B: B.cmd, B.ps1
+- GPO C: C.cmd, C.ps1
Assume also that there are two users, Qin Hong and Tamara Johnston.
For Qin, GPOs A, B, and C are applied. Therefore, the scripts for GPOs B and C run in the following order for Qin:
-Within GPO B: B.ps1, B.cmd
-Within GPO C: C.ps1, C.cmd
+- Within GPO B: B.ps1, B.cmd
+- Within GPO C: C.ps1, C.cmd
For Tamara, GPOs B and C are applied, but not GPO A. Therefore, the scripts for GPOs B and C run in the following order for Tamara:
-Within GPO B: B.cmd, B.ps1
-Within GPO C: C.cmd, C.ps1
+- Within GPO B: B.cmd, B.ps1
+- Within GPO C: C.cmd, C.ps1
> [!NOTE]
> This policy setting determines the order in which user logon and logoff scripts are run within all applicable GPOs. You can override this policy setting for specific script types within a specific GPO by configuring the following policy settings for the GPO:
@@ -702,3 +714,7 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
+
diff --git a/windows/client-management/mdm/policy-csp-admx-sdiageng.md b/windows/client-management/mdm/policy-csp-admx-sdiageng.md
index 5b902e0ec5..7d9082639e 100644
--- a/windows/client-management/mdm/policy-csp-admx-sdiageng.md
+++ b/windows/client-management/mdm/policy-csp-admx-sdiageng.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_sdiageng
-description: Policy CSP - ADMX_sdiageng
+description: Learn about Policy CSP - ADMX_sdiageng.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -48,8 +48,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -68,7 +69,7 @@ manager: dansimp
This policy setting allows Internet-connected users to access and search troubleshooting content that is hosted on Microsoft content servers. Users can access online troubleshooting content from within the Troubleshooting Control Panel UI by clicking "Yes" when they are prompted by a message that states, "Do you want the most up-to-date troubleshooting content?"
-If you enable or do not configure this policy setting, users who are connected to the Internet can access and search troubleshooting content that is hosted on Microsoft content servers from within the Troubleshooting Control Panel user interface.
+If you enable or don't configure this policy setting, users who are connected to the Internet can access and search troubleshooting content that is hosted on Microsoft content servers from within the Troubleshooting Control Panel user interface.
If you disable this policy setting, users can only access and search troubleshooting content that is available locally on their computers, even if they are connected to the Internet. They are prevented from connecting to the Microsoft servers that host the Windows Online Troubleshooting Service.
@@ -94,8 +95,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -114,11 +116,11 @@ ADMX Info:
This policy setting allows users to access and run the troubleshooting tools that are available in the Troubleshooting Control Panel and to run the troubleshooting wizard to troubleshoot problems on their computers.
-If you enable or do not configure this policy setting, users can access and run the troubleshooting tools from the Troubleshooting Control Panel.
+If you enable or don't configure this policy setting, users can access and run the troubleshooting tools from the Troubleshooting Control Panel.
If this policy setting is disabled, the users cannot access or run the troubleshooting tools from the Control Panel.
->[!Note]
+>[!NOTE]
>This setting also controls a user's ability to launch standalone troubleshooting packs such as those found in .diagcab files.
@@ -143,8 +145,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -165,7 +168,7 @@ This policy setting determines whether scripted diagnostics will execute diagnos
If you enable this policy setting, the scripted diagnostics execution engine validates the signer of any diagnostic package and runs only those signed by trusted publishers.
-If you disable or do not configure this policy setting, the scripted diagnostics execution engine runs all digitally signed packages.
+If you disable or don't configure this policy setting, the scripted diagnostics execution engine runs all digitally signed packages.
@@ -183,4 +186,6 @@ ADMX Info:
+## Related topics
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-sdiagschd.md b/windows/client-management/mdm/policy-csp-admx-sdiagschd.md
index 31c0354809..1b35263fab 100644
--- a/windows/client-management/mdm/policy-csp-admx-sdiagschd.md
+++ b/windows/client-management/mdm/policy-csp-admx-sdiagschd.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_sdiagschd
-description: Policy CSP - ADMX_sdiagschd
+description: Learn about Policy CSP - ADMX_sdiagschd.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -43,8 +43,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -63,12 +64,12 @@ manager: dansimp
This policy determines whether scheduled diagnostics will run to proactively detect and resolve system problems.
-- If you enable this policy setting, you must choose an execution level.
+If you enable this policy setting, you must choose an execution level from the following:
-If you choose detection and troubleshooting only, Windows will periodically detect and troubleshoot problems. The user will be notified of the problem for interactive resolution.
-If you choose detection, troubleshooting and resolution, Windows will resolve some of these problems silently without requiring user input.
+- If you choose detection and troubleshooting only, Windows will periodically detect and troubleshoot problems. The user will be notified of the problem for interactive resolution.
+- If you choose detection, troubleshooting and resolution, Windows will resolve some of these problems silently without requiring user input.
-- If you disable this policy setting, Windows won't be able to detect, troubleshoot or resolve problems on a scheduled basis.
+If you disable this policy setting, Windows won't be able to detect, troubleshoot or resolve problems on a scheduled basis.
If you don't configure this policy setting, local troubleshooting preferences will take precedence, as configured in the control panel. If no local troubleshooting preference is configured, scheduled diagnostics are enabled for detection, troubleshooting and resolution by default. No reboots or service restarts are required for this policy to take effect: changes take effect immediately. This policy setting will only take effect when the Task Scheduler service is in the running state. When the service is stopped or disabled, scheduled diagnostics won't be executed. The Task Scheduler service can be configured with the Services snap-in to the Microsoft Management Console.
@@ -88,3 +89,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-securitycenter.md b/windows/client-management/mdm/policy-csp-admx-securitycenter.md
index 92746a10df..db28229ae8 100644
--- a/windows/client-management/mdm/policy-csp-admx-securitycenter.md
+++ b/windows/client-management/mdm/policy-csp-admx-securitycenter.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_Securitycenter
-description: Policy CSP - ADMX_Securitycenter
+description: Learn about Policy CSP - ADMX_Securitycenter.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -42,8 +42,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -60,7 +61,9 @@ manager: dansimp
-This policy setting specifies whether Security Center is turned on or off for computers that are joined to an Active Directory domain. When Security Center is turned on, it monitors essential security settings and notifies the user when the computer might be at risk. The Security Center Control Panel category view also contains a status section, where the user can get recommendations to help increase the computer's security. When Security Center isn't enabled on the domain, the notifications and the Security Center status section aren't displayed.
+This policy setting specifies whether Security Center is turned on or off for computers that are joined to an Active Directory domain. When Security Center is turned on, it monitors essential security settings and notifies the user when the computer might be at risk.
+
+The Security Center Control Panel category view also contains a status section, where the user can get recommendations to help increase the computer's security. When Security Center isn't enabled on the domain, the notifications and the Security Center status section aren't displayed.
Security Center can only be turned off for computers that are joined to a Windows domain. When a computer isn't joined to a Windows domain, the policy setting will have no effect.
@@ -89,3 +92,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-sensors.md b/windows/client-management/mdm/policy-csp-admx-sensors.md
index 560b651c17..2849e15624 100644
--- a/windows/client-management/mdm/policy-csp-admx-sensors.md
+++ b/windows/client-management/mdm/policy-csp-admx-sensors.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_Sensors
-description: Policy CSP - ADMX_Sensors
+description: Learn about Policy CSP - ADMX_Sensors.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -54,8 +54,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -74,9 +75,9 @@ manager: dansimp
This policy setting turns off scripting for the location feature.
-If you enable this policy setting, scripts for the location feature will not run.
+If you enable this policy setting, scripts for the location feature won't run.
-If you disable or do not configure this policy setting, all location scripts will run.
+If you disable or don't configure this policy setting, all location scripts will run.
@@ -100,8 +101,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -122,7 +124,7 @@ This policy setting turns off scripting for the location feature.
If you enable this policy setting, scripts for the location feature will not run.
-If you disable or do not configure this policy setting, all location scripts will run.
+If you disable or don't configure this policy setting, all location scripts will run.
@@ -146,8 +148,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -168,7 +171,7 @@ This policy setting turns off the location feature for this computer.
If you enable this policy setting, the location feature is turned off, and all programs on this computer are prevented from using location information from the location feature.
-If you disable or do not configure this policy setting, all programs on this computer will not be prevented from using location information from the location feature.
+If you disable or don't configure this policy setting, all programs on this computer won't be prevented from using location information from the location feature.
@@ -192,8 +195,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -212,9 +216,9 @@ ADMX Info:
This policy setting turns off the sensor feature for this computer.
-If you enable this policy setting, the sensor feature is turned off, and all programs on this computer cannot use the sensor feature.
+If you enable this policy setting, the sensor feature is turned off, and all programs on this computer can't use the sensor feature.
-If you disable or do not configure this policy setting, all programs on this computer can use the sensor feature.
+If you disable or don't configure this policy setting, all programs on this computer can use the sensor feature.
@@ -238,8 +242,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -258,9 +263,9 @@ ADMX Info:
This policy setting turns off the sensor feature for this computer.
-If you enable this policy setting, the sensor feature is turned off, and all programs on this computer cannot use the sensor feature.
+If you enable this policy setting, the sensor feature is turned off, and all programs on this computer can't use the sensor feature.
-If you disable or do not configure this policy setting, all programs on this computer can use the sensor feature.
+If you disable or don't configure this policy setting, all programs on this computer can use the sensor feature.
@@ -278,4 +283,8 @@ ADMX Info:
-
\ No newline at end of file
+
+
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-servermanager.md b/windows/client-management/mdm/policy-csp-admx-servermanager.md
index 8bb98497e4..a14eb4488d 100644
--- a/windows/client-management/mdm/policy-csp-admx-servermanager.md
+++ b/windows/client-management/mdm/policy-csp-admx-servermanager.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_ServerManager
-description: Policy CSP - ADMX_ServerManager
+description: Learn about Policy CSP - ADMX_ServerManager.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -52,8 +52,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -70,11 +71,11 @@ manager: dansimp
-This policy setting allows you to turn off the automatic display of Server Manager at a sign in.
+This policy setting allows you to turn off the automatic display of Server Manager at sign in.
-- If you enable this policy setting, Server Manager isn't displayed automatically when a user signs in to the server.
+If you enable this policy setting, Server Manager isn't displayed automatically when a user signs in to the server.
-- If you disable this policy setting, Server Manager is displayed automatically when a user signs in to the server.
+If you disable this policy setting, Server Manager is displayed automatically when a user signs in to the server.
If you don't configure this policy setting, Server Manager is displayed when a user signs in to the server. However, if the "Do not show me this console at logon" (Windows Server 2008 and Windows Server 2008 R2) or “Do not start Server Manager automatically at logon” (Windows Server 2012) option is selected, the console isn't displayed automatically at a sign in.
@@ -104,8 +105,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -154,8 +156,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -174,9 +177,9 @@ ADMX Info:
This policy setting allows you to turn off the automatic display of the Initial Configuration Tasks window at a sign in on Windows Server 2008 and Windows Server 2008 R2.
-- If you enable this policy setting, the Initial Configuration Tasks window isn't displayed when an administrator signs in to the server.
+If you enable this policy setting, the Initial Configuration Tasks window isn't displayed when an administrator signs in to the server.
-- If you disable this policy setting, the Initial Configuration Tasks window is displayed when an administrator signs in to the server.
+If you disable this policy setting, the Initial Configuration Tasks window is displayed when an administrator signs in to the server.
If you don't configure this policy setting, the Initial Configuration Tasks window is displayed when an administrator signs in to the server. However, if an administrator selects the "Do not show this window at logon" option, the window isn't displayed on subsequent logons.
@@ -202,8 +205,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -243,3 +247,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-servicing.md b/windows/client-management/mdm/policy-csp-admx-servicing.md
index a995b45573..e4d18d9a66 100644
--- a/windows/client-management/mdm/policy-csp-admx-servicing.md
+++ b/windows/client-management/mdm/policy-csp-admx-servicing.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_Servicing
-description: Policy CSP - ADMX_Servicing
+description: Learn about Policy CSP - ADMX_Servicing.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -37,8 +37,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -81,3 +82,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-settingsync.md b/windows/client-management/mdm/policy-csp-admx-settingsync.md
index 9d61845ecc..c7355a160c 100644
--- a/windows/client-management/mdm/policy-csp-admx-settingsync.md
+++ b/windows/client-management/mdm/policy-csp-admx-settingsync.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_SettingSync
-description: Policy CSP - ADMX_SettingSync
+description: Learn about Policy CSP - ADMX_SettingSync.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -66,8 +66,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -84,11 +85,11 @@ manager: dansimp
-Prevent the "AppSync" group from syncing to and from this PC. This option turns off and disables the "AppSync" group on the "sync your settings" page in PC settings.
+This policy setting prevents the "AppSync" group from syncing to and from this PC. This option turns off and disables the "AppSync" group on the "sync your settings" page in PC settings.
If you enable this policy setting, the "AppSync" group won't be synced.
-Use the option "Allow users to turn app syncing on" so that syncing it turned off by default but not disabled.
+Use the option "Allow users to turn app syncing on" so that syncing it is turned off by default but not disabled.
If you don't set or disable this setting, syncing of the "AppSync" group is on by default and configurable by the user.
@@ -114,8 +115,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -132,11 +134,11 @@ ADMX Info:
-Prevent the "app settings" group from syncing to and from this PC. This option turns off and disables the "app settings" group on the "sync your settings" page in PC settings.
+This policy seting prevents the "app settings" group from syncing to and from this PC. This option turns off and disables the "app settings" group on the "sync your settings" page in PC settings.
If you enable this policy setting, the "app settings" group won't be synced.
-Use the option "Allow users to turn app settings syncing on" so that syncing it turned off by default but not disabled.
+Use the option "Allow users to turn app settings syncing on" so that syncing it is turned off by default but not disabled.
If you don't set or disable this setting, syncing of the "app settings" group is on by default and configurable by the user.
@@ -162,8 +164,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -180,11 +183,11 @@ ADMX Info:
-Prevent the "passwords" group from syncing to and from this PC. This option turns off and disables the "passwords" group on the "sync your settings" page in PC settings.
+This policy seting prevents the "passwords" group from syncing to and from this PC. This option turns off and disables the "passwords" group on the "sync your settings" page in PC settings.
If you enable this policy setting, the "passwords" group won't be synced.
-Use the option "Allow users to turn passwords syncing on" so that syncing it turned off by default but not disabled.
+Use the option "Allow users to turn passwords syncing on" so that syncing it is turned off by default but not disabled.
If you don't set or disable this setting, syncing of the "passwords" group is on by default and configurable by the user.
@@ -210,8 +213,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -228,11 +232,11 @@ ADMX Info:
-Prevent the "desktop personalization" group from syncing to and from this PC. This option turns off and disables the "desktop personalization" group on the "sync your settings" page in PC settings.
+This policy setting prevents the "desktop personalization" group from syncing to and from this PC. This option turns off and disables the "desktop personalization" group on the "sync your settings" page in PC settings.
If you enable this policy setting, the "desktop personalization" group won't be synced.
-Use the option "Allow users to turn desktop personalization syncing on" so that syncing it turned off by default but not disabled.
+Use the option "Allow users to turn desktop personalization syncing on" so that syncing it is turned off by default but not disabled.
If you don't set or disable this setting, syncing of the "desktop personalization" group is on by default and configurable by the user.
@@ -258,8 +262,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -276,11 +281,11 @@ ADMX Info:
-Prevent the "personalize" group from syncing to and from this PC. This option turns off and disables the "personalize" group on the "sync your settings" page in PC settings.
+This policy setting prevents the "personalize" group from syncing to and from this PC. This option turns off and disables the "personalize" group on the "sync your settings" page in PC settings.
If you enable this policy setting, the "personalize" group won't be synced.
-Use the option "Allow users to turn personalize syncing on" so that syncing it turned off by default but not disabled.
+Use the option "Allow users to turn personalize syncing on" so that syncing it is turned off by default but not disabled.
If you don't set or disable this setting, syncing of the "personalize" group is on by default and configurable by the user.
@@ -306,8 +311,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -324,11 +330,11 @@ ADMX Info:
-Prevent syncing to and from this PC. This option turns off and disables the "sync your settings" switch on the "sync your settings" page in PC Settings.
+This policy setting prevents syncing to and from this PC. This option turns off and disables the "sync your settings" switch on the "sync your settings" page in PC Settings.
If you enable this policy setting, "sync your settings" will be turned off, and none of the "sync your setting" groups will be synced on this PC.
-Use the option "Allow users to turn syncing on" so that syncing it turned off by default but not disabled.
+Use the option "Allow users to turn syncing on" so that syncing it is turned off by default but not disabled.
If you don't set or disable this setting, "sync your settings" is on by default and configurable by the user.
@@ -354,8 +360,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -372,7 +379,7 @@ ADMX Info:
-Prevent the "Start layout" group from syncing to and from this PC. This option turns off and disables the "Start layout" group on the "sync your settings" page in PC settings.
+This policy setting prevents the "Start layout" group from syncing to and from this PC. This option turns off and disables the "Start layout" group on the "sync your settings" page in PC settings.
If you enable this policy setting, the "Start layout" group won't be synced.
@@ -402,8 +409,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -420,7 +428,7 @@ ADMX Info:
-Prevent syncing to and from this PC when on metered Internet connections. This option turns off and disables "sync your settings on metered connections" switch on the "sync your settings" page in PC Settings.
+This policy setting prevents syncing to and from this PC when on metered Internet connections. This option turns off and disables "sync your settings on metered connections" switch on the "sync your settings" page in PC Settings.
If you enable this policy setting, syncing on metered connections will be turned off, and no syncing will take place when this PC is on a metered connection.
@@ -448,8 +456,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -466,11 +475,11 @@ ADMX Info:
-Prevent the "Other Windows settings" group from syncing to and from this PC. This option turns off and disables the "Other Windows settings" group on the "sync your settings" page in PC settings.
+This policy setting prevents the "Other Windows settings" group from syncing to and from this PC. This option turns off and disables the "Other Windows settings" group on the "sync your settings" page in PC settings.
If you enable this policy setting, the "Other Windows settings" group won't be synced.
-Use the option "Allow users to turn other Windows settings syncing on" so that syncing it turned off by default but not disabled.
+Use the option "Allow users to turn other Windows settings syncing on" so that syncing it is turned off by default but not disabled.
If you don't set or disable this setting, syncing of the "Other Windows settings" group is on by default and configurable by the user.
@@ -491,3 +500,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-sharedfolders.md b/windows/client-management/mdm/policy-csp-admx-sharedfolders.md
index 08337cd9ac..c48eab98b9 100644
--- a/windows/client-management/mdm/policy-csp-admx-sharedfolders.md
+++ b/windows/client-management/mdm/policy-csp-admx-sharedfolders.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_SharedFolders
-description: Policy CSP - ADMX_SharedFolders
+description: Learn about Policy CSP - ADMX_SharedFolders.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -44,8 +44,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -64,7 +65,7 @@ manager: dansimp
This policy setting determines whether the user can publish DFS roots in Active Directory Domain Services (AD DS).
-If you enable or do not configure this policy setting, users can use the "Publish in Active Directory" option to publish DFS roots as shared folders in AD DS .
+If you enable or don't configure this policy setting, users can use the "Publish in Active Directory" option to publish DFS roots as shared folders in AD DS .
If you disable this policy setting, users cannot publish DFS roots in AD DS and the "Publish in Active Directory" option is disabled.
@@ -94,8 +95,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -114,9 +116,9 @@ ADMX Info:
This policy setting determines whether the user can publish shared folders in Active Directory Domain Services (AD DS).
-If you enable or do not configure this policy setting, users can use the "Publish in Active Directory" option in the Shared Folders snap-in to publish shared folders in AD DS.
+If you enable or don't configure this policy setting, users can use the "Publish in Active Directory" option in the Shared Folders snap-in to publish shared folders in AD DS.
-If you disable this policy setting, users cannot publish shared folders in AD DS, and the "Publish in Active Directory" option is disabled.
+If you disable this policy setting, users can't publish shared folders in AD DS, and the "Publish in Active Directory" option is disabled.
> [!NOTE]
> The default is to allow shared folders to be published when this setting is not configured.
@@ -139,3 +141,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-sharing.md b/windows/client-management/mdm/policy-csp-admx-sharing.md
index 72af1e5fd1..9a02cd3b35 100644
--- a/windows/client-management/mdm/policy-csp-admx-sharing.md
+++ b/windows/client-management/mdm/policy-csp-admx-sharing.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_Sharing
-description: Policy CSP - ADMX_Sharing
+description: Learn about Policy CSP - ADMX_Sharing.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -41,8 +41,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -82,3 +83,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md b/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md
index d9a9efabdf..e226b26906 100644
--- a/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md
+++ b/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_ShellCommandPromptRegEditTools
-description: Policy CSP - ADMX_ShellCommandPromptRegEditTools
+description: Learn about Policy CSP - ADMX_ShellCommandPromptRegEditTools.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -52,8 +52,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -70,13 +71,13 @@ manager: dansimp
-This policy setting prevents users from running the interactive command prompt, Cmd.exe.
+This policy setting prevents users from running the interactive command prompt `Cmd.exe`.
This policy setting also determines whether batch files (.cmd and .bat) can run on the computer.
-- If you enable this policy setting and the user tries to open a command window, the system displays a message explaining that a setting prevents the action. .
+If you enable this policy setting and the user tries to open a command window, the system displays a message explaining that a setting prevents the action. .
-- If you disable this policy setting or don't configure it, users can run Cmd.exe and batch files normally.
+If you disable this policy setting or don't configure it, users can run Cmd.exe and batch files normally.
> [!NOTE]
> Don't prevent the computer from running batch files if the computer uses logon, logoff, startup, or shutdown batch file scripts, or for users that use Remote Desktop Services.
@@ -105,8 +106,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -123,11 +125,11 @@ ADMX Info:
-This policy setting disables the Windows registry editor Regedit.exe.
+This policy setting disables the Windows registry editor `Regedit.exe`.
-- If you enable this policy setting and the user tries to start Regedit.exe, a message appears explaining that a policy setting prevents the action.
+If you enable this policy setting and the user tries to start `Regedit.exe`, a message appears explaining that a policy setting prevents the action.
-- If you disable this policy setting or don't configure it, users can run Regedit.exe normally.
+If you disable this policy setting or don't configure it, users can run `Regedit.exe` normally.
To prevent users from using other administrative tools, use the "Run only specified Windows applications" policy setting.
@@ -153,8 +155,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -173,11 +176,11 @@ ADMX Info:
This policy setting limits the Windows programs that users have permission to run on the computer.
-- If you enable this policy setting, users can only run programs that you add to the list of allowed applications.
+If you enable this policy setting, users can only run programs that you add to the list of allowed applications.
-- If you disable this policy setting or don't configure it, users can run all applications. This policy setting only prevents users from running programs that are started by the File Explorer process.
+If you disable this policy setting or don't configure it, users can run all applications. This policy setting only prevents users from running programs that are started by the File Explorer process.
-It doesn't prevent users from running programs such as Task Manager, which is started by the system process or by other processes. Also, if users have access to the command prompt (Cmd.exe), this policy setting doesn't prevent them from starting programs in the command window even though they would be prevented from doing so using File Explorer.
+It doesn't prevent users from running programs such as Task Manager, which is started by the system process or by other processes. Also, if users have access to the command prompt `Cmd.exe`, this policy setting doesn't prevent them from starting programs in the command window even though they would be prevented from doing so using File Explorer.
Non-Microsoft applications with Windows 2000 or later certification are required to comply with this policy setting.
@@ -205,8 +208,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -225,15 +229,15 @@ ADMX Info:
This policy setting prevents Windows from running the programs you specify in this policy setting.
-- If you enable this policy setting, users can't run programs that you add to the list of disallowed applications.
+If you enable this policy setting, users can't run programs that you add to the list of disallowed applications.
-- If you disable this policy setting or don't configure it, users can run any programs.
+If you disable this policy setting or don't configure it, users can run any programs.
This policy setting only prevents users from running programs that are started by the File Explorer process. It doesn't prevent users from running programs, such as Task Manager, which are started by the system process or by other processes. Also, if users have access to the command prompt (Cmd.exe), this policy setting doesn't prevent them from starting programs in the command window even though they would be prevented from doing so using File Explorer.
Non-Microsoft applications with Windows 2000 or later certification are required to comply with this policy setting.
-To create a list of allowed applications, click Show. In the Show Contents dialog box, in the Value column, type the application executable name (for example, Winword.exe, Poledit.exe, Powerpnt.exe).
+To create a list of allowed applications, click Show. In the Show Contents dialog box, in the Value column, type the application executable name (for example, Winword.exe, Poledit.exe, Powerpnt.exe).
@@ -251,3 +255,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-smartcard.md b/windows/client-management/mdm/policy-csp-admx-smartcard.md
index 089c628ab8..6c6fae1e34 100644
--- a/windows/client-management/mdm/policy-csp-admx-smartcard.md
+++ b/windows/client-management/mdm/policy-csp-admx-smartcard.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_Smartcard
-description: Policy CSP - ADMX_Smartcard
+description: Learn about Policy CSP - ADMX_Smartcard.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -87,8 +87,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -107,7 +108,7 @@ manager: dansimp
This policy setting lets you allow certificates without an Extended Key Usage (EKU) set to be used for signing in.
-In versions of Windows prior to Windows Vista, smart card certificates that are used for a sign in require an enhanced key usage (EKU) extension with a smart card logon object identifier. This policy setting can be used to modify that restriction.
+In versions of Windows, prior to Windows Vista, smart card certificates that are used for a sign-in require an enhanced key usage (EKU) extension with a smart card logon object identifier. This policy setting can be used to modify that restriction.
If you enable this policy setting, certificates with the following attributes can also be used to sign in on with a smart card:
@@ -139,8 +140,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -159,7 +161,7 @@ ADMX Info:
This policy setting lets you determine whether the integrated unblock feature will be available in the logon User Interface (UI).
-In order to use the integrated unblock feature, your smart card must support this feature. Check with your hardware manufacturer to see if your smart card supports this feature.
+In order to use the integrated unblock feature, your smart card must support this feature. Check with your hardware manufacturer to see if your smart card supports this feature.
If you enable this policy setting, the integrated unblock feature will be available.
@@ -187,8 +189,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -233,8 +236,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -251,9 +255,9 @@ ADMX Info:
-This policy setting permits those certificates to be displayed for a sign in which are either expired or not yet valid.
+This policy setting permits those certificates to be displayed for a sign-in, which are either expired or not yet valid.
-Under previous versions of Microsoft Windows, certificates were required to contain a valid time and not be expired. The certificate must still be accepted by the domain controller in order to be used. This setting only controls the displaying of the certificate on the client machine.
+Under previous versions of Microsoft Windows, certificates were required to contain a valid time and not be expired. The certificate must still be accepted by the domain controller in order to be used. This setting only controls displaying of the certificate on the client machine.
If you enable this policy setting, certificates will be listed on the sign-in screen regardless of whether they have an invalid time or their time validity has expired.
@@ -281,8 +285,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -327,8 +332,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -345,7 +351,11 @@ ADMX Info:
-This policy setting allows you to manage the cleanup behavior of root certificates. If you enable this policy setting, then root certificate cleanup will occur according to the option selected. If you disable or don't configure this setting then root certificate cleanup will occur on a sign out.
+This policy setting allows you to manage the cleanup behavior of root certificates.
+
+If you enable this policy setting, then root certificate cleanup will occur according to the option selected.
+
+If you disable or don't configure this setting then root certificate cleanup will occur on a sign out.
@@ -369,8 +379,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -392,7 +403,7 @@ This policy setting allows you to manage the root certificate propagation that o
If you enable or don't configure this policy setting then root certificate propagation will occur when you insert your smart card.
> [!NOTE]
-> For this policy setting to work the following policy setting must also be enabled: Turn on certificate propagation from smart card.
+> For this policy setting to work this policy setting must also be enabled: "Turn on certificate propagation from smart card".
If you disable this policy setting, then root certificates won't be propagated from the smart card.
@@ -418,8 +429,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -467,8 +479,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -485,7 +498,7 @@ ADMX Info:
-This policy setting allows you to control whether elliptic curve cryptography (ECC) certificates on a smart card can be used to sign in to a domain.
+This policy setting allows you to control whether elliptic curve cryptography (ECC) certificates on a smart card can be used to sign-in to a domain.
If you enable this policy setting, ECC certificates on a smart card can be used to sign in to a domain.
@@ -494,6 +507,7 @@ If you disable or don't configure this policy setting, ECC certificates on a sma
> [!NOTE]
> This policy setting only affects a user's ability to log on to a domain. ECC certificates on a smart card that are used for other applications, such as document signing, are not affected by this policy setting.
> If you use an ECDSA key to log on, you must also have an associated ECDH key to permit logons when you are not connected to the network.
+
@@ -516,8 +530,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -541,7 +556,7 @@ During the certificate renewal period, a user can have multiple valid logon cert
If there are two or more of the "same" certificate on a smart card and this policy is enabled, then the certificate that is used for a sign in on Windows 2000, Windows XP, and Windows 2003 Server will be shown, otherwise the certificate with the expiration time furthest in the future will be shown.
> [!NOTE]
-> This setting will be applied after the following policy: "Allow time invalid certificates"
+> This setting will be applied after this policy: "Allow time invalid certificates"
If you enable or don't configure this policy setting, filtering will take place.
@@ -569,8 +584,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -587,9 +603,9 @@ ADMX Info:
-This policy setting allows you to manage the reading of all certificates from the smart card for a sign in.
+This policy setting allows you to manage the reading of all certificates from the smart card for a sign-in.
-During a sign in, Windows will by default only read the default certificate from the smart card unless it supports retrieval of all certificates in a single call. This setting forces Windows to read all the certificates from the card. This setting can introduce a significant performance decrease in certain situations. Contact your smart card vendor to determine if your smart card and associated CSP supports the required behavior.
+During a sign-in, Windows will by default only read the default certificate from the smart card unless it supports retrieval of all certificates in a single call. This setting forces Windows to read all the certificates from the card. This setting can introduce a significant performance decrease in certain situations. Contact your smart card vendor to determine if your smart card and associated CSP supports the required behavior.
If you enable this setting, then Windows will attempt to read all certificates from the smart card regardless of the feature set of the CSP.
@@ -617,8 +633,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -640,7 +657,7 @@ This policy setting allows you to manage the displayed message when a smart card
If you enable this policy setting, the specified message will be displayed to the user when the smart card is blocked.
> [!NOTE]
-> The following policy setting must be enabled: Allow Integrated Unblock screen to be displayed at the time of logon.
+> The following policy setting must be enabled: "Allow Integrated Unblock screen to be displayed at the time of logon".
If you disable or don't configure this policy setting, the default message will be displayed to the user when the smart card is blocked, if the integrated unblock feature is enabled.
@@ -666,8 +683,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -686,7 +704,7 @@ ADMX Info:
This policy setting lets you reverse the subject name from how it's stored in the certificate when displaying it during a sign in.
-By default the user principal name (UPN) is displayed in addition to the common name to help users distinguish one certificate from another. For example, if the certificate subject was CN=User1, OU=Users, DN=example, DN=com and had an UPN of user1@example.com then "User1" will be displayed along with "user1@example.com." If the UPN isn't present, then the entire subject name will be displayed. This setting controls the appearance of that subject name and might need to be adjusted per organization.
+By default the User Principal Name (UPN) is displayed in addition to the common name to help users distinguish one certificate from another. For example, if the certificate subject was CN=User1, OU=Users, DN=example, DN=com and had an UPN of user1@example.com then "User1" will be displayed along with "user1@example.com." If the UPN isn't present, then the entire subject name will be displayed. This setting controls the appearance of that subject name and might need to be adjusted per organization.
If you enable this policy setting or don't configure this setting, then the subject name will be reversed.
@@ -714,8 +732,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -763,8 +782,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -812,8 +832,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -830,7 +851,7 @@ ADMX Info:
-This policy setting lets you determine whether an optional field will be displayed during a sign in and elevation that allows users to enter their user name or user name and domain, thereby associating a certificate with the users.
+This policy setting lets you determine whether an optional field will be displayed during a sign-in and elevation that allows users to enter their user name or user name and domain, thereby associating a certificate with the users.
If you enable this policy setting, then an optional field that allows a user to enter their user name or user name and domain will be displayed.
@@ -854,3 +875,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-snmp.md b/windows/client-management/mdm/policy-csp-admx-snmp.md
index 528ebac188..0767b4c97c 100644
--- a/windows/client-management/mdm/policy-csp-admx-snmp.md
+++ b/windows/client-management/mdm/policy-csp-admx-snmp.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_Snmp
-description: Policy CSP - ADMX_Snmp
+description: Learn about Policy CSP - ADMX_Snmp.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -48,8 +48,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -74,13 +75,13 @@ A valid community is a community recognized by the SNMP service, while a communi
If you enable this policy setting, the SNMP agent only accepts requests from management systems within the communities it recognizes, and only SNMP Read operation is allowed for the community.
-If you disable or do not configure this policy setting, the SNMP service takes the Valid Communities configured on the local computer instead.
+If you disable or don't configure this policy setting, the SNMP service takes the Valid Communities configured on the local computer instead.
Best practice: For security purposes, it is recommended to restrict the HKLM\SOFTWARE\Policies\SNMP\Parameters\ValidCommunities key to allow only the local admin group full control.
> [!NOTE]
> - It is good practice to use a cryptic community name.
-> - This policy setting has no effect if the SNMP agent is not installed on the client computer.
+> - This policy setting has no effect if the SNMP agent isn't installed on the client computer.
Also, see the other two SNMP settings: "Specify permitted managers" and "Specify trap configuration".
@@ -106,8 +107,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -132,12 +134,12 @@ The manager is located on the host computer on the network. The manager's role i
If you enable this policy setting, the SNMP agent only accepts requests from the list of permitted managers that you configure using this setting.
-If you disable or do not configure this policy setting, SNMP service takes the permitted managers configured on the local computer instead.
+If you disable or don't configure this policy setting, SNMP service takes the permitted managers configured on the local computer instead.
Best practice: For security purposes, it is recommended to restrict the HKLM\SOFTWARE\Policies\SNMP\Parameters\PermittedManagers key to allow only the local admin group full control.
> [!NOTE]
-> This policy setting has no effect if the SNMP agent is not installed on the client computer.
+> This policy setting has no effect if the SNMP agent isn't installed on the client computer.
Also, see the other two SNMP policy settings: "Specify trap configuration" and "Specify Community Name".
@@ -163,8 +165,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -189,10 +192,10 @@ This policy setting allows you to configure the name of the hosts that receive t
If you enable this policy setting, the SNMP service sends trap messages to the hosts within the "public" community.
-If you disable or do not configure this policy setting, the SNMP service takes the trap configuration configured on the local computer instead.
+If you disable or don't configure this policy setting, the SNMP service takes the trap configuration configured on the local computer instead.
> [!NOTE]
-> This setting has no effect if the SNMP agent is not installed on the client computer.
+> This setting has no effect if the SNMP agent isn't installed on the client computer.
Also, see the other two SNMP settings: "Specify permitted managers" and "Specify Community Name".
@@ -214,3 +217,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-soundrec.md b/windows/client-management/mdm/policy-csp-admx-soundrec.md
index 1609eb9c33..77dcf00f34 100644
--- a/windows/client-management/mdm/policy-csp-admx-soundrec.md
+++ b/windows/client-management/mdm/policy-csp-admx-soundrec.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_SoundRec
-description: Policy CSP - ADMX_SoundRec
+description: Learn about Policy CSP - ADMX_SoundRec.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -46,8 +46,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -64,11 +65,13 @@ manager: dansimp
-This policy specifies whether Sound Recorder can run. Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file.
+This policy specifies whether Sound Recorder can run.
-If you enable this policy setting, Sound Recorder will not run.
+Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file.
-If you disable or do not configure this policy setting, Sound Recorder can be run.
+If you enable this policy setting, Sound Recorder won't run.
+
+If you disable or don't configure this policy setting, Sound Recorder can run.
@@ -92,8 +95,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -110,11 +114,13 @@ ADMX Info:
-This policy specifies whether Sound Recorder can run. Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file.
+This policy specifies whether Sound Recorder can run.
-If you enable this policy setting, Sound Recorder will not run.
+Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file.
-If you disable or do not configure this policy setting, Sound Recorder can be run.
+If you enable this policy setting, Sound Recorder won't run.
+
+If you disable or don't configure this policy setting, Sound Recorder can be run.
@@ -131,3 +137,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-srmfci.md b/windows/client-management/mdm/policy-csp-admx-srmfci.md
index 325fd93379..125aec535d 100644
--- a/windows/client-management/mdm/policy-csp-admx-srmfci.md
+++ b/windows/client-management/mdm/policy-csp-admx-srmfci.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_srmfci
-description: Policy CSP - ADMX_srmfci
+description: Learn about Policy CSP - ADMX_srmfci.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -46,8 +46,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -64,7 +65,7 @@ manager: dansimp
-This Group Policy Setting should be set on Windows clients to enable access-denied assistance for all file types.
+This group policy setting should be set on Windows clients to enable access-denied assistance for all file types.
@@ -88,8 +89,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -130,3 +132,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-startmenu.md b/windows/client-management/mdm/policy-csp-admx-startmenu.md
index f89c8f56d9..78b189b308 100644
--- a/windows/client-management/mdm/policy-csp-admx-startmenu.md
+++ b/windows/client-management/mdm/policy-csp-admx-startmenu.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_StartMenu
-description: Policy CSP - ADMX_StartMenu
+description: Learn about Policy CSP - ADMX_StartMenu.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -240,8 +240,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -286,8 +287,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -304,7 +306,7 @@ ADMX Info:
-Clear history of recently opened documents on exit.
+This policy setting clears history of recently opened documents on exit.
If you enable this setting, the system deletes shortcuts to recently used document files when the user signs out. As a result, the Recent Items menu on the Start menu is always empty when the user logs on. In addition, recently and frequently used items in the Jump Lists off of programs in the Start Menu and Taskbar will be cleared when the user signs out.
@@ -343,8 +345,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -387,8 +390,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -433,8 +437,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -479,8 +484,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -497,7 +503,7 @@ ADMX Info:
-This policy setting prevents the user from searching apps, files, settings (and the web if enabled) when the user searches from the Apps view.
+This policy setting prevents the user from searching apps, files and settings (and the web if enabled) when the user searches from the Apps view.
This policy setting is only applied when the Apps view is set as the default view for Start.
@@ -527,8 +533,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -582,8 +589,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -630,8 +638,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -681,8 +690,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -727,8 +737,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -745,7 +756,7 @@ ADMX Info:
-Disables personalized menus.
+This policy seting disables personalized menus.
Windows personalizes long menus by moving recently used items to the top of the menu and hiding items that haven't been used recently. Users can display the hidden items by clicking an arrow to extend the menu.
@@ -778,8 +789,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -829,8 +841,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -875,8 +888,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -925,8 +939,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -943,7 +958,7 @@ ADMX Info:
-Hides pop-up text on the Start menu and in the notification area.
+This policy setting hides pop-up text on the Start menu and in the notification area.
When you hold the cursor over an item on the Start menu or in the notification area, the system displays pop-up text providing additional information about the object.
@@ -973,8 +988,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1019,8 +1035,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1068,8 +1085,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1086,7 +1104,7 @@ ADMX Info:
-Removes items in the All Users profile from the Programs menu on the Start menu.
+This policy setting removes items in the All Users profile from the Programs menu on the Start menu.
By default, the Programs menu contains items from the All Users profile and items from the user's profile. If you enable this setting, only items in the user's profile appear in the Programs menu.
@@ -1114,8 +1132,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1132,7 +1151,7 @@ ADMX Info:
-Prevents users from adding the Favorites menu to the Start menu or classic Start menu.
+This policy setting prevents users from adding the Favorites menu to the Start menu or classic Start menu.
If you enable this setting, the Display Favorites item doesn't appear in the Advanced Start menu options box.
@@ -1167,8 +1186,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1220,8 +1240,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1264,8 +1285,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1312,8 +1334,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1362,8 +1385,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1413,8 +1437,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1465,8 +1490,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1511,8 +1537,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1529,7 +1556,7 @@ ADMX Info:
-Removes the Recent Items menu from the Start menu. Removes the Documents menu from the classic Start menu.
+This policy setting removes the Recent Items menu from the Start menu. Removes the Documents menu from the classic Start menu.
The Recent Items menu contains links to the non-program files that users have most recently opened. It appears so that users can easily reopen their documents.
@@ -1568,8 +1595,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1619,8 +1647,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1669,8 +1698,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1734,8 +1764,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1785,8 +1816,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1836,8 +1868,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1882,8 +1915,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1928,8 +1962,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1974,8 +2009,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2018,8 +2054,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2062,8 +2099,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2106,8 +2144,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2150,8 +2189,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2194,8 +2234,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2238,8 +2279,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2288,8 +2330,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2336,8 +2379,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2382,8 +2426,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2426,8 +2471,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2472,8 +2518,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2522,8 +2569,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2568,8 +2616,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2618,8 +2667,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2664,8 +2714,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2712,8 +2763,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2760,8 +2812,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2808,8 +2861,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2859,8 +2913,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2903,8 +2958,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2947,8 +3003,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2993,8 +3050,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3045,8 +3103,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3093,8 +3152,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3141,8 +3201,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3185,8 +3246,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3231,8 +3293,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3280,8 +3343,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3326,8 +3390,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3368,8 +3433,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3421,8 +3487,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3459,3 +3526,8 @@ ADMX Info:
+
+
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-systemrestore.md b/windows/client-management/mdm/policy-csp-admx-systemrestore.md
index b8c24f28ca..3349d83359 100644
--- a/windows/client-management/mdm/policy-csp-admx-systemrestore.md
+++ b/windows/client-management/mdm/policy-csp-admx-systemrestore.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_SystemRestore
-description: Policy CSP - ADMX_SystemRestore
+description: Learn about Policy CSP - ADMX_SystemRestore.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -42,8 +42,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -60,9 +61,7 @@ manager: dansimp
-Allows you to disable System Restore configuration through System Protection.
-
-This policy setting allows you to turn off System Restore configuration through System Protection.
+This policy setting allows you to disable System Restore configuration through System Protection.
System Restore enables users, in the event of a problem, to restore their computers to a previous state without losing personal data files. The behavior of this policy setting depends on the "Turn off System Restore" policy setting.
@@ -90,3 +89,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-tabletshell.md b/windows/client-management/mdm/policy-csp-admx-tabletshell.md
index 89216a67b0..2517de0c90 100644
--- a/windows/client-management/mdm/policy-csp-admx-tabletshell.md
+++ b/windows/client-management/mdm/policy-csp-admx-tabletshell.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_TabletShell
-description: Policy CSP - ADMX_TabletShell
+description: Learn about Policy CSP - ADMX_TabletShell.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -46,8 +46,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -64,7 +65,7 @@ manager: dansimp
-Prevents start of InkBall game.
+This policy setting prevents start of InkBall game.
If you enable this policy, the InkBall game won't run.
@@ -93,8 +94,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -111,9 +113,9 @@ ADMX Info:
-Prevents printing to Journal Note Writer.
+This policy setting prevents printing to Journal Note Writer.
-If you enable this policy, the Journal Note Writer printer driver won't allow printing to it. It will remain displayed in the list of available printers, but attempts to print to it will fail.
+If you enable this policy, the Journal Note Writer printer driver won't allow printing to it. It will remain displayed in the list of available printers, but attempts to print it will fail.
If you disable this policy, you'll be able to use this feature to print to a Journal Note. If you don't configure this policy, users will be able to use this feature to print to a Journal Note.
@@ -136,3 +138,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-taskbar.md b/windows/client-management/mdm/policy-csp-admx-taskbar.md
index 515570e609..259cfc544c 100644
--- a/windows/client-management/mdm/policy-csp-admx-taskbar.md
+++ b/windows/client-management/mdm/policy-csp-admx-taskbar.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_Taskbar
-description: Policy CSP - ADMX_Taskbar
+description: Learn about Policy CSP - ADMX_Taskbar.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -106,8 +106,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -132,7 +133,8 @@ If this setting is enabled, Notifications and Action Center isn't displayed in t
If you disable or don't configure this policy setting, Notification and Security and Maintenance will be displayed on the taskbar.
-A reboot is required for this policy setting to take effect.
+>[!NOTE]
+> A reboot is required for this policy setting to take effect.
@@ -155,8 +157,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -181,7 +184,8 @@ Enable this policy setting if a specific app or system component that uses ballo
If you disable or don’t configure this policy setting, all notifications will appear as toast notifications.
-A reboot is required for this policy setting to take effect.
+>[!NOTE]
+> A reboot is required for this policy setting to take effect.
@@ -204,8 +208,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -249,8 +254,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -294,8 +300,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -339,8 +346,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -384,8 +392,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -429,8 +438,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -474,8 +484,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -519,8 +530,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -565,8 +577,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -617,8 +630,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -663,8 +677,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -712,8 +727,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -759,8 +775,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -805,8 +822,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -850,8 +868,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -897,8 +916,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -942,8 +962,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -988,8 +1009,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1035,8 +1057,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1081,8 +1104,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1120,3 +1144,7 @@ ADMX Info:
+
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-tcpip.md b/windows/client-management/mdm/policy-csp-admx-tcpip.md
index 6a9bd7666d..227131133b 100644
--- a/windows/client-management/mdm/policy-csp-admx-tcpip.md
+++ b/windows/client-management/mdm/policy-csp-admx-tcpip.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_tcpip
-description: Policy CSP - ADMX_tcpip
+description: Learn about Policy CSP - ADMX_tcpip.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -79,8 +79,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -124,8 +125,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -169,8 +171,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -193,11 +196,9 @@ If you disable or do not configure this policy setting, the local host setting i
If you enable this policy setting, you can configure 6to4 with one of the following settings:
-Policy Default State: 6to4 is turned off and connectivity with 6to4 will not be available.
-
-Policy Enabled State: If a global IPv4 address is present, the host will have a 6to4 interface. If no global IPv4 address is present, the host will not have a 6to4 interface.
-
-Policy Disabled State: 6to4 is turned off and connectivity with 6to4 will not be available.
+- Policy Default State: 6to4 is turned off and connectivity with 6to4 will not be available.
+- Policy Enabled State: If a global IPv4 address is present, the host will have a 6to4 interface. If no global IPv4 address is present, the host will not have a 6to4 interface.
+- Policy Disabled State: 6to4 is turned off and connectivity with 6to4 will not be available.
@@ -220,8 +221,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -244,11 +246,9 @@ If you disable or do not configure this policy setting, the local host settings
If you enable this policy setting, you can specify an IP-HTTPS server URL. You will be able to configure IP-HTTPS with one of the following settings:
-Policy Default State: The IP-HTTPS interface is used when there are no other connectivity options.
-
-Policy Enabled State: The IP-HTTPS interface is always present, even if the host has other connectivity options.
-
-Policy Disabled State: No IP-HTTPS interfaces are present on the host.
+- Policy Default State: The IP-HTTPS interface is used when there are no other connectivity options.
+- Policy Enabled State: The IP-HTTPS interface is always present, even if the host has other connectiv-ity options.
+- Policy Disabled State: No IP-HTTPS interfaces are present on the host.
@@ -271,8 +271,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -316,8 +317,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -361,8 +363,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -385,11 +388,9 @@ If you disable or do not configure this policy setting, the local host setting i
If you enable this policy setting, you can configure ISATAP with one of the following settings:
-Policy Default State: No ISATAP interfaces are present on the host.
-
-Policy Enabled State: If the ISATAP name is resolved successfully, the host will have ISATAP configured with a link-local address and an address for each prefix received from the ISATAP router through stateless address auto-configuration. If the ISATAP name is not resolved successfully, the host will have an ISATAP interface configured with a link-local address.
-
-Policy Disabled State: No ISATAP interfaces are present on the host.
+- Policy Default State: No ISATAP interfaces are present on the host.
+- Policy Enabled State: If the ISATAP name is resolved successfully, the host will have ISATAP configured with a link-local address and an address for each prefix received from the ISATAP router through stateless address auto-configuration. If the ISATAP name is not resolved successfully, the host will have an ISATAP interface configured with a link-local address.
+- Policy Disabled State: No ISATAP interfaces are present on the host.
@@ -412,8 +413,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -457,8 +459,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -504,8 +507,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -552,8 +556,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -597,8 +602,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -621,13 +627,10 @@ If you disable or do not configure this policy setting, the local host settings
If you enable this policy setting, you can configure Teredo with one of the following settings:
-Default: The default state is "Client."
-
-Disabled: No Teredo interfaces are present on the host.
-
-Client: The Teredo interface is present only when the host is not on a network that includes a domain controller.
-
-Enterprise Client: The Teredo interface is always present, even if the host is on a network that includes a domain controller.
+- Default: The default state is "Client."
+- Disabled: No Teredo interfaces are present on the host.
+- Client: The Teredo interface is present only when the host is not on a network that includes a domain controller.
+- Enterprise Client: The Teredo interface is always present, even if the host is on a network that includes a domain controller.
@@ -650,8 +653,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -692,3 +696,7 @@ ADMX Info:
>
+
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md
index 9dedd54d73..3f070da798 100644
--- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md
+++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_TerminalServer
-description: Policy CSP - ADMX_TerminalServer
+description: Learn about Policy CSP - ADMX_TerminalServer.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -309,8 +309,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -356,8 +357,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -403,8 +405,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -455,8 +458,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -480,8 +484,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -531,8 +536,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -551,7 +557,7 @@ ADMX Info:
This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one that is issued by an authority recognized by the client, such as the issuers in the client's Third-Party Root Certification Authorities certificate store.
-This policy setting also controls whether the user can start an RDP session by using default .rdp settings (for example, when a user directly opens the Remote Desktop Connection [RDC] client without specifying a .rdp file).
+This policy setting also controls whether the user can start an RDP session by using default .rdp settings (for example, when a user directly opens the Remote Desktop Connection (RDC) client without specifying a .rdp file).
If you enable or don't configure this policy setting, users can run .rdp files that are signed with a valid certificate. Users can also start an RDP session with default .rdp settings by directly opening the RDC client. When a user starts an RDP session, the user is asked to confirm whether they want to connect.
@@ -583,8 +589,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -630,8 +637,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -677,8 +685,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -728,8 +737,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -777,8 +787,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -828,8 +839,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -879,8 +891,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -930,8 +943,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -981,8 +995,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1028,8 +1043,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1075,8 +1091,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1122,8 +1139,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1172,8 +1190,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1221,8 +1240,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1275,8 +1295,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1329,8 +1350,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1376,8 +1398,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1431,8 +1454,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1483,8 +1507,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1531,8 +1556,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1581,8 +1607,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1631,8 +1658,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1681,8 +1709,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1732,8 +1761,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1787,8 +1817,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1836,8 +1867,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1888,8 +1920,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1937,8 +1970,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1991,8 +2025,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2044,8 +2079,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2093,8 +2129,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2145,8 +2182,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2196,8 +2234,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2245,8 +2284,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2265,10 +2305,10 @@ ADMX Info:
This policy setting allows you to specify the type of Remote Desktop Services client access license (RDS CAL) that is required to connect to this RD Session Host server.
-You can use this policy setting to select one of three licensing modes: Per User, Per Device, and AAD Per User.
+You can use this policy setting to select one of three licensing modes: Per User, Per Device, and Azure Active Directory Per User.
- Per User licensing mode requires that each user account connecting to this RD Session Host server have an RDS Per User CAL issued from an RD Licensing server.
- Per Device licensing mode requires that each device connecting to this RD Session Host server have an RDS Per Device CAL issued from an RD Licensing server.
-- AAD Per User licensing mode requires that each user account connecting to this RD Session Host server have a service plan that supports RDS licenses assigned in AAD.
+- Azure AD Per User licensing mode requires that each user account connecting to this RD Session Host server have a service plan that supports RDS licenses assigned in Azure AD.
If you enable this policy setting, the Remote Desktop licensing mode that you specify is honored by the Remote Desktop license server and RD Session Host.
@@ -2297,8 +2337,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2351,8 +2392,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2398,8 +2440,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2445,8 +2488,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2497,8 +2541,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2544,8 +2589,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2597,8 +2643,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2649,8 +2696,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2699,8 +2747,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2747,8 +2796,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2793,8 +2843,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2839,8 +2890,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2889,8 +2941,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2941,8 +2994,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2991,8 +3045,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3045,8 +3100,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3097,8 +3153,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3149,8 +3206,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3198,8 +3256,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3246,8 +3305,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3269,9 +3329,7 @@ This policy setting allows you to specify whether the client will establish a co
- If you enable this policy setting, you must specify one of the following settings:
- Always connect, even if authentication fails: The client connects to the RD Session Host server even if the client can't authenticate the RD Session Host server.
-
- Warn me if authentication fails: The client attempts to authenticate the RD Session Host server. If the RD Session Host server can be authenticated, the client establishes a connection to the RD Session Host server. If the RD Session Host server can't be authenticated, the user is prompted to choose whether to connect to the RD Session Host server without authenticating the RD Session Host server.
-
- don't connect if authentication fails: The client establishes a connection to the RD Session Host server only if the RD Session Host server can be authenticated.
- If you disable or don't configure this policy setting, the authentication setting that is specified in Remote Desktop Connection or in the .rdp file determines whether the client establishes a connection to the RD Session Host server when the client can't authenticate the RD Session Host server.
@@ -3299,8 +3357,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3346,8 +3405,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3391,8 +3451,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3444,8 +3505,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3496,8 +3558,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3544,8 +3607,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3592,8 +3656,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3639,8 +3704,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3686,8 +3752,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3739,8 +3806,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3792,8 +3860,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3843,8 +3912,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3894,8 +3964,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3946,8 +4017,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3998,8 +4070,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4051,8 +4124,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4104,8 +4178,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4152,8 +4227,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4202,8 +4278,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4252,8 +4329,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4302,8 +4380,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4352,8 +4431,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4401,8 +4481,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4451,8 +4532,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4501,8 +4583,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4551,8 +4634,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4600,8 +4684,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4619,7 +4704,9 @@ ADMX Info:
This policy setting allows you to permit RDP redirection of other supported RemoteFX USB devices from this computer. Redirected RemoteFX USB devices won't be available for local usage on this computer.
+
If you enable this policy setting, you can choose to give the ability to redirect other supported RemoteFX USB devices over RDP to all users or only to users who are in the Administrators group on the computer.
+
If you disable or don't configure this policy setting, other supported RemoteFX USB devices aren't available for RDP redirection by using any user account. For this change to take effect, you must restart Windows.
@@ -4645,8 +4732,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4694,8 +4782,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4745,8 +4834,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4795,8 +4885,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4840,3 +4931,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-thumbnails.md b/windows/client-management/mdm/policy-csp-admx-thumbnails.md
index cad32638c6..4cbe4a167f 100644
--- a/windows/client-management/mdm/policy-csp-admx-thumbnails.md
+++ b/windows/client-management/mdm/policy-csp-admx-thumbnails.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_Thumbnails
-description: Policy CSP - ADMX_Thumbnails
+description: Learn about Policy CSP - ADMX_Thumbnails.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -48,8 +48,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -95,8 +96,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -142,8 +144,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -160,7 +163,7 @@ ADMX Info:
-Turns off the caching of thumbnails in hidden thumbs.db files.
+This policy setting turns off the caching of thumbnails in hidden thumbs.db files.
This policy setting allows you to configure File Explorer to cache thumbnails of items residing in network folders in hidden thumbs.db files.
@@ -184,3 +187,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-touchinput.md b/windows/client-management/mdm/policy-csp-admx-touchinput.md
index 4f7283a5a7..477fec0b8c 100644
--- a/windows/client-management/mdm/policy-csp-admx-touchinput.md
+++ b/windows/client-management/mdm/policy-csp-admx-touchinput.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_TouchInput
-description: Policy CSP - ADMX_TouchInput
+description: Learn about Policy CSP - ADMX_TouchInput.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -52,8 +52,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -70,12 +71,16 @@ manager: dansimp
-Turn off Tablet PC touch input Turns off touch input, which allows the user to interact with their computer using their finger.
+This setting turns off Tablet PC touch input Turns off touch input, which allows the user to interact with their computer using their finger.
-- If you enable this setting, the user won't be able to produce input with touch. They won't be able to use touch input or touch gestures such as tap and double tap, the touch pointer, and other touch-specific features.
-- If you disable this setting, the user can produce input with touch, by using gestures, the touch pointer, and other-touch specific features.
+If you enable this setting, the user won't be able to produce input with touch. They won't be able to use touch input or touch gestures such as tap and double tap, the touch pointer, and other touch-specific features.
-If you don't configure this setting, touch input is on by default. Note: Changes to this setting won't take effect until the user signs out.
+If you disable this setting, the user can produce input with touch, by using gestures, the touch pointer, and other-touch specific features.
+
+If you don't configure this setting, touch input is on by default.
+
+>[!NOTE]
+> Changes to this setting won't take effect until the user signs out.
@@ -96,8 +101,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -114,12 +120,16 @@ ADMX Info:
-Turn off Tablet PC touch input Turns off touch input, which allows the user to interact with their computer using their finger.
+This setting turns off Tablet PC touch input Turns off touch input, which allows the user to interact with their computer using their finger.
-- If you enable this setting, the user won't be able to produce input with touch. They won't be able to use touch input or touch gestures such as tap and double tap, the touch pointer, and other touch-specific features.
-- If you disable this setting, the user can produce input with touch, by using gestures, the touch pointer, and other-touch specific features.
+If you enable this setting, the user won't be able to produce input with touch. They won't be able to use touch input or touch gestures such as tap and double tap, the touch pointer, and other touch-specific features.
-If you don't configure this setting, touch input is on by default. Note: Changes to this setting won't take effect until the user signs out.
+If you disable this setting, the user can produce input with touch, by using gestures, the touch pointer, and other-touch specific features.
+
+If you don't configure this setting, touch input is on by default.
+
+>[!NOTE]
+>Changes to this setting won't take effect until the user signs out.
@@ -143,8 +153,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -161,11 +172,11 @@ ADMX Info:
-Turn off Panning Turns off touch panning, which allows users pan inside windows by touch. On a compatible PC with a touch digitizer, by default users are able to scroll or pan inside a scrolling area by dragging up or down directly on the scrolling content.
+This setting turns off touch panning, which allows users pan inside windows by touch. On a compatible PC with a touch digitizer, by default users are able to scroll or pan inside a scrolling area by dragging up or down directly on the scrolling content.
-- If you enable this setting, the user won't be able to pan windows by touch.
+If you enable this setting, the user won't be able to pan windows by touch.
-- If you disable this setting, the user can pan windows by touch. If you don't configure this setting, Touch Panning is on by default.
+If you disable this setting, the user can pan windows by touch. If you don't configure this setting, Touch Panning is on by default.
> [!NOTE]
> Changes to this setting won't take effect until the user logs off.
@@ -190,8 +201,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -208,11 +220,11 @@ ADMX Info:
-Turn off Panning Turns off touch panning, which allows users pan inside windows by touch. On a compatible PC with a touch digitizer, by default users are able to scroll or pan inside a scrolling area by dragging up or down directly on the scrolling content.
+This setting turns off touch panning, which allows users pan inside windows by touch. On a compatible PC with a touch digitizer, by default users are able to scroll or pan inside a scrolling area by dragging up or down directly on the scrolling content.
-- If you enable this setting, the user won't be able to pan windows by touch.
+If you enable this setting, the user won't be able to pan windows by touch.
-- If you disable this setting, the user can pan windows by touch. If you don't configure this setting, Touch Panning is on by default.
+If you disable this setting, the user can pan windows by touch. If you don't configure this setting, Touch Panning is on by default.
> [!NOTE]
> Changes to this setting won't take effect until the user logs off.
@@ -233,3 +245,7 @@ ADMX Info:
+
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-tpm.md b/windows/client-management/mdm/policy-csp-admx-tpm.md
index cc8d6387aa..c7e72a4d44 100644
--- a/windows/client-management/mdm/policy-csp-admx-tpm.md
+++ b/windows/client-management/mdm/policy-csp-admx-tpm.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_TPM
-description: Policy CSP - ADMX_TPM
+description: Learn about Policy CSP - ADMX_TPM.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -69,8 +69,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -114,8 +115,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -155,8 +157,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -202,8 +205,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -249,8 +253,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -303,8 +308,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -321,7 +327,7 @@ ADMX Info:
-This Policy enables Device Health Attestation reporting (DHA-report) on supported devices. It enables supported devices to send Device Health Attestation related information (device boot logs, PCR values, TPM certificate, etc.) to Device Health Attestation Service (DHA-Service) every time a device starts. Device Health Attestation Service validates the security state and health of the devices, and makes the findings accessible to enterprise administrators via a cloud based reporting portal. This policy is independent of DHA reports that are initiated by device manageability solutions (like MDM or SCCM), and won't interfere with their workflows.
+This Policy enables Device Health Attestation reporting (DHA-report) on supported devices. It enables supported devices to send Device Health Attestation related information (device boot logs, PCR values, TPM certificate, etc.) to Device Health Attestation Service (DHA-Service) every time a device starts. Device Health Attestation Service validates the security state and health of the devices, and makes the findings accessible to enterprise administrators via a cloud based reporting portal. This policy is independent of DHA reports that are initiated by device manageability solutions (like MDM or Configuration Manager), and won't interfere with their workflows.
@@ -344,8 +350,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -401,8 +408,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -460,8 +468,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -519,8 +528,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -555,3 +565,7 @@ ADMX Info:
+
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md
index 25e8620306..1b4c199855 100644
--- a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md
+++ b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_UserExperienceVirtualization
-description: Policy CSP - ADMX_UserExperienceVirtualization
+description: Learn about Policy CSP - ADMX_UserExperienceVirtualization.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -417,8 +417,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -444,7 +445,7 @@ If you enable this policy setting, the Calculator user settings continue to sync
If you disable this policy setting, Calculator user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -467,8 +468,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -499,7 +501,7 @@ With notifications enabled, UE-V users receive a message when the settings sync
If you disable this policy setting, the sync provider is used to synchronize settings between computers and the settings storage location.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -522,8 +524,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -551,7 +554,7 @@ If you enable this policy setting, the UE-V rollback state is copied to the sett
If you disable this policy setting, no UE-V rollback state is copied to the settings storage location.
-If you do not configure this policy, no UE-V rollback state is copied to the settings storage location.
+If you don't configure this policy, no UE-V rollback state is copied to the settings storage location.
@@ -573,8 +576,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -595,9 +599,9 @@ This policy setting specifies the text of the Contact IT URL hyperlink in the Co
If you enable this policy setting, the Company Settings Center displays the specified text in the link to the Contact IT URL.
-If you disable this policy setting, the Company Settings Center does not display an IT Contact link.
+If you disable this policy setting, the Company Settings Center doesn't display an IT Contact link.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -620,8 +624,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -642,9 +647,9 @@ This policy setting specifies the URL for the Contact IT link in the Company Set
If you enable this policy setting, the Company Settings Center Contact IT text links to the specified URL. The link can be of any standard protocol such as http or mailto.
-If you disable this policy setting, the Company Settings Center does not display an IT Contact link.
+If you disable this policy setting, the Company Settings Center doesn't display an IT Contact link.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -666,8 +671,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -689,20 +695,20 @@ This policy setting defines whether the User Experience Virtualization (UE-V) Ag
By default, the UE-V Agent synchronizes settings for Windows apps between the computer and the settings storage location.
-If you enable this policy setting, the UE-V Agent will not synchronize settings for Windows apps.
+If you enable this policy setting, the UE-V Agent won't synchronize settings for Windows apps.
If you disable this policy setting, the UE-V Agent will synchronize settings for Windows apps.
-If you do not configure this policy setting, any defined values are deleted.
+If you don't configure this policy setting, any defined values are deleted.
> [!NOTE]
-> If the user connects their Microsoft account for their computer then the UE-V Agent will not synchronize Windows apps. The Windows apps will default to whatever settings are configured in the Sync your settings configuration in Windows.
+> If the user connects their Microsoft account for their computer then the UE-V Agent won't synchronize Windows apps. The Windows apps will default to whatever settings are configured in the Sync your settings configuration in Windows.
ADMX Info:
-- GP Friendly name: *Do not synchronize Windows Apps*
+- GP Friendly name: *don't synchronize Windows Apps*
- GP name: *DisableWin8Sync*
- GP path: *Windows Components\Microsoft User Experience Virtualization*
- GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -719,8 +725,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -744,7 +751,7 @@ If you enable this policy setting, only the selected Windows settings synchroniz
If you disable this policy setting, all Windows Settings are excluded from the settings synchronization.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -767,8 +774,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -810,8 +818,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -835,7 +844,7 @@ If you enable this policy setting, Finance user settings continue to sync.
If you disable this policy setting, Finance user settings are excluded from synchronization.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -858,8 +867,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -882,7 +892,7 @@ With this setting enabled, the notification appears the first time that the UE-V
With this setting disabled, no notification appears.
-If you do not configure this policy setting, any defined values are deleted.
+If you don't configure this policy setting, any defined values are deleted.
@@ -905,8 +915,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -930,7 +941,7 @@ If you enable this policy setting, Games user settings continue to sync.
If you disable this policy setting, Games user settings are excluded from synchronization.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -953,8 +964,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -980,7 +992,7 @@ If you enable this policy setting, the Internet Explorer 8 user settings continu
If you disable this policy setting, Internet Explorer 8 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -1003,8 +1015,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1028,7 +1041,7 @@ If you enable this policy setting, the Internet Explorer 9 user settings continu
If you disable this policy setting, Internet Explorer 9 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -1052,8 +1065,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1077,7 +1091,7 @@ If you enable this policy setting, the Internet Explorer 10 user settings contin
If you disable this policy setting, Internet Explorer 10 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -1100,8 +1114,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1125,7 +1140,7 @@ If you enable this policy setting, the Internet Explorer 11 user settings contin
If you disable this policy setting, Internet Explorer 11 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -1148,8 +1163,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1174,7 +1190,7 @@ If you enable this policy setting, the user settings which are common between th
If you disable this policy setting, the user settings which are common between the versions of Internet Explorer are excluded from settings synchronization. If any version of the Internet Explorer settings are enabled this policy setting should not be disabled.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -1196,8 +1212,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1221,7 +1238,7 @@ If you enable this policy setting, Maps user settings continue to sync.
If you disable this policy setting, Maps user settings are excluded from synchronization.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -1244,8 +1261,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1263,11 +1281,11 @@ ADMX Info:
-This policy setting allows you to configure the UE-V Agent to write a warning event to the event log when a settings package file size reaches a defined threshold. By default the UE-V Agent does not report information about package file size.
+This policy setting allows you to configure the UE-V Agent to write a warning event to the event log when a settings package file size reaches a defined threshold. By default the UE-V Agent doesn't report information about package file size.
If you enable this policy setting, specify the threshold file size in bytes. When the settings package file exceeds this threshold the UE-V Agent will write a warning event to the event log.
-If you disable or do not configure this policy setting, no event is written to the event log to report settings package size.
+If you disable or don't configure this policy setting, no event is written to the event log to report settings package size.
@@ -1290,8 +1308,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1315,7 +1334,7 @@ If you enable this policy setting, Microsoft Access 2010 user settings continue
If you disable this policy setting, Microsoft Access 2010 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -1338,8 +1357,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1363,7 +1383,7 @@ If you enable this policy setting, the user settings which are common between th
If you disable this policy setting, the user settings which are common between the Microsoft Office Suite 2010 applications are excluded from the synchronization settings. If any of the Microsoft Office Suite 2010 applications are enabled, this policy setting should not be disabled
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -1386,8 +1406,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1411,7 +1432,7 @@ If you enable this policy setting, Microsoft Excel 2010 user settings continue t
If you disable this policy setting, Microsoft Excel 2010 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -1434,8 +1455,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1459,7 +1481,7 @@ If you enable this policy setting, Microsoft InfoPath 2010 user settings continu
If you disable this policy setting, Microsoft InfoPath 2010 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -1483,8 +1505,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1508,7 +1531,7 @@ If you enable this policy setting, Microsoft Lync 2010 user settings continue to
If you disable this policy setting, Microsoft Lync 2010 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -1531,8 +1554,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1556,7 +1580,7 @@ If you enable this policy setting, Microsoft OneNote 2010 user settings continue
If you disable this policy setting, Microsoft OneNote 2010 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -1578,8 +1602,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1603,7 +1628,7 @@ If you enable this policy setting, Microsoft Outlook 2010 user settings continue
If you disable this policy setting, Microsoft Outlook 2010 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -1626,8 +1651,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1651,7 +1677,7 @@ If you enable this policy setting, Microsoft PowerPoint 2010 user settings conti
If you disable this policy setting, Microsoft PowerPoint 2010 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -1675,8 +1701,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1700,7 +1727,7 @@ If you enable this policy setting, Microsoft Project 2010 user settings continue
If you disable this policy setting, Microsoft Project 2010 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -1723,8 +1750,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1748,7 +1776,7 @@ If you enable this policy setting, Microsoft Publisher 2010 user settings contin
If you disable this policy setting, Microsoft Publisher 2010 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -1772,8 +1800,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1797,7 +1826,7 @@ If you enable this policy setting, Microsoft SharePoint Designer 2010 user setti
If you disable this policy setting, Microsoft SharePoint Designer 2010 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -1820,8 +1849,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1845,7 +1875,7 @@ If you enable this policy setting, Microsoft SharePoint Workspace 2010 user sett
If you disable this policy setting, Microsoft SharePoint Workspace 2010 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -1869,8 +1899,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1894,7 +1925,7 @@ If you enable this policy setting, Microsoft Visio 2010 user settings continue t
If you disable this policy setting, Microsoft Visio 2010 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -1917,8 +1948,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1942,7 +1974,7 @@ If you enable this policy setting, Microsoft Word 2010 user settings continue to
If you disable this policy setting, Microsoft Word 2010 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -1965,8 +1997,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1990,7 +2023,7 @@ If you enable this policy setting, Microsoft Access 2013 user settings continue
If you disable this policy setting, Microsoft Access 2013 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -2012,8 +2045,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2035,9 +2069,9 @@ This policy setting configures the backup of certain user settings for Microsoft
If you enable this policy setting, certain user settings of Microsoft Access 2013 will continue to be backed up.
-If you disable this policy setting, certain user settings of Microsoft Access 2013 will not be backed up.
+If you disable this policy setting, certain user settings of Microsoft Access 2013 won't be backed up.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -2060,8 +2094,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2085,7 +2120,7 @@ If you enable this policy setting, the user settings which are common between th
If you disable this policy setting, the user settings which are common between the Microsoft Office Suite 2013 applications are excluded from the synchronization settings. If any of the Microsoft Office Suite 2013 applications are enabled, this policy setting should not be disabled.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -2108,8 +2143,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2128,13 +2164,14 @@ ADMX Info:
This policy setting configures the backup of certain user settings which are common between the Microsoft Office Suite 2013 applications.
+
Microsoft Office Suite 2013 has user settings which are common between applications and are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific common Microsoft Office Suite 2013 applications.
If you enable this policy setting, certain user settings which are common between the Microsoft Office Suite 2013 applications will continue to be backed up.
-If you disable this policy setting, certain user settings which are common between the Microsoft Office Suite 2013 applications will not be backed up.
+If you disable this policy setting, certain user settings which are common between the Microsoft Office Suite 2013 applications won't be backed up.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -2157,8 +2194,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2184,7 +2222,7 @@ If you enable this policy setting, Microsoft Excel 2013 user settings continue t
If you disable this policy setting, Microsoft Excel 2013 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -2206,8 +2244,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2229,9 +2268,9 @@ This policy setting configures the backup of certain user settings for Microsoft
If you enable this policy setting, certain user settings of Microsoft Excel 2013 will continue to be backed up.
-If you disable this policy setting, certain user settings of Microsoft Excel 2013 will not be backed up.
+If you disable this policy setting, certain user settings of Microsoft Excel 2013 won't be backed up.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -2254,8 +2293,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2279,7 +2319,7 @@ If you enable this policy setting, Microsoft InfoPath 2013 user settings continu
If you disable this policy setting, Microsoft InfoPath 2013 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -2302,8 +2342,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2325,9 +2366,9 @@ This policy setting configures the backup of certain user settings for Microsoft
If you enable this policy setting, certain user settings of Microsoft InfoPath 2013 will continue to be backed up.
-If you disable this policy setting, certain user settings of Microsoft InfoPath 2013 will not be backed up.
+If you disable this policy setting, certain user settings of Microsoft InfoPath 2013 won't be backed up.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -2351,8 +2392,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2376,7 +2418,7 @@ If you enable this policy setting, Microsoft Lync 2013 user settings continue to
If you disable this policy setting, Microsoft Lync 2013 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -2399,8 +2441,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2422,9 +2465,9 @@ This policy setting configures the backup of certain user settings for Microsoft
If you enable this policy setting, certain user settings of Microsoft Lync 2013 will continue to be backed up.
-If you disable this policy setting, certain user settings of Microsoft Lync 2013 will not be backed up.
+If you disable this policy setting, certain user settings of Microsoft Lync 2013 won't be backed up.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -2448,8 +2491,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2473,7 +2517,7 @@ If you enable this policy setting, OneDrive for Business 2013 user settings cont
If you disable this policy setting, OneDrive for Business 2013 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -2497,8 +2541,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2522,7 +2567,7 @@ If you enable this policy setting, Microsoft OneNote 2013 user settings continue
If you disable this policy setting, Microsoft OneNote 2013 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -2546,8 +2591,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2569,9 +2615,9 @@ This policy setting configures the backup of certain user settings for Microsoft
If you enable this policy setting, certain user settings of Microsoft OneNote 2013 will continue to be backed up.
-If you disable this policy setting, certain user settings of Microsoft OneNote 2013 will not be backed up.
+If you disable this policy setting, certain user settings of Microsoft OneNote 2013 won't be backed up.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -2595,8 +2641,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2620,7 +2667,7 @@ If you enable this policy setting, Microsoft Outlook 2013 user settings continue
If you disable this policy setting, Microsoft Outlook 2013 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -2643,8 +2690,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2666,9 +2714,9 @@ This policy setting configures the backup of certain user settings for Microsoft
If you enable this policy setting, certain user settings of Microsoft Outlook 2013 will continue to be backed up.
-If you disable this policy setting, certain user settings of Microsoft Outlook 2013 will not be backed up.
+If you disable this policy setting, certain user settings of Microsoft Outlook 2013 won't be backed up.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -2692,8 +2740,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2717,7 +2766,7 @@ If you enable this policy setting, Microsoft PowerPoint 2013 user settings conti
If you disable this policy setting, Microsoft PowerPoint 2013 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -2741,8 +2790,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2764,9 +2814,9 @@ This policy setting configures the backup of certain user settings for Microsoft
If you enable this policy setting, certain user settings of Microsoft PowerPoint 2013 will continue to be backed up.
-If you disable this policy setting, certain user settings of Microsoft PowerPoint 2013 will not be backed up.
+If you disable this policy setting, certain user settings of Microsoft PowerPoint 2013 won't be backed up.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -2790,8 +2840,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2815,7 +2866,7 @@ If you enable this policy setting, Microsoft Project 2013 user settings continue
If you disable this policy setting, Microsoft Project 2013 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -2838,8 +2889,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2861,9 +2913,9 @@ This policy setting configures the backup of certain user settings for Microsoft
If you enable this policy setting, certain user settings of Microsoft Project 2013 will continue to be backed up.
-If you disable this policy setting, certain user settings of Microsoft Project 2013 will not be backed up.
+If you disable this policy setting, certain user settings of Microsoft Project 2013 won't be backed up.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -2886,8 +2938,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2911,7 +2964,7 @@ If you enable this policy setting, Microsoft Publisher 2013 user settings contin
If you disable this policy setting, Microsoft Publisher 2013 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -2935,8 +2988,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2958,9 +3012,9 @@ This policy setting configures the backup of certain user settings for Microsoft
If you enable this policy setting, certain user settings of Microsoft Publisher 2013 will continue to be backed up.
-If you disable this policy setting, certain user settings of Microsoft Publisher 2013 will not be backed up.
+If you disable this policy setting, certain user settings of Microsoft Publisher 2013 won't be backed up.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -2984,8 +3038,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3009,7 +3064,7 @@ If you enable this policy setting, Microsoft SharePoint Designer 2013 user setti
If you disable this policy setting, Microsoft SharePoint Designer 2013 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -3033,8 +3088,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3056,9 +3112,9 @@ This policy setting configures the backup of certain user settings for Microsoft
If you enable this policy setting, certain user settings of Microsoft SharePoint Designer 2013 will continue to be backed up.
-If you disable this policy setting, certain user settings of Microsoft SharePoint Designer 2013 will not be backed up.
+If you disable this policy setting, certain user settings of Microsoft SharePoint Designer 2013 won't be backed up.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -3082,8 +3138,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3107,7 +3164,7 @@ If you enable this policy setting, Microsoft Office 2013 Upload Center user sett
If you disable this policy setting, Microsoft Office 2013 Upload Center user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -3130,8 +3187,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3155,7 +3213,7 @@ If you enable this policy setting, Microsoft Visio 2013 user settings continue t
If you disable this policy setting, Microsoft Visio 2013 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -3179,8 +3237,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3202,9 +3261,9 @@ This policy setting configures the backup of certain user settings for Microsoft
If you enable this policy setting, certain user settings of Microsoft Visio 2013 will continue to be backed up.
-If you disable this policy setting, certain user settings of Microsoft Visio 2013 will not be backed up.
+If you disable this policy setting, certain user settings of Microsoft Visio 2013 won't be backed up.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -3228,8 +3287,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3253,7 +3313,7 @@ If you enable this policy setting, Microsoft Word 2013 user settings continue to
If you disable this policy setting, Microsoft Word 2013 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -3276,8 +3336,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3299,9 +3360,9 @@ This policy setting configures the backup of certain user settings for Microsoft
If you enable this policy setting, certain user settings of Microsoft Word 2013 will continue to be backed up.
-If you disable this policy setting, certain user settings of Microsoft Word 2013 will not be backed up.
+If you disable this policy setting, certain user settings of Microsoft Word 2013 won't be backed up.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -3324,8 +3385,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3349,7 +3411,7 @@ If you enable this policy setting, Microsoft Access 2016 user settings continue
If you disable this policy setting, Microsoft Access 2016 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -3372,8 +3434,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3395,9 +3458,9 @@ This policy setting configures the backup of certain user settings for Microsoft
If you enable this policy setting, certain user settings of Microsoft Access 2016 will continue to be backed up.
-If you disable this policy setting, certain user settings of Microsoft Access 2016 will not be backed up.
+If you disable this policy setting, certain user settings of Microsoft Access 2016 won't be backed up.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -3421,8 +3484,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3446,7 +3510,7 @@ If you enable this policy setting, the user settings which are common between th
If you disable this policy setting, the user settings which are common between the Microsoft Office Suite 2016 applications are excluded from the synchronization settings. If any of the Microsoft Office Suite 2016 applications are enabled, this policy setting should not be disabled.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -3470,8 +3534,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3494,9 +3559,9 @@ Microsoft Office Suite 2016 has user settings which are common between applicati
If you enable this policy setting, certain user settings which are common between the Microsoft Office Suite 2016 applications will continue to be backed up.
-If you disable this policy setting, certain user settings which are common between the Microsoft Office Suite 2016 applications will not be backed up.
+If you disable this policy setting, certain user settings which are common between the Microsoft Office Suite 2016 applications won't be backed up.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -3520,8 +3585,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3545,7 +3611,7 @@ If you enable this policy setting, Microsoft Excel 2016 user settings continue t
If you disable this policy setting, Microsoft Excel 2016 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -3569,8 +3635,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3592,9 +3659,9 @@ This policy setting configures the backup of certain user settings for Microsoft
If you enable this policy setting, certain user settings of Microsoft Excel 2016 will continue to be backed up.
-If you disable this policy setting, certain user settings of Microsoft Excel 2016 will not be backed up.
+If you disable this policy setting, certain user settings of Microsoft Excel 2016 won't be backed up.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -3618,8 +3685,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3643,7 +3711,7 @@ If you enable this policy setting, Microsoft Lync 2016 user settings continue to
If you disable this policy setting, Microsoft Lync 2016 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -3667,8 +3735,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3690,9 +3759,9 @@ This policy setting configures the backup of certain user settings for Microsoft
If you enable this policy setting, certain user settings of Microsoft Lync 2016 will continue to be backed up.
-If you disable this policy setting, certain user settings of Microsoft Lync 2016 will not be backed up.
+If you disable this policy setting, certain user settings of Microsoft Lync 2016 won't be backed up.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -3716,8 +3785,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3741,7 +3811,7 @@ If you enable this policy setting, OneDrive for Business 2016 user settings cont
If you disable this policy setting, OneDrive for Business 2016 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -3765,8 +3835,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3790,7 +3861,7 @@ If you enable this policy setting, Microsoft OneNote 2016 user settings continue
If you disable this policy setting, Microsoft OneNote 2016 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -3813,8 +3884,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3836,9 +3908,9 @@ This policy setting configures the backup of certain user settings for Microsoft
If you enable this policy setting, certain user settings of Microsoft OneNote 2016 will continue to be backed up.
-If you disable this policy setting, certain user settings of Microsoft OneNote 2016 will not be backed up.
+If you disable this policy setting, certain user settings of Microsoft OneNote 2016 won't be backed up.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -3862,8 +3934,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3887,7 +3960,7 @@ If you enable this policy setting, Microsoft Outlook 2016 user settings continue
If you disable this policy setting, Microsoft Outlook 2016 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -3910,8 +3983,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3933,9 +4007,9 @@ This policy setting configures the backup of certain user settings for Microsoft
If you enable this policy setting, certain user settings of Microsoft Outlook 2016 will continue to be backed up.
-If you disable this policy setting, certain user settings of Microsoft Outlook 2016 will not be backed up.
+If you disable this policy setting, certain user settings of Microsoft Outlook 2016 won't be backed up.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -3959,8 +4033,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3984,7 +4059,7 @@ If you enable this policy setting, Microsoft PowerPoint 2016 user settings conti
If you disable this policy setting, Microsoft PowerPoint 2016 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -4007,8 +4082,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4030,9 +4106,9 @@ This policy setting configures the backup of certain user settings for Microsoft
If you enable this policy setting, certain user settings of Microsoft PowerPoint 2016 will continue to be backed up.
-If you disable this policy setting, certain user settings of Microsoft PowerPoint 2016 will not be backed up.
+If you disable this policy setting, certain user settings of Microsoft PowerPoint 2016 won't be backed up.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -4055,8 +4131,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4081,7 +4158,7 @@ If you enable this policy setting, Microsoft Project 2016 user settings continue
If you disable this policy setting, Microsoft Project 2016 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -4105,8 +4182,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4128,9 +4206,9 @@ This policy setting configures the backup of certain user settings for Microsoft
If you enable this policy setting, certain user settings of Microsoft Project 2016 will continue to be backed up.
-If you disable this policy setting, certain user settings of Microsoft Project 2016 will not be backed up.
+If you disable this policy setting, certain user settings of Microsoft Project 2016 won't be backed up.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -4153,8 +4231,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4178,7 +4257,7 @@ If you enable this policy setting, Microsoft Publisher 2016 user settings contin
If you disable this policy setting, Microsoft Publisher 2016 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -4202,8 +4281,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4225,9 +4305,9 @@ This policy setting configures the backup of certain user settings for Microsoft
If you enable this policy setting, certain user settings of Microsoft Publisher 2016 will continue to be backed up.
-If you disable this policy setting, certain user settings of Microsoft Publisher 2016 will not be backed up.
+If you disable this policy setting, certain user settings of Microsoft Publisher 2016 won't be backed up.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -4251,8 +4331,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4276,7 +4357,7 @@ If you enable this policy setting, Microsoft Office 2016 Upload Center user sett
If you disable this policy setting, Microsoft Office 2016 Upload Center user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -4300,8 +4381,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4325,7 +4407,7 @@ If you enable this policy setting, Microsoft Visio 2016 user settings continue t
If you disable this policy setting, Microsoft Visio 2016 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -4348,8 +4430,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4371,9 +4454,9 @@ This policy setting configures the backup of certain user settings for Microsoft
If you enable this policy setting, certain user settings of Microsoft Visio 2016 will continue to be backed up.
-If you disable this policy setting, certain user settings of Microsoft Visio 2016 will not be backed up.
+If you disable this policy setting, certain user settings of Microsoft Visio 2016 won't be backed up.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -4397,8 +4480,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4422,7 +4506,7 @@ If you enable this policy setting, Microsoft Word 2016 user settings continue to
If you disable this policy setting, Microsoft Word 2016 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -4445,8 +4529,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4468,9 +4553,9 @@ This policy setting configures the backup of certain user settings for Microsoft
If you enable this policy setting, certain user settings of Microsoft Word 2016 will continue to be backed up.
-If you disable this policy setting, certain user settings of Microsoft Word 2016 will not be backed up.
+If you disable this policy setting, certain user settings of Microsoft Word 2016 won't be backed up.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -4494,8 +4579,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4519,7 +4605,7 @@ If you enable this policy setting, Microsoft Office 365 Access 2013 user setting
If you disable this policy setting, Microsoft Office 365 Access 2013 user settings are excluded from synchronization with UE-V.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -4543,8 +4629,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4568,7 +4655,7 @@ If you enable this policy setting, Microsoft Office 365 Access 2016 user setting
If you disable this policy setting, Microsoft Office 365 Access 2016 user settings are excluded from synchronization with UE-V.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -4592,8 +4679,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4617,7 +4705,7 @@ If you enable this policy setting, user settings which are common between the Mi
If you disable this policy setting, user settings which are common between the Microsoft Office Suite 2013 applications are excluded from synchronization with UE-V.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -4641,8 +4729,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4666,7 +4755,7 @@ If you enable this policy setting, user settings which are common between the Mi
If you disable this policy setting, user settings which are common between the Microsoft Office Suite 2016 applications are excluded from synchronization with UE-V.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -4690,8 +4779,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4715,7 +4805,7 @@ If you enable this policy setting, Microsoft Office 365 Excel 2013 user settings
If you disable this policy setting, Microsoft Office 365 Excel 2013 user settings are excluded from synchronization with UE-V.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -4739,8 +4829,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4764,7 +4855,7 @@ If you enable this policy setting, Microsoft Office 365 Excel 2016 user settings
If you disable this policy setting, Microsoft Office 365 Excel 2016 user settings are excluded from synchronization with UE-V.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -4788,8 +4879,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4813,7 +4905,7 @@ If you enable this policy setting, Microsoft Office 365 InfoPath 2013 user setti
If you disable this policy setting, Microsoft Office 365 InfoPath 2013 user settings are excluded from synchronization with UE-V.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -4836,8 +4928,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4861,7 +4954,7 @@ If you enable this policy setting, Microsoft Office 365 Lync 2013 user settings
If you disable this policy setting, Microsoft Office 365 Lync 2013 user settings are excluded from synchronization with UE-V.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -4885,8 +4978,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4910,7 +5004,7 @@ If you enable this policy setting, Microsoft Office 365 Lync 2016 user settings
If you disable this policy setting, Microsoft Office 365 Lync 2016 user settings are excluded from synchronization with UE-V.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -4934,8 +5028,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4959,7 +5054,7 @@ If you enable this policy setting, Microsoft Office 365 OneNote 2013 user settin
If you disable this policy setting, Microsoft Office 365 OneNote 2013 user settings are excluded from synchronization with UE-V.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -4983,8 +5078,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5008,7 +5104,7 @@ If you enable this policy setting, Microsoft Office 365 OneNote 2016 user settin
If you disable this policy setting, Microsoft Office 365 OneNote 2016 user settings are excluded from synchronization with UE-V.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -5032,8 +5128,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5057,7 +5154,7 @@ If you enable this policy setting, Microsoft Office 365 Outlook 2013 user settin
If you disable this policy setting, Microsoft Office 365 Outlook 2013 user settings are excluded from synchronization with UE-V.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -5081,8 +5178,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5106,7 +5204,7 @@ If you enable this policy setting, Microsoft Office 365 Outlook 2016 user settin
If you disable this policy setting, Microsoft Office 365 Outlook 2016 user settings are excluded from synchronization with UE-V.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -5130,8 +5228,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5155,7 +5254,7 @@ If you enable this policy setting, Microsoft Office 365 PowerPoint 2013 user set
If you disable this policy setting, Microsoft Office 365 PowerPoint 2013 user settings are excluded from synchronization with UE-V.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -5179,8 +5278,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5204,7 +5304,7 @@ If you enable this policy setting, Microsoft Office 365 PowerPoint 2016 user set
If you disable this policy setting, Microsoft Office 365 PowerPoint 2016 user settings are excluded from synchronization with UE-V.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -5228,8 +5328,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5253,7 +5354,7 @@ If you enable this policy setting, Microsoft Office 365 Project 2013 user settin
If you disable this policy setting, Microsoft Office 365 Project 2013 user settings are excluded from synchronization with UE-V.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -5277,8 +5378,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5302,7 +5404,7 @@ If you enable this policy setting, Microsoft Office 365 Project 2016 user settin
If you disable this policy setting, Microsoft Office 365 Project 2016 user settings are excluded from synchronization with UE-V.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -5326,8 +5428,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5351,7 +5454,7 @@ If you enable this policy setting, Microsoft Office 365 Publisher 2013 user sett
If you disable this policy setting, Microsoft Office 365 Publisher 2013 user settings are excluded from synchronization with UE-V.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -5375,8 +5478,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5400,7 +5504,7 @@ If you enable this policy setting, Microsoft Office 365 Publisher 2016 user sett
If you disable this policy setting, Microsoft Office 365 Publisher 2016 user settings are excluded from synchronization with UE-V.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -5423,8 +5527,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5448,7 +5553,7 @@ If you enable this policy setting, Microsoft Office 365 SharePoint Designer 2013
If you disable this policy setting, Microsoft Office 365 SharePoint Designer 2013 user settings are excluded from synchronization with UE-V.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -5472,8 +5577,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5497,7 +5603,7 @@ If you enable this policy setting, Microsoft Office 365 Visio 2013 user settings
If you disable this policy setting, Microsoft Office 365 Visio 2013 user settings are excluded from synchronization with UE-V.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -5520,8 +5626,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5545,7 +5652,7 @@ If you enable this policy setting, Microsoft Office 365 Visio 2016 user settings
If you disable this policy setting, Microsoft Office 365 Visio 2016 user settings are excluded from synchronization with UE-V.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -5569,8 +5676,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5594,7 +5702,7 @@ If you enable this policy setting, Microsoft Office 365 Word 2013 user settings
If you disable this policy setting, Microsoft Office 365 Word 2013 user settings are excluded from synchronization with UE-V.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -5618,8 +5726,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5643,7 +5752,7 @@ If you enable this policy setting, Microsoft Office 365 Word 2016 user settings
If you disable this policy setting, Microsoft Office 365 Word 2016 user settings are excluded from synchronization with UE-V.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -5667,8 +5776,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5692,7 +5802,7 @@ If you enable this policy setting, Music user settings continue to sync.
If you disable this policy setting, Music user settings are excluded from the synchronizing settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -5715,8 +5825,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5740,7 +5851,7 @@ If you enable this policy setting, News user settings continue to sync.
If you disable this policy setting, News user settings are excluded from synchronization.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -5764,8 +5875,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5789,7 +5901,7 @@ If you enable this policy setting, the Notepad user settings continue to synchro
If you disable this policy setting, Notepad user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -5813,8 +5925,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5838,7 +5951,7 @@ If you enable this policy setting, Reader user settings continue to sync.
If you disable this policy setting, Reader user settings are excluded from the synchronization.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -5863,8 +5976,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5886,7 +6000,7 @@ This policy setting configures the number of milliseconds that the computer wait
If you enable this policy setting, set the number of milliseconds that the system waits to retrieve settings.
-If you disable or do not configure this policy setting, the default value of 2000 milliseconds is used.
+If you disable or don't configure this policy setting, the default value of 2000 milliseconds is used.
@@ -5910,8 +6024,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5933,7 +6048,7 @@ This policy setting configures where the settings package files that contain use
If you enable this policy setting, the user settings are stored in the specified location.
-If you disable or do not configure this policy setting, the user settings are stored in the user’s home directory if configured for your environment.
+If you disable or don't configure this policy setting, the user settings are stored in the user’s home directory if configured for your environment.
@@ -5957,8 +6072,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5984,9 +6100,9 @@ If you specify a UNC path and leave the option to replace the default Microsoft
If you specify a UNC path and check the option to replace the default Microsoft templates, all of the default Microsoft templates installed by the UE-V Agent will be deleted from the computer and only the templates located in the settings template catalog will be used.
-If you disable this policy setting, the UE-V Agent will not use the custom settings location templates. If you disable this policy setting after it has been enabled, the UE-V Agent will not restore the default Microsoft templates.
+If you disable this policy setting, the UE-V Agent won't use the custom settings location templates. If you disable this policy setting after it has been enabled, the UE-V Agent won't restore the default Microsoft templates.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -6010,8 +6126,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6035,7 +6152,7 @@ If you enable this policy setting, Sports user settings continue to sync.
If you disable this policy setting, Sports user settings are excluded from synchronization.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -6059,8 +6176,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6102,8 +6220,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6121,13 +6240,13 @@ ADMX Info:
-This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings over metered connections. By default, the UE-V Agent does not synchronize settings over a metered connection.
+This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings over metered connections. By default, the UE-V Agent doesn't synchronize settings over a metered connection.
With this setting enabled, the UE-V Agent synchronizes settings over a metered connection.
-With this setting disabled, the UE-V Agent does not synchronize settings over a metered connection.
+With this setting disabled, the UE-V Agent doesn't synchronize settings over a metered connection.
-If you do not configure this policy setting, any defined values are deleted.
+If you don't configure this policy setting, any defined values are deleted.
@@ -6151,8 +6270,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6170,13 +6290,13 @@ ADMX Info:
-This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings over metered connections outside of the home provider network, for example when connected via a roaming connection. By default, the UE-V Agent does not synchronize settings over a metered connection that is roaming.
+This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings over metered connections outside of the home provider network, for example when connected via a roaming connection. By default, the UE-V Agent doesn't synchronize settings over a metered connection that is roaming.
With this setting enabled, the UE-V Agent synchronizes settings over a metered connection that is roaming.
-With this setting disabled, the UE-V Agent will not synchronize settings over a metered connection that is roaming.
+With this setting disabled, the UE-V Agent won't synchronize settings over a metered connection that is roaming.
-If you do not configure this policy setting, any defined values are deleted.
+If you don't configure this policy setting, any defined values are deleted.
@@ -6200,8 +6320,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6225,7 +6346,7 @@ If you enable this policy setting, the sync provider pings the settings storage
If you disable this policy setting, the sync provider doesn’t ping the settings storage location before synchronizing settings packages.
-If you do not configure this policy, any defined values will be deleted.
+If you don't configure this policy, any defined values will be deleted.
@@ -6249,8 +6370,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6273,7 +6395,7 @@ With this setting enabled, the settings of all Windows apps not expressly disabl
With this setting disabled, only the settings of the Windows apps set to synchronize in the Windows App List are synchronized.
-If you do not configure this policy setting, any defined values are deleted.
+If you don't configure this policy setting, any defined values are deleted.
@@ -6297,8 +6419,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6322,7 +6445,7 @@ If you enable this policy setting, Travel user settings continue to sync.
If you disable this policy setting, Travel user settings are excluded from synchronization.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -6346,8 +6469,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6366,9 +6490,9 @@ ADMX Info:
This policy setting enables the User Experience Virtualization (UE-V) tray icon. By default, an icon appears in the system tray that displays notifications for UE-V. This icon also provides a link to the UE-V Agent application, Company Settings Center. Users can open the Company Settings Center by right-clicking the icon and selecting Open or by double-clicking the icon. When this group policy setting is enabled, the UE-V tray icon is visible, the UE-V notifications display, and the Company Settings Center is accessible from the tray icon.
-With this setting disabled, the tray icon does not appear in the system tray, UE-V never displays notifications, and the user cannot access Company Settings Center from the system tray. The Company Settings Center remains accessible through the Control Panel and the Start menu or Start screen.
+With this setting disabled, the tray icon doesn't appear in the system tray, UE-V never displays notifications, and the user cannot access Company Settings Center from the system tray. The Company Settings Center remains accessible through the Control Panel and the Start menu or Start screen.
-If you do not configure this policy setting, any defined values are deleted.
+If you don't configure this policy setting, any defined values are deleted.
@@ -6391,8 +6515,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6416,7 +6541,7 @@ If you enable this policy setting, Video user settings continue to sync.
If you disable this policy setting, Video user settings are excluded from synchronization.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -6440,8 +6565,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6465,7 +6591,7 @@ If you enable this policy setting, Weather user settings continue to sync.
If you disable this policy setting, Weather user settings are excluded from synchronization.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -6489,8 +6615,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6514,7 +6641,7 @@ If you enable this policy setting, the WordPad user settings continue to synchro
If you disable this policy setting, WordPad user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -6532,3 +6659,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-userprofiles.md b/windows/client-management/mdm/policy-csp-admx-userprofiles.md
index 01ff1725af..799a90014c 100644
--- a/windows/client-management/mdm/policy-csp-admx-userprofiles.md
+++ b/windows/client-management/mdm/policy-csp-admx-userprofiles.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_UserProfiles
-description: Policy CSP - ADMX_UserProfiles
+description: Learn about Policy CSP - ADMX_UserProfiles.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -63,8 +63,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -111,8 +112,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -159,8 +161,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -209,8 +212,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -260,8 +264,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -309,8 +314,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -358,8 +364,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -412,8 +419,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -435,7 +443,6 @@ This setting prevents users from managing the ability to allow apps to access th
If you enable this policy setting, sharing of user name, picture and domain information may be controlled by setting one of the following options:
- "Always on" - users won't be able to change this setting and the user's name and account picture will be shared with apps (not desktop apps). In addition apps (not desktop apps) that have the enterprise authentication capability will also be able to retrieve the user's UPN, SIP/URI, and DNS.
-
- "Always off" - users won't be able to change this setting and the user's name and account picture won't be shared with apps (not desktop apps). In addition apps (not desktop apps) that have the enterprise authentication capability won't be able to retrieve the user's UPN, SIP/URI, and DNS. Selecting this option may have a negative impact on certain enterprise software and/or line of business apps that depend on the domain information protected by this setting to connect with network resources.
If you don't configure or disable this policy the user will have full control over this setting and can turn it off and on. Selecting this option may have a negative impact on certain enterprise software and/or line of business apps that depend on the domain information protected by this setting to connect with network resources if users choose to turn off the setting.
@@ -455,3 +462,7 @@ ADMX Info:
+
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-w32time.md b/windows/client-management/mdm/policy-csp-admx-w32time.md
index 880375abd7..7324ca3459 100644
--- a/windows/client-management/mdm/policy-csp-admx-w32time.md
+++ b/windows/client-management/mdm/policy-csp-admx-w32time.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_W32Time
-description: Policy CSP - ADMX_W32Time
+description: Learn about Policy CSP - ADMX_W32Time.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -51,8 +51,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -173,8 +174,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -240,8 +242,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -288,8 +291,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -328,3 +332,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-wcm.md b/windows/client-management/mdm/policy-csp-admx-wcm.md
index 7af1124e31..eeeacfe4ca 100644
--- a/windows/client-management/mdm/policy-csp-admx-wcm.md
+++ b/windows/client-management/mdm/policy-csp-admx-wcm.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_WCM
-description: Policy CSP - ADMX_WCM
+description: Learn about Policy CSP - ADMX_WCM.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -48,8 +48,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -93,8 +94,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -119,9 +121,9 @@ If this policy setting is disabled, Windows will disconnect a computer from a ne
When soft disconnect is enabled:
-- When Windows decides that the computer should no longer be connected to a network, it waits for traffic to settle on that network. The existing TCP session will continue uninterrupted.
+- Windows decides that the computer should no longer be connected to a network, it waits for traffic to settle on that network. The existing TCP session will continue uninterrupted.
- Windows then checks the traffic level on the network periodically. If the traffic level is above a certain threshold, no further action is taken. The computer stays connected to the network and continues to use it. For example, if the network connection is currently being used to download files from the Internet, the files will continue to be downloaded using that network connection.
-- When the network traffic drops below this threshold, the computer will be disconnected from the network. Apps that keep a network connection active even when they’re not actively using it (for example, email apps) might lose their connection. If this connection loss happens, these apps should re-establish their connection over a different network.
+- Network traffic drops below this threshold, the computer will be disconnected from the network. Apps that keep a network connection active even when they’re not actively using it (for example, email apps) might lose their connection. If this connection loss happens, these apps should re-establish their connection over a different network.
This policy setting depends on other group policy settings. For example, if 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is disabled, Windows won't disconnect from any networks.
@@ -147,8 +149,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -193,3 +196,7 @@ ADMX Info:
+
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-wdi.md b/windows/client-management/mdm/policy-csp-admx-wdi.md
index a4a59c9cbd..a5b1ce11d8 100644
--- a/windows/client-management/mdm/policy-csp-admx-wdi.md
+++ b/windows/client-management/mdm/policy-csp-admx-wdi.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_WDI
-description: Policy CSP - ADMX_WDI
+description: Learn about Policy CSP - ADMX_WDI.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -46,8 +46,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -65,12 +66,15 @@ manager: dansimp
This policy setting determines the data retention limit for Diagnostic Policy Service (DPS) scenario data.
-- If you enable this policy setting, you must enter the maximum size of scenario data that should be retained in megabytes. Detailed troubleshooting data related to scenarios will be retained until this limit is reached.
-- If you disable or don't configure this policy setting, the DPS deletes scenario data once it exceeds 128 megabytes in size.
-No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately.
-This policy setting will only take effect when the Diagnostic Policy Service is in the running state.
-When the service is stopped or disabled, diagnostic scenario data won't be deleted.
-The DPS can be configured with the Services snap-in to the Microsoft Management Console.
+
+If you enable this policy setting, you must enter the maximum size of scenario data that should be retained in megabytes. Detailed troubleshooting data related to scenarios will be retained until this limit is reached.
+
+If you disable or don't configure this policy setting, the DPS deletes scenario data once it exceeds 128 megabytes in size. No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately.
+
+>[!NOTE]
+> This policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenario data won't be deleted.
+>
+> The DPS can be configured with the Services snap-in to the Microsoft Management Console.
@@ -93,8 +97,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -113,11 +118,12 @@ ADMX Info:
This policy setting determines the execution level for Diagnostic Policy Service (DPS) scenarios.
-- If you enable this policy setting, you must select an execution level from the drop-down menu.
+If you enable this policy setting, you must select an execution level from the drop-down menu.
-If you select problem detection and troubleshooting only, the DPS will detect problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will attempt to automatically fix problems it detects or indicate to the user that assisted resolution is available.
+- If you select problem detection and troubleshooting only, the DPS will detect problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken.
+- If you select detection, troubleshooting and resolution, the DPS will attempt to automatically fix problems it detects or indicate to the user that assisted resolution is available.
-- If you disable this policy setting, Windows can't detect, troubleshoot, or resolve any problems that are handled by the DPS.
+If you disable this policy setting, Windows can't detect, troubleshoot, or resolve any problems that are handled by the DPS.
If you don't configure this policy setting, the DPS enables all scenarios for resolution by default, unless you configure separate scenario-specific policy settings. This policy setting takes precedence over any scenario-specific policy settings when it's enabled or disabled. Scenario-specific policy settings only take effect if this policy setting isn't configured. No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately.
@@ -134,4 +140,8 @@ ADMX Info:
-
\ No newline at end of file
+
+
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-wincal.md b/windows/client-management/mdm/policy-csp-admx-wincal.md
index 25ce545184..81cb16ebed 100644
--- a/windows/client-management/mdm/policy-csp-admx-wincal.md
+++ b/windows/client-management/mdm/policy-csp-admx-wincal.md
@@ -45,8 +45,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -65,9 +66,8 @@ manager: dansimp
Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars, publishing them, and subscribing to other users calendars.
-If you enable this setting, Windows Calendar will be turned off.
-
-If you disable or do not configure this setting, Windows Calendar will be turned on.
+- If you enable this setting, Windows Calendar will be turned off.
+- If you disable or do not configure this setting, Windows Calendar will be turned on.
The default is for Windows Calendar to be turned on.
@@ -94,8 +94,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -114,9 +115,8 @@ ADMX Info:
Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars, publishing them, and subscribing to other users calendars.
-If you enable this setting, Windows Calendar will be turned off.
-
-If you disable or do not configure this setting, Windows Calendar will be turned on.
+- If you enable this setting, Windows Calendar will be turned off.
+- If you disable or do not configure this setting, Windows Calendar will be turned on.
The default is for Windows Calendar to be turned on.
diff --git a/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md b/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md
index 807a4c84ff..08e1bacf93 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md
@@ -46,8 +46,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -91,8 +92,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md b/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md
index 1922a73f28..59c5880a8b 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md
@@ -48,8 +48,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -68,9 +69,13 @@ manager: dansimp
This policy setting prohibits access to Windows Connect Now (WCN) wizards.
-If you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks. All the configuration-related tasks, including "Set up a wireless router or access point" and "Add a wireless device" are disabled.
+- If you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks.
-If you disable or don't configure this policy setting, users can access the wizard tasks. They are "Set up a wireless router or access point" and "Add a wireless device." The default for this policy setting allows users to access all WCN wizards.
+All the configuration-related tasks, including "Set up a wireless router or access point" and "Add a wireless device" are disabled.
+
+- If you disable or don't configure this policy setting, users can access the wizard tasks.
+
+They are "Set up a wireless router or access point" and "Add a wireless device." The default for this policy setting allows users to access all WCN wizards.
@@ -93,8 +98,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -113,9 +119,13 @@ ADMX Info:
This policy setting prohibits access to Windows Connect Now (WCN) wizards.
-If you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks. All the configuration-related tasks, including "Set up a wireless router or access point" and "Add a wireless device" are disabled.
+- If you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks.
-If you disable or don't configure this policy setting, users can access the wizard tasks. They are "Set up a wireless router or access point" and "Add a wireless device." The default for this policy setting allows users to access all WCN wizards.
+All the configuration-related tasks, including "Set up a wireless router or access point" and "Add a wireless device" are disabled.
+
+- If you disable or don't configure this policy setting, users can access the wizard tasks.
+
+They are "Set up a wireless router or access point" and "Add a wireless device." The default for this policy setting allows users to access all WCN wizards.
@@ -139,8 +149,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -161,9 +172,8 @@ This policy setting allows the configuration of wireless settings using Windows
More options are available to allow discovery and configuration over a specific medium.
-If you enable this policy setting, more choices are available to turn off the operations over a specific medium.
-
-If you disable this policy setting, operations are disabled over all media.
+- If you enable this policy setting, more choices are available to turn off the operations over a specific medium.
+- If you disable this policy setting, operations are disabled over all media.
If you don't configure this policy setting, operations are enabled over all media.
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md
index 8f4e9a4209..cb885ee871 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md
@@ -254,8 +254,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -304,8 +305,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -330,7 +332,6 @@ Enabling this policy will also turn off the preview pane and set the folder opti
If you disable or not configure this policy, the default File Explorer behavior is applied to the user.
-
@@ -353,8 +354,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -379,7 +381,6 @@ If you disable or do not configure this setting, the default behavior of not dis
-
ADMX Info:
- GP Friendly name: *Display confirmation dialog when deleting files*
@@ -399,8 +400,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -426,7 +428,6 @@ If you disable or do not configure this policy setting, no changes are made to t
-
ADMX Info:
- GP Friendly name: *Location where all default Library definition files for users/machines reside.*
@@ -446,8 +447,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -473,7 +475,6 @@ This disables access to user-defined properties, and properties stored in NTFS s
-
ADMX Info:
- GP Friendly name: *Disable binding directly to IPropertySetStorage without intermediate layers.*
@@ -493,8 +494,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -529,7 +531,6 @@ If you disable or do not configure this policy, all default Windows Libraries fe
-
ADMX Info:
- GP Friendly name: *Turn off Windows Libraries features that rely on indexed file data*
@@ -550,8 +551,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -599,8 +601,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -649,8 +652,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -669,9 +673,8 @@ ADMX Info:
This policy setting determines whether remote paths can be used for file shortcut (.lnk file) icons.
-If you enable this policy setting, file shortcut icons are allowed to be obtained from remote paths.
-
-If you disable or do not configure this policy setting, file shortcut icons that use remote paths are prevented from being displayed.
+- If you enable this policy setting, file shortcut icons are allowed to be obtained from remote paths.
+- If you disable or do not configure this policy setting, file shortcut icons that use remote paths are prevented from being displayed.
> [!NOTE]
> Allowing the use of remote paths in file shortcut icons can expose users’ computers to security risks.
@@ -699,8 +702,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -754,8 +758,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -802,8 +807,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -849,8 +855,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -869,9 +876,8 @@ ADMX Info:
This policy setting allows you to turn off the display of snippets in Content view mode.
-If you enable this policy setting, File Explorer will not display snippets in Content view mode.
-
-If you disable or do not configure this policy setting, File Explorer shows snippets in Content view mode by default.
+- If you enable this policy setting, File Explorer will not display snippets in Content view mode.
+- If you disable or do not configure this policy setting, File Explorer shows snippets in Content view mode by default.
@@ -895,8 +901,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -916,9 +923,8 @@ ADMX Info:
This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
-If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
-
-If you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+- If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+- If you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
If you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
@@ -946,8 +952,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -967,9 +974,8 @@ ADMX Info:
This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
-If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
-
-If you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+- If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+- If you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
If you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
@@ -997,8 +1003,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1048,8 +1055,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1099,8 +1107,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1150,8 +1159,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1201,8 +1211,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1252,8 +1263,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1303,8 +1315,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1354,8 +1367,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1405,8 +1419,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1454,8 +1469,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1503,8 +1519,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1552,8 +1569,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1601,8 +1619,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1650,8 +1669,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1699,8 +1719,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1749,8 +1770,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1799,8 +1821,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1848,8 +1871,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1897,8 +1921,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1945,8 +1970,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1991,8 +2017,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2037,8 +2064,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2086,8 +2114,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2135,8 +2164,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2183,8 +2213,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2227,8 +2258,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2273,8 +2305,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2324,8 +2357,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2375,8 +2409,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2399,13 +2434,10 @@ If you disable this setting or do not configure it, the "File name" field includ
This setting, and others in this folder, lets you remove new features added in Windows 2000 Professional, so that the Open dialog box looks like it did in Windows NT 4.0 and earlier. These policies only affect programs that use the standard Open dialog box provided to developers of Windows programs.
-To see an example of the standard Open dialog box, start WordPad and, on the File menu, click Open.
-
-
+To see an example of the standard Open dialog box, start WordPad and, on the **File** menu, click **Open**.
-
ADMX Info:
- GP Friendly name: *Hide the dropdown list of recent files*
@@ -2425,8 +2457,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2469,8 +2502,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2517,8 +2551,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2559,8 +2594,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2608,8 +2644,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2628,9 +2665,8 @@ ADMX Info:
This policy setting allows you to remove the Shared Documents folder from My Computer. When a Windows client is in a workgroup, a Shared Documents icon appears in the File Explorer Web view under "Other Places" and also under "Files Stored on This Computer" in My Computer. Using this policy setting, you can choose not to have these items displayed.
-If you enable this policy setting, the Shared Documents folder is not displayed in the Web view or in My Computer.
-
-If you disable or do not configure this policy setting, the Shared Documents folder is displayed in Web view and also in My Computer when the client is part of a workgroup.
+- If you enable this policy setting, the Shared Documents folder is not displayed in the Web view or in My Computer.
+- If you disable or do not configure this policy setting, the Shared Documents folder is displayed in Web view and also in My Computer when the client is part of a workgroup.
@@ -2654,8 +2690,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2674,7 +2711,7 @@ ADMX Info:
Prevents users from using File Explorer or Network Locations to map or disconnect network drives.
-If you enable this setting, the system removes the Map Network Drive and Disconnect Network Drive commands from the toolbar and Tools menus in File Explorer and Network Locations and from menus that appear when you right-click the File Explorer or Network Locations icons.
+If you enable this setting, the system removes the Map Network Drive and Disconnect Network Drive commands from the toolbar and Tools menus in File Explorer and Network Locations and from menus that appear when you right-click the **File Explorer** or **Network Locations** icons.
This setting does not prevent users from connecting to another computer by typing the name of a shared folder in the Run dialog box.
@@ -2705,8 +2742,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2749,8 +2787,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2769,7 +2808,7 @@ ADMX Info:
Removes the shortcut bar from the Open dialog box. This setting, and others in this folder, lets you remove new features added in Windows 2000 Professional, so that the Open dialog box looks like it did in Windows NT 4.0 and earlier. These policies only affect programs that use the standard Open dialog box provided to developers of Windows programs.
-To see an example of the standard Open dialog box, start WordPad and, on the File menu, click Open.
+To see an example of the standard Open dialog box, start WordPad and, on the **File** menu, click **Open**.
@@ -2793,8 +2832,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2839,8 +2879,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2889,8 +2930,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2935,8 +2977,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2981,8 +3024,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3027,8 +3071,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3074,8 +3119,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3118,8 +3164,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3169,8 +3216,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3217,8 +3265,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3267,8 +3316,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3297,7 +3347,7 @@ The valid items you may display in the Places Bar are:
The list of Common Shell Folders that may be specified:
-Desktop, Recent Places, Documents, Pictures, Music, Recently Changed, Attachments and Saved Searches.
+Desktop, Recent Places, Documents, Pictures, Music, Recently Changed, Attachments, and Saved Searches.
If you disable or do not configure this setting the default list of items will be displayed in the Places Bar.
@@ -3324,8 +3374,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3377,8 +3428,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3426,8 +3478,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3474,8 +3527,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3522,8 +3576,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3570,8 +3625,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3618,8 +3674,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3668,8 +3725,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3700,7 +3758,7 @@ If you disable or do not configure this policy setting, no custom Internet searc
-ADMX Info:
+ADMX Info: ]
- GP Friendly name: *Pin Internet search sites to the "Search again" links and the Start menu*
- GP name: *TryHarderPinnedOpenSearch*
- GP path: *Windows Components\File Explorer*
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md b/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md
index 477a03bb2f..d8b921b3e5 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md
@@ -42,8 +42,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md
index c4325fa43a..dee6a3efe7 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md
@@ -102,8 +102,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -160,8 +161,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -217,8 +219,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -272,8 +275,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -296,6 +300,7 @@ If you enable this policy setting, the Privacy Options and Installation Options
This policy setting prevents the dialog boxes that allow users to select privacy, file types, and other desktop options from being displayed when the Player is first started. Some of the options can be configured by using other Windows Media Player group policies.
+
If you disable or don't configure this policy setting, the dialog boxes are displayed when the user starts the Player for the first time.
@@ -320,8 +325,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -366,8 +372,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -414,8 +421,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -462,8 +470,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -512,8 +521,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -560,8 +570,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -608,8 +619,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -654,8 +666,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -705,8 +718,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -753,8 +767,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -799,8 +814,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -845,8 +861,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -891,8 +908,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -937,8 +955,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -982,8 +1001,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1028,8 +1048,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1078,8 +1099,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md b/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md
index 1d922a36c6..927b7686c7 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md
@@ -46,8 +46,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -67,7 +68,9 @@ manager: dansimp
This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts Kerberos credentials over the network.
-If you enable this policy setting, the WinRM service does not accept Kerberos credentials over the network. If you disable or do not configure this policy setting, the WinRM service accepts Kerberos authentication from a remote client.
+If you enable this policy setting, the WinRM service does not accept Kerberos credentials over the network.
+
+If you disable or do not configure this policy setting, the WinRM service accepts Kerberos authentication from a remote client.
@@ -92,8 +95,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsstore.md b/windows/client-management/mdm/policy-csp-admx-windowsstore.md
index c1c177297f..72fffb643f 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsstore.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsstore.md
@@ -57,8 +57,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -105,8 +106,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -154,8 +156,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -203,8 +206,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -252,8 +256,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-admx-wininit.md b/windows/client-management/mdm/policy-csp-admx-wininit.md
index 452cf045a2..421da6c478 100644
--- a/windows/client-management/mdm/policy-csp-admx-wininit.md
+++ b/windows/client-management/mdm/policy-csp-admx-wininit.md
@@ -49,8 +49,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -96,8 +97,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -143,8 +145,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-admx-winlogon.md b/windows/client-management/mdm/policy-csp-admx-winlogon.md
index f21fb8b148..92bcea8397 100644
--- a/windows/client-management/mdm/policy-csp-admx-winlogon.md
+++ b/windows/client-management/mdm/policy-csp-admx-winlogon.md
@@ -58,8 +58,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -108,8 +109,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -158,8 +160,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -208,8 +211,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -260,8 +264,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -284,7 +289,7 @@ This policy controls whether the signed-in user should be notified if the sign-i
If enabled, a notification popup will be displayed to the user when the user logs on with cached credentials.
-If disabled or not configured, no popup will be displayed to the user.
+If disabled or not configured, no pop up will be displayed to the user.
@@ -308,8 +313,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -327,7 +333,7 @@ ADMX Info:
-This policy setting controls whether or not software can simulate the Secure Attention Sequence (SAS).
+This policy setting controls whether the software can simulate the Secure Attention Sequence (SAS).
If you enable this policy setting, you have one of four options:
diff --git a/windows/client-management/mdm/policy-csp-admx-winsrv.md b/windows/client-management/mdm/policy-csp-admx-winsrv.md
index 1b02e8ef54..9b5ea557d1 100644
--- a/windows/client-management/mdm/policy-csp-admx-winsrv.md
+++ b/windows/client-management/mdm/policy-csp-admx-winsrv.md
@@ -43,8 +43,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-admx-wlansvc.md b/windows/client-management/mdm/policy-csp-admx-wlansvc.md
index 588277efab..aeda8eb64c 100644
--- a/windows/client-management/mdm/policy-csp-admx-wlansvc.md
+++ b/windows/client-management/mdm/policy-csp-admx-wlansvc.md
@@ -49,8 +49,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -97,8 +98,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -143,8 +145,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-admx-wordwheel.md b/windows/client-management/mdm/policy-csp-admx-wordwheel.md
index 45948daa4a..57124ac9b3 100644
--- a/windows/client-management/mdm/policy-csp-admx-wordwheel.md
+++ b/windows/client-management/mdm/policy-csp-admx-wordwheel.md
@@ -43,8 +43,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md b/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md
index 2b291fdd5f..3a455a27b2 100644
--- a/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md
+++ b/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md
@@ -50,8 +50,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -75,6 +76,7 @@ This policy setting specifies whether Work Folders should be set up automaticall
This folder creation prevents users from choosing not to use Work Folders on the computer; it also prevents them from manually specifying the local folder in which Work Folders stores files. Work Folders will use the settings specified in the "Specify Work Folders settings" policy setting in User Configuration\Administrative Templates\Windows Components\WorkFolders. If the "Specify Work Folders settings" policy setting doesn't apply to a user, Work Folders isn't automatically set up.
- If you disable or don't configure this policy setting, Work Folders uses the "Force automatic setup" option of the "Specify Work Folders settings" policy setting to determine whether to automatically set up Work Folders for a given user.
+
@@ -98,8 +100,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -155,8 +158,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-admx-wpn.md b/windows/client-management/mdm/policy-csp-admx-wpn.md
index 3cfe80c0cc..857a782385 100644
--- a/windows/client-management/mdm/policy-csp-admx-wpn.md
+++ b/windows/client-management/mdm/policy-csp-admx-wpn.md
@@ -58,8 +58,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -107,8 +108,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -156,8 +158,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -205,8 +208,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -258,8 +262,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -307,8 +312,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md
index 5cebcba3b5..08788dc5cf 100644
--- a/windows/client-management/mdm/policy-csp-applicationdefaults.md
+++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md
@@ -42,6 +42,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -140,6 +141,7 @@ Here's the SyncMl example:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md
index 1bddb1ae40..a7f90d8ef1 100644
--- a/windows/client-management/mdm/policy-csp-applicationmanagement.md
+++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md
@@ -79,6 +79,7 @@ manager: dansimp
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -100,7 +101,6 @@ manager: dansimp
This policy setting controls whether the system can archive infrequently used apps.
- If you enable this policy setting, then the system will periodically check for and archive infrequently used apps.
-
- If you disable this policy setting, then the system won't archive any apps.
If you don't configure this policy setting (default), then the system will follow default behavior, which is to periodically check for and archive infrequently used apps, and the user will be able to configure this setting themselves.
@@ -135,6 +135,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -186,6 +187,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -237,6 +239,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -288,6 +291,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -341,6 +345,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -391,6 +396,7 @@ Most restricted value: 0
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -449,6 +455,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -497,6 +504,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -550,6 +558,7 @@ For this policy to work, the Windows apps need to declare in their manifest that
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -603,6 +612,7 @@ This setting supports a range of values between 0 and 1.
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -659,6 +669,7 @@ This setting supports a range of values between 0 and 1.
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -711,6 +722,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -761,6 +773,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -811,6 +824,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-appruntime.md b/windows/client-management/mdm/policy-csp-appruntime.md
index c8db68a7e0..a73acd40df 100644
--- a/windows/client-management/mdm/policy-csp-appruntime.md
+++ b/windows/client-management/mdm/policy-csp-appruntime.md
@@ -45,6 +45,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-appvirtualization.md b/windows/client-management/mdm/policy-csp-appvirtualization.md
index 24c9070487..04b7a70206 100644
--- a/windows/client-management/mdm/policy-csp-appvirtualization.md
+++ b/windows/client-management/mdm/policy-csp-appvirtualization.md
@@ -126,6 +126,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -170,6 +171,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -187,7 +189,7 @@ ADMX Info:
-Enables Dynamic Virtualization of supported shell extensions, browser helper objects, and ActiveX controls.
+This policy enables Dynamic Virtualization of supported shell extensions, browser helper objects, and ActiveX controls.
@@ -213,6 +215,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -230,7 +233,7 @@ ADMX Info:
-Enables automatic cleanup of appv packages that were added after Windows10 anniversary release.
+Enables automatic cleanup of App-v packages that were added after Windows 10 anniversary release.
@@ -256,6 +259,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -273,7 +277,7 @@ ADMX Info:
-Enables scripts defined in the package manifest of configuration files that should run.
+This policy enables scripts defined in the package manifest of configuration files that should run.
@@ -299,6 +303,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -316,11 +321,10 @@ ADMX Info:
-Enables a UX to display to the user when a publishing refresh is performed on the client.
+This policy enables a UX to display to the user when a publishing refresh is performed on the client.
-
ADMX Info:
- GP Friendly name: *Enable Publishing Refresh UX*
@@ -342,6 +346,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -361,7 +366,7 @@ ADMX Info:
Reporting Server URL: Displays the URL of reporting server.
-Reporting Time: When the client data should be reported to the server. Acceptable range is 0~23, corresponding to the 24 hours in a day. A good practice is, don't set this time to a busy hour, for example, 9AM.
+Reporting Time: When the client data should be reported to the server. Acceptable range is 0 ~ 23, corresponding to the 24 hours in a day. A good practice is, don't set this time to a busy hour, for example, 9AM.
Delay reporting for the random minutes: The maximum minutes of random delay on top of the reporting time. For a busy system, the random delay will help reduce the server load.
@@ -395,6 +400,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -412,7 +418,8 @@ ADMX Info:
-Specifies the file paths relative to %userprofile% that don't roam with a user's profile. Example usage: /FILEEXCLUSIONLIST='desktop;my pictures'.
+
+This policy specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage: /FILEEXCLUSIONLIST='desktop;my pictures'.
@@ -438,6 +445,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -455,7 +463,8 @@ ADMX Info:
-Specifies the registry paths that don't roam with a user profile. Example usage: /REGISTRYEXCLUSIONLIST=software\classes;software\clients.
+
+This policy specifies the registry paths that do not roam with a user profile. Example usage: /REGISTRYEXCLUSIONLIST=software\classes;software\clients.
@@ -481,6 +490,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -498,7 +508,7 @@ ADMX Info:
-Specifies how new packages should be loaded automatically by App-V on a specific computer.
+This policy specifies how new packages should be loaded automatically by App-V on a specific computer.
@@ -524,6 +534,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -567,6 +578,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -584,7 +596,9 @@ ADMX Info:
-Specifies the location where symbolic links are created to the current version of a per-user published package. Shortcuts, file type associations, etc. are created pointing to this path. If empty, symbolic links aren't used during publishing. Example: %localappdata%\Microsoft\AppV\Client\Integration.
+
+This policy specifies the location where symbolic links are created to the current version of a per-user published package. Shortcuts, file type associations, etc. are created pointing to this path. If empty, symbolic links are not used during publishing. Example: %localappdata%\Microsoft\AppV\Client\Integration.
+
@@ -610,6 +624,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -627,7 +642,8 @@ ADMX Info:
-Specifies the location where symbolic links are created to the current version of a globally published package. Shortcuts, file type associations, etc. are created pointing to this path. If empty, symbolic links aren't used during publishing. Example: %allusersprofile%\Microsoft\AppV\Client\Integration.
+
+This policy specifies the location where symbolic links are created to the current version of a globally published package. Shortcuts, file type associations, etc. are created pointing to this path. If empty, symbolic links are not used during publishing. Example: %allusersprofile%\Microsoft\AppV\Client\Integration.
@@ -653,6 +669,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -714,6 +731,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -775,6 +793,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -836,6 +855,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -897,6 +917,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -958,6 +979,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -975,7 +997,7 @@ ADMX Info:
-Specifies the path to a valid certificate in the certificate store.
+This policy specifies the path to a valid certificate in the certificate store.
@@ -1001,6 +1023,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1044,6 +1067,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1061,7 +1085,7 @@ ADMX Info:
-Specifies the CLSID for a compatible implementation of the IAppvPackageLocationProvider interface.
+This policy specifies the CLSID for a compatible implementation of the AppvPackageLocationProvider interface.
@@ -1087,6 +1111,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1104,7 +1129,7 @@ ADMX Info:
-Specifies directory where all new applications and updates will be installed.
+This policy specifies directory where all new applications and updates will be installed.
@@ -1130,6 +1155,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1147,7 +1173,7 @@ ADMX Info:
-Overrides source location for downloading package content.
+This policy overrides source location for downloading package content.
@@ -1173,6 +1199,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1190,7 +1217,7 @@ ADMX Info:
-Specifies the number of seconds between attempts to reestablish a dropped session.
+This policy specifies the number of seconds between attempts to reestablish a dropped session.
@@ -1216,6 +1243,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1233,7 +1261,7 @@ ADMX Info:
-Specifies the number of times to retry a dropped session.
+This policy specifies the number of times to retry a dropped session.
@@ -1259,6 +1287,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1276,7 +1305,8 @@ ADMX Info:
-Specifies that streamed package contents won't be saved to the local hard disk.
+
+This policy specifies that streamed package contents will be not be saved to the local hard disk.
@@ -1302,6 +1332,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1345,6 +1376,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1388,6 +1420,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1405,7 +1438,7 @@ ADMX Info:
-Specifies a list of process paths (may contain wildcards) which are candidates for using virtual components (shell extensions, browser helper objects, etc.). Only processes whose full path matches one of these items can use virtual components.
+This policy specifies a list of process paths (may contain wildcards) which are candidates for using virtual components (shell extensions, browser helper objects, etc.). Only processes whose full path matches one of these items can use virtual components.
diff --git a/windows/client-management/mdm/policy-csp-attachmentmanager.md b/windows/client-management/mdm/policy-csp-attachmentmanager.md
index b182ba287e..321527a0e3 100644
--- a/windows/client-management/mdm/policy-csp-attachmentmanager.md
+++ b/windows/client-management/mdm/policy-csp-attachmentmanager.md
@@ -52,6 +52,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -70,6 +71,7 @@ manager: dansimp
+
This policy setting allows you to manage whether Windows marks file attachments with information about their zone of origin (such as restricted, Internet, intranet, local). This feature requires NTFS in order to function correctly, and will fail without notice on FAT32. If the zone information is not preserved, Windows can't make proper risk assessments.
If you enable this policy setting, Windows doesn't mark file attachments with their zone information.
@@ -102,6 +104,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -152,6 +155,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-audit.md b/windows/client-management/mdm/policy-csp-audit.md
index 6960e68f36..2673bc236e 100644
--- a/windows/client-management/mdm/policy-csp-audit.md
+++ b/windows/client-management/mdm/policy-csp-audit.md
@@ -209,6 +209,7 @@ ms.date: 09/27/2019
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -269,6 +270,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -292,6 +294,7 @@ This policy allows you to audit the group membership information in the user's s
When this setting is configured, one or more security audit events are generated for each successful sign in. Enable the Audit Logon setting under Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff. Multiple events are generated if the group membership information can't fit in a single security audit event.
Volume: Low on a client computer. Medium on a domain controller or a network server.
+
GP Info:
@@ -326,6 +329,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -385,6 +389,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -443,6 +448,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -500,6 +506,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -558,6 +565,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -585,6 +593,7 @@ The following events are included:
- Security identifiers (SIDs) were filtered and not allowed to sign in.
Volume: Low on a client computer. Medium on a domain controller or a network server.
+
GP Info:
@@ -619,6 +628,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -642,6 +652,7 @@ If you configure this policy setting, an audit event is generated for each IAS a
If you don't configure this policy settings, IAS and NAP user access requests aren't audited.
Volume: Medium or High on NPS and IAS server. No volume on other computers.
+
GP Info:
@@ -676,6 +687,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -739,6 +751,7 @@ The following values are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -796,6 +809,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -821,6 +835,7 @@ User claims are added to a sign-in token when claims are included with a user's
When this setting is configured, one or more security audit events are generated for each successful sign in. You must also enable the Audit Logon setting under Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff. Multiple events are generated if the user and device claims information can't fit in a single security audit event.
Volume: Low on a client computer. Medium on a domain controller or a network server.
+
GP Info:
@@ -855,6 +870,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -878,6 +894,7 @@ This policy setting allows you to audit events generated by validation tests on
Events in this subcategory occur only on the computer that is authoritative for those credentials. For domain accounts, the domain controller is authoritative. For local accounts, the local computer is authoritative.
Volume: High on domain controllers.
+
GP Info:
@@ -885,7 +902,7 @@ GP Info:
- GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Account Logon*
-
+]
The following are the supported values:
- 0 (default)—Off/None
- 1—Success
@@ -912,6 +929,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -936,6 +954,7 @@ If you configure this policy setting, an audit event is generated after a Kerber
If you don't configure this policy setting, no audit event is generated after a Kerberos authentication TGT request.
Volume: High on Kerberos Key Distribution Center servers.
+
GP Info:
@@ -970,6 +989,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1028,6 +1048,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1084,6 +1105,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1144,6 +1166,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1202,6 +1225,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1266,6 +1290,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1329,6 +1354,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1390,6 +1416,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1455,6 +1482,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1511,6 +1539,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1570,6 +1599,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1635,6 +1665,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1696,6 +1727,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1714,7 +1746,7 @@ The following are the supported values:
-This policy setting allows you to audit events generated when encryption or decryption requests are made to the Data Protection application interface (DPAPI). DPAPI is used to protect secret information such as stored password and key information. For more information about DPAPI, see https://go.microsoft.com/fwlink/?LinkId=121720.
+This policy setting allows you to audit events generated when encryption or decryption requests are made to the Data Protection application interface (DPAPI). DPAPI is used to protect secret information such as stored password and key information. For more information about DPAPI, see [How to use Data Protection](/dotnet/standard/security/how-to-use-data-protection).
If you configure this policy setting, an audit event is generated when an encryption or decryption request is made to DPAPI. Success audits record successful requests and Failure audits record unsuccessful requests.
If you don't configure this policy setting, no audit event is generated when an encryption or decryption request is made to DPAPI.
@@ -1753,6 +1785,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1810,6 +1843,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1867,6 +1901,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1924,6 +1959,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1981,6 +2017,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2036,6 +2073,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2095,6 +2133,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2157,6 +2196,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2229,6 +2269,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2288,6 +2329,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2347,6 +2389,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2407,6 +2450,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2475,6 +2519,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2530,6 +2575,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2590,6 +2636,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2609,7 +2656,7 @@ The following are the supported values:
This policy setting allows you to audit attempts to access the kernel, which includes mutexes and semaphores.
-Only kernel objects with a matching system access control list (SACL) generate security audit events.
+Only kernel objects with a matching System Access Control List (SACL) generate security audit events.
> [!Note]
> The Audit: Audit the access of global system objects policy setting controls the default SACL of kernel objects.
@@ -2648,6 +2695,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2713,6 +2761,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2731,7 +2780,7 @@ The following are the supported values:
-This policy setting allows you to audit attempts to access registry objects. A security audit event is generated only for objects that have system access control lists (SACLs) specified, and only if the type of access requested, such as Read, Write, or Modify, and the account making the request match the settings in the SACL.
+This policy setting allows you to audit attempts to access registry objects. A security audit event is generated only for objects that have SACLs specified, and only if the type of access requested, such as Read, Write, or Modify, and the account making the request match the settings in the SACL.
If you configure this policy setting, an audit event is generated each time an account accesses a registry object with a matching SACL. Success audits record successful attempts and Failure audits record unsuccessful attempts.
If you don't configure this policy setting, no audit event is generated when an account accesses a registry object with a matching SACL.
@@ -2773,6 +2822,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2830,6 +2880,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2862,7 +2913,7 @@ If you don't configure this policy setting, no audit event is generated when an
> [!Note]
> Only the System Access Control List (SACL) for SAM_SERVER can be modified.
-Volume: High on domain controllers. For information about reducing the number of events generated in this subcategory, see [article 841001 in the Microsoft Knowledge Base](https://go.microsoft.com/fwlink/?LinkId=121698).
+Volume: High on domain controllers. For more information about reducing the number of events generated by auditing the access of global system objects, see [Audit the access of global system objects](/windows/security/threat-protection/security-policy-settings/audit-audit-the-access-of-global-system-objects).
@@ -2897,6 +2948,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2969,6 +3021,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3032,6 +3085,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3094,6 +3148,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3159,6 +3214,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3220,6 +3276,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3286,6 +3343,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3374,6 +3432,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3427,6 +3486,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3499,6 +3559,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3563,6 +3624,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3621,6 +3683,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3679,6 +3742,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3739,6 +3803,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md
index f1263416b4..b934f952aa 100644
--- a/windows/client-management/mdm/policy-csp-authentication.md
+++ b/windows/client-management/mdm/policy-csp-authentication.md
@@ -65,6 +65,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -106,6 +107,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -124,7 +126,7 @@ The following list shows the supported values:
-Allows an EAP cert-based authentication for a single sign on (SSO) to access internal resources.
+Allows an EAP cert-based authentication for a Single Sign on (SSO) to access internal resources.
@@ -147,6 +149,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -190,6 +193,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -235,6 +239,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -288,6 +293,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -306,7 +312,7 @@ The following list shows the supported values:
-Specifies the list of domains that are allowed to be navigated to in AAD PIN reset and Web Sign-in Windows device scenarios where authentication is handled by AD FS or a third-party federated identity provider. Note this policy is required in federated environments as a mitigation to the vulnerability described in [CVE-2021-27092](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27092).
+Specifies the list of domains that are allowed to be navigated to in Azure Active Directory PIN reset and Web Sign-in Windows device scenarios where authentication is handled by AD FS or a third-party federated identity provider. Note this policy is required in federated environments as a mitigation to the vulnerability described in [CVE-2021-27092](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27092).
**Example**: If your organization's PIN reset or Web Sign-in authentication flow is expected to navigate to two domains, accounts.contoso.com and signin.contoso.com, the policy value should be "accounts.contoso.com;signin.contoso.com".
@@ -333,6 +339,7 @@ Specifies the list of domains that are allowed to be navigated to in AAD PIN res
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -382,6 +389,7 @@ Web Sign-in is only supported on Azure AD Joined PCs.
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -437,6 +445,7 @@ Value type is integer. Supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -492,6 +501,7 @@ Value type is integer. Supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-autoplay.md b/windows/client-management/mdm/policy-csp-autoplay.md
index 365d7cf732..ac10523d39 100644
--- a/windows/client-management/mdm/policy-csp-autoplay.md
+++ b/windows/client-management/mdm/policy-csp-autoplay.md
@@ -51,6 +51,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -76,6 +77,7 @@ If you enable this policy setting, AutoPlay isn't allowed for MTP devices like c
If you disable or don't configure this policy setting, AutoPlay is enabled for non-volume devices.
+
@@ -100,6 +102,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -158,6 +161,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -191,7 +195,8 @@ This policy setting disables Autoplay on other types of drives. You can't use th
If you disable or don't configure this policy setting, AutoPlay is enabled.
-Note: This policy setting appears in both the Computer Configuration and User Configuration folders. If the policy settings conflict, the policy setting in Computer Configuration takes precedence over the policy setting in User Configuration.
+> [!Note]
+> This policy setting appears in both the Computer Configuration and User Configuration folders. If the policy settings conflict, the policy setting in Computer Configuration takes precedence over the policy setting in User Configuration.
diff --git a/windows/client-management/mdm/policy-csp-bitlocker.md b/windows/client-management/mdm/policy-csp-bitlocker.md
index add5331983..e56c8f51fb 100644
--- a/windows/client-management/mdm/policy-csp-bitlocker.md
+++ b/windows/client-management/mdm/policy-csp-bitlocker.md
@@ -42,6 +42,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -60,7 +61,7 @@ manager: dansimp
-Specifies the BitLocker Drive Encryption method and cipher strength.
+This policy specifies the BitLocker Drive Encryption method and cipher strength.
> [!NOTE]
> XTS-AES 128-bit and XTS-AES 256-bit values are supported only on Windows 10 for desktop.
diff --git a/windows/client-management/mdm/policy-csp-bits.md b/windows/client-management/mdm/policy-csp-bits.md
index 7b7b384396..19cb5e2ce2 100644
--- a/windows/client-management/mdm/policy-csp-bits.md
+++ b/windows/client-management/mdm/policy-csp-bits.md
@@ -60,6 +60,7 @@ If BITS/BandwidthThrottlingStartTime or BITS/BandwidthThrottlingEndTime are NOT
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -93,7 +94,7 @@ If you disable or don't configure this policy setting, BITS uses all available u
> [!NOTE]
> You should base the limit on the speed of the network link, not the computer's network interface card (NIC). This policy setting doesn't affect peer caching transfers between peer computers (it does affect transfers from the origin server); the "Limit the maximum network bandwidth used for Peercaching" policy setting should be used for that purpose.
-Consider using this setting to prevent BITS transfers from competing for network bandwidth when the client computer has a fast network card (10Mbs), but is connected to the network via a slow link (56Kbs).
+Consider using this setting to prevent BITS transfers from competing for network bandwidth when the client computer has a fast network card (10Mbs), but is connected to the network via a slow link (56 Kbs).
@@ -127,6 +128,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -159,7 +161,7 @@ If you disable or don't configure this policy setting, BITS uses all available u
> [!NOTE]
> You should base the limit on the speed of the network link, not the computer's network interface card (NIC). This policy setting doesn't affect peer caching transfers between peer computers (it does affect transfers from the origin server); the "Limit the maximum network bandwidth used for Peercaching" policy setting should be used for that purpose.
-Consider using this setting to prevent BITS transfers from competing for network bandwidth when the client computer has a fast network card (10Mbs), but is connected to the network via a slow link (56Kbs).
+Consider using this setting to prevent BITS transfers from competing for network bandwidth when the client computer has a fast network card (10Mbs), but is connected to the network via a slow link (56 Kbs).
@@ -193,6 +195,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -223,7 +226,8 @@ BITS, by using the three policies together (BandwidthThrottlingStartTime, Bandwi
If you disable or don't configure this policy setting, BITS uses all available unused bandwidth.
> [!NOTE]
-> You should base the limit on the speed of the network link, not the computer's network interface card (NIC). This policy setting doesn't affect peer caching transfers between peer computers (it does affect transfers from the origin server); the "Limit the maximum network bandwidth used for Peercaching" policy setting should be used for that purpose.
+
+> You should base the limit on the speed of the network link, not the computer's Network Interface Card (NIC). This policy setting does not affect peer caching transfers between peer computers (it does affect transfers from the origin server); the "Limit the maximum network bandwidth used for Peercaching" policy setting should be used for that purpose.
Consider using this setting to prevent BITS transfers from competing for network bandwidth when the client computer has a fast network card (10Mbs), but is connected to the network via a slow link (56Kbs).
@@ -259,6 +263,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -319,6 +324,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -379,6 +385,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-bluetooth.md b/windows/client-management/mdm/policy-csp-bluetooth.md
index a27b8b0f61..8312708e30 100644
--- a/windows/client-management/mdm/policy-csp-bluetooth.md
+++ b/windows/client-management/mdm/policy-csp-bluetooth.md
@@ -55,6 +55,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -73,7 +74,7 @@ manager: dansimp
-Specifies whether the device can send out Bluetooth advertisements.
+This policy specifies whether the device can send out Bluetooth advertisements.
If this policy isn't set or is deleted, the default value of 1 (Allow) is used.
@@ -100,6 +101,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -118,7 +120,7 @@ The following list shows the supported values:
-Specifies whether other Bluetooth-enabled devices can discover the device.
+This policy specifies whether other Bluetooth-enabled devices can discover the device.
If this policy isn't set or is deleted, the default value of 1 (Allow) is used.
@@ -145,6 +147,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -163,7 +166,7 @@ The following list shows the supported values:
-Specifies whether to allow specific bundled Bluetooth peripherals to automatically pair with the host device.
+This policy specifies whether to allow specific bundled Bluetooth peripherals to automatically pair with the host device.
@@ -186,6 +189,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -227,6 +231,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -265,6 +270,7 @@ If this policy isn't set or is deleted, the default local radio name is used.
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -301,6 +307,7 @@ The default value is an empty string. For more information, see [ServicesAllowed
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md
index 5deb121be6..2c340877a4 100644
--- a/windows/client-management/mdm/policy-csp-browser.md
+++ b/windows/client-management/mdm/policy-csp-browser.md
@@ -205,6 +205,7 @@ ms.localizationpriority: medium
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -259,6 +260,7 @@ Most restricted value: 0
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -321,6 +323,7 @@ To verify AllowAutofill is set to 0 (not allowed):
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -373,6 +376,7 @@ Supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -435,6 +439,7 @@ To verify AllowCookies is set to 0 (not allowed):
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -487,6 +492,7 @@ Most restricted value: 0
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -548,6 +554,7 @@ To verify AllowDoNotTrack is set to 0 (not allowed):
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -600,6 +607,7 @@ Supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -652,6 +660,7 @@ Supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -707,6 +716,7 @@ Most restricted value: 1
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -767,6 +777,7 @@ Most restricted value: 0
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -819,6 +830,7 @@ Most restricted value: 0
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -875,6 +887,7 @@ Most restricted value: 0
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -936,6 +949,7 @@ To verify AllowPasswordManager is set to 0 (not allowed):
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -997,6 +1011,7 @@ To verify AllowPopups is set to 0 (not allowed):
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -1058,6 +1073,7 @@ Most restricted value: 0
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -1118,6 +1134,7 @@ Most restricted value: 0
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -1178,6 +1195,7 @@ Most restricted value: 0
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -1236,6 +1254,7 @@ Most restricted value: 0
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -1289,6 +1308,7 @@ Most restricted value: 0
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -1349,6 +1369,7 @@ Most restricted value: 0
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -1409,6 +1430,7 @@ To verify AllowSmartScreen is set to 0 (not allowed):
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -1468,6 +1490,7 @@ Most restricted value: 1
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -1527,6 +1550,7 @@ Supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -1582,6 +1606,7 @@ Most restricted value: 0
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -1645,6 +1670,7 @@ To verify whether browsing data is cleared on exit (ClearBrowsingDataOnExit is s
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -1703,6 +1729,7 @@ Most restricted value: 0
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -1763,6 +1790,7 @@ Supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -1827,6 +1855,7 @@ Supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -1894,6 +1923,7 @@ Supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -1956,6 +1986,7 @@ Supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -2028,6 +2059,7 @@ Supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -2089,6 +2121,7 @@ Most restricted value: 0
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -2148,6 +2181,7 @@ Most restricted value: 0
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -2200,6 +2234,7 @@ Most restricted value: 0
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -2253,6 +2288,7 @@ Supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -2289,6 +2325,7 @@ Supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -2354,6 +2391,7 @@ Supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -2408,6 +2446,7 @@ Most restricted value: 1
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -2460,6 +2499,7 @@ Most restricted value: 1
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -2518,6 +2558,7 @@ Most restricted value: 1
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -2571,6 +2612,7 @@ Most restricted value: 1
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -2624,6 +2666,7 @@ Most restricted value: 1
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -2675,6 +2718,7 @@ Most restricted value: 1
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -2727,6 +2771,7 @@ Most restricted value: 1
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -2785,6 +2830,7 @@ Supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -2837,6 +2883,7 @@ Most restricted value: 1
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -2898,6 +2945,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -2951,6 +2999,7 @@ Most restricted value: 0
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -3012,6 +3061,7 @@ Most restricted value: 1
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -3070,6 +3120,7 @@ Supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -3127,6 +3178,7 @@ Supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -3179,6 +3231,7 @@ Most restricted value: 0
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -3227,6 +3280,7 @@ Supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -3290,6 +3344,7 @@ To verify that favorites are in synchronized between Internet Explorer and Micro
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -3348,6 +3403,7 @@ Supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
diff --git a/windows/client-management/mdm/policy-csp-camera.md b/windows/client-management/mdm/policy-csp-camera.md
index 1a06b54ae0..64b48bbc40 100644
--- a/windows/client-management/mdm/policy-csp-camera.md
+++ b/windows/client-management/mdm/policy-csp-camera.md
@@ -39,11 +39,11 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
-
diff --git a/windows/client-management/mdm/policy-csp-cellular.md b/windows/client-management/mdm/policy-csp-cellular.md
index 48876d706e..62837b80db 100644
--- a/windows/client-management/mdm/policy-csp-cellular.md
+++ b/windows/client-management/mdm/policy-csp-cellular.md
@@ -57,6 +57,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -121,6 +122,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -164,6 +166,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -207,6 +210,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -250,6 +254,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-connectivity.md b/windows/client-management/mdm/policy-csp-connectivity.md
index c556897ebb..661ffccaf9 100644
--- a/windows/client-management/mdm/policy-csp-connectivity.md
+++ b/windows/client-management/mdm/policy-csp-connectivity.md
@@ -84,6 +84,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -102,7 +103,7 @@ manager: dansimp
-Allows the user to enable Bluetooth or restrict access.
+This policy allows the user to enable Bluetooth or restrict access.
> [!NOTE]
> This value isn't supported in Windows 10.
@@ -115,9 +116,9 @@ Most restricted value is 0.
The following list shows the supported values:
-- 0 – Disallow Bluetooth. If the value is set to 0, the radio in the Bluetooth control panel will be grayed out and the user won't be able to turn on Bluetooth.
-- 1 – Reserved. If the value is set to 1, the radio in the Bluetooth control panel will be functional and the user will be able to turn on Bluetooth.
-- 2 (default) – Allow Bluetooth. If the value is set to 2, the radio in the Bluetooth control panel will be functional and the user will be able to turn on Bluetooth.
+- 0 – Disallow Bluetooth. If this is set to 0, the radio in the Bluetooth control panel will be grayed out and the user won't be able to turn on Bluetooth.
+- 1 – Reserved. If this is set to 1, the radio in the Bluetooth control panel will be functional and the user will be able to turn on Bluetooth.
+- 2 (default) – Allow Bluetooth. If this is set to 2, the radio in the Bluetooth control panel will be functional and the user will be able to turn on Bluetooth.
@@ -133,6 +134,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -151,7 +153,8 @@ The following list shows the supported values:
-Allows the cellular data channel on the device. Device reboot isn't required to enforce the policy.
+
+This policy allows the cellular data channel on the device. Device reboot isn't required to enforce the policy.
@@ -175,6 +178,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -237,6 +241,7 @@ To validate on devices, perform the following steps:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -258,7 +263,7 @@ To validate on devices, perform the following steps:
> [!NOTE]
> This policy requires reboot to take effect.
-Allows IT Admins the ability to disable the Connected Devices Platform (CDP) component. CDP enables discovery and connection to other devices (either proximally with BT/LAN or through the cloud) to support remote app launching, remote messaging, remote app sessions, and other cross-device experiences.
+This policy allows IT Admins the ability to disable the Connected Devices Platform (CDP) component. CDP enables discovery and connection to other devices (either proximally with BT/LAN or through the cloud) to support remote app launching, remote messaging, remote app sessions, and other cross-device experiences.
@@ -281,6 +286,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -301,7 +307,10 @@ The following list shows the supported values:
This policy allows IT admins to turn off the ability to Link a Phone with a PC to continue tasks, such as reading, email, and other tasks that require linking between Phone and PC.
-If you enable this policy setting, the Windows device will be able to enroll in Phone-PC linking functionality and participate in 'Continue on PC experiences'. If you disable this policy setting, the Windows device isn't allowed to be linked to phones, will remove itself from the device list of any linked Phones, and can't participate in 'Continue on PC experiences'.
+If you enable this policy setting, the Windows device will be able to enroll in Phone-PC linking functionality and participate in 'Continue on PC experiences'.
+
+If you disable this policy setting, the Windows device isn't allowed to be linked to phones, will remove itself from the device list of any linked Phones, and can't participate in 'Continue on PC experiences'.
+
If you don't configure this policy setting, the default behavior depends on the Windows edition. Changes to this policy take effect on reboot.
@@ -321,7 +330,8 @@ This setting supports a range of values between 0 and 1.
Validation:
-If the Connectivity/AllowPhonePCLinking policy is configured to value 0, the add a phone button in the Phones section in settings will be grayed out and clicking it won't launch the window for a user to enter their phone number.
+
+If the Connectivity/AllowPhonePCLinking policy is configured to value 0, add a phone button in the Phones section in settings will be grayed out and clicking it will not launch the window for a user to enter their phone number.
Device that has previously opt-in to MMX will also stop showing on the device list.
@@ -339,6 +349,7 @@ Device that has previously opt-in to MMX will also stop showing on the device li
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|No|No|
|Education|No|No|
@@ -387,6 +398,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -430,6 +442,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -448,7 +461,7 @@ The following list shows the supported values:
-Prevents the device from connecting to VPN when the device roams over cellular networks.
+This policy prevents the device from connecting to VPN when the device roams over cellular networks.
Most restricted value is 0.
@@ -473,6 +486,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -527,6 +541,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -579,6 +594,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -631,6 +647,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -675,6 +692,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -721,6 +739,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -739,7 +758,7 @@ ADMX Info:
-Determines whether a user can install and configure the Network Bridge.
+This policy determines whether a user can install and configure the Network Bridge.
Important: This setting is location aware. It only applies when a computer is connected to the same DNS domain network it was connected to when the setting was refreshed on that computer. If a computer is connected to a DNS domain network other than the one it was connected to when the setting was refreshed, this setting doesn't apply.
diff --git a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
index e66ffbee8b..d795f177d4 100644
--- a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
+++ b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
@@ -32,12 +32,21 @@ manager: dansimp
**ControlPolicyConflict/MDMWinsOverGP**
+> [!NOTE]
+> This setting doesn't apply to the following types of group policies:
+>
+> - If they don't map to an MDM policy. For example, firewall policies and account lockout policies.
+> - If they aren't defined by an ADMX. For example, Password policy - minimum password age.
+> - If they're in the Windows Update category.
+> - If they have list entries. For example, the Microsoft Edge CookiesAllowedForUrls policy.
+
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -61,7 +70,8 @@ This policy allows the IT admin to control which policy will be used whenever bo
> [!NOTE]
> MDMWinsOverGP only applies to policies in Policy CSP. MDM policies win over Group Policies where applicable; not all Group Policies are available via MDM or CSP. It does not apply to other MDM settings with equivalent GP settings that are defined in other CSPs.
-This policy is used to ensure that MDM policy wins over GP when policy is configured on MDM channel. The default value is 0. The MDM policies in Policy CSP will behave as described if this policy value is set 1.
+This policy is used to ensure that MDM policy wins over GP when policy is configured on MDM channel.
+The default value is 0. The MDM policies in Policy CSP will behave as described if this policy value is set 1.
> [!NOTE]
> This policy doesn't support the Delete command and doesn’t support setting the value to 0 again after it was previously set to 1. Windows 10 version 1809 will support using the Delete command to set the value to 0 again, if it was previously set to 1.
@@ -71,7 +81,8 @@ The following list shows the supported values:
- 0 (default)
- 1 - The MDM policy is used and the GP policy is blocked.
-The policy should be set at every sync to ensure the device removes any settings that conflict with MDM just as it does on the first set of the policy. This activation ensures that:
+The policy should be set at every sync to ensure the device removes any settings that conflict with MDM just as it does on the very first set of the policy.
+This ensures that:
- GP settings that correspond to MDM applied settings aren't conflicting
- The current Policy Manager policies are refreshed from what MDM has set
diff --git a/windows/client-management/mdm/policy-csp-credentialproviders.md b/windows/client-management/mdm/policy-csp-credentialproviders.md
index 21357c48c3..beeffe2585 100644
--- a/windows/client-management/mdm/policy-csp-credentialproviders.md
+++ b/windows/client-management/mdm/policy-csp-credentialproviders.md
@@ -51,6 +51,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -104,6 +105,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -128,7 +130,8 @@ If you enable this policy setting, a domain user can't set up or sign in with a
If you disable or don't configure this policy setting, a domain user can set up and use a picture password.
-Note that the user's domain password will be cached in the system vault when using this feature.
+> [!NOTE]
+> The user's domain password will be cached in the system vault when using this feature.
@@ -154,6 +157,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -180,8 +184,8 @@ The Autopilot Reset feature allows admin to reset devices to a known good manage
The following list shows the supported values:
-- 0 - Enable the visibility of the credentials for Autopilot Reset
-- 1 - Disable visibility of the credentials for Autopilot Reset
+0 - Enable the visibility of the credentials for Autopilot Reset
+1 - Disable visibility of the credentials for Autopilot Reset
@@ -191,3 +195,6 @@ The following list shows the supported values:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-credentialsdelegation.md b/windows/client-management/mdm/policy-csp-credentialsdelegation.md
index da8c5cd222..e459f00b15 100644
--- a/windows/client-management/mdm/policy-csp-credentialsdelegation.md
+++ b/windows/client-management/mdm/policy-csp-credentialsdelegation.md
@@ -45,6 +45,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -63,7 +64,7 @@ manager: dansimp
-Remote host allows delegation of non-exportable credentials
+Remote host allows delegation of non-exportable credentials.
When credential delegation is being used, devices provide an exportable version of credentials to the remote host. This version exposes users to the risk of credential theft from attackers on the remote host.
@@ -89,3 +90,6 @@ ADMX Info:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-credentialsui.md b/windows/client-management/mdm/policy-csp-credentialsui.md
index f242322253..d126286e24 100644
--- a/windows/client-management/mdm/policy-csp-credentialsui.md
+++ b/windows/client-management/mdm/policy-csp-credentialsui.md
@@ -47,6 +47,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -74,7 +75,7 @@ If you disable or don't configure this policy setting, the password reveal butto
By default, the password reveal button is displayed after a user types a password in the password entry text box. To display the password, click the password reveal button.
-The policy applies to all Windows components and applications that use the Windows system controls, including Internet Explorer.
+This policy applies to all Windows components and applications that use the Windows system controls, including Internet Explorer.
@@ -100,6 +101,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -142,3 +144,6 @@ ADMX Info:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-cryptography.md b/windows/client-management/mdm/policy-csp-cryptography.md
index 0e746278c6..31ebde8cc2 100644
--- a/windows/client-management/mdm/policy-csp-cryptography.md
+++ b/windows/client-management/mdm/policy-csp-cryptography.md
@@ -42,6 +42,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -60,7 +61,7 @@ manager: dansimp
-Allows or disallows the Federal Information Processing Standard (FIPS) policy.
+This policy setting allows or disallows the Federal Information Processing Standard (FIPS) policy.
@@ -72,8 +73,8 @@ ADMX Info:
The following list shows the supported values:
-- 0 (default) – Not allowed.
-- 1– Allowed.
+0 (default) – Not allowed.
+1– Allowed.
@@ -94,6 +95,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -112,7 +114,7 @@ The following list shows the supported values:
-Lists the Cryptographic Cipher Algorithms allowed for SSL connections. Format is a semicolon delimited list. Last write win.
+This policy setting lists the Cryptographic Cipher Algorithms allowed for SSL connections. Format is a semicolon delimited list. Last write win.
@@ -134,3 +136,6 @@ Lists the Cryptographic Cipher Algorithms allowed for SSL connections. Format is
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-dataprotection.md b/windows/client-management/mdm/policy-csp-dataprotection.md
index 6b464729c7..43dc6aeab0 100644
--- a/windows/client-management/mdm/policy-csp-dataprotection.md
+++ b/windows/client-management/mdm/policy-csp-dataprotection.md
@@ -42,6 +42,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -60,7 +61,9 @@ manager: dansimp
-This policy setting allows you to block direct memory access (DMA) for all hot pluggable PCI downstream ports until a user logs into Windows. Once a user logs in, Windows will enumerate the PCI devices connected to the host plug PCI ports. Every time the user locks the machine, DMA will be blocked on hot plug PCI ports with no children devices until the user logs in again. Devices which were already enumerated when the machine was unlocked will continue to function until unplugged. This policy setting is only enforced when [BitLocker Device Encryption](/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10#bitlocker-device-encryption) is enabled.
+This policy setting allows you to block direct memory access (DMA) for all hot pluggable PCI downstream ports until a user logs into Windows.
+
+Once a user logs in, Windows will enumerate the PCI devices connected to the host plug PCI ports. Every time the user locks the machine, DMA will be blocked on hot plug PCI ports with no children devices until the user logs in again. Devices which were already enumerated when the machine was unlocked will continue to function until unplugged. This policy setting is only enforced when [BitLocker Device Encryption](/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10#bitlocker-device-encryption) is enabled.
Most restricted value is 0.
@@ -85,6 +88,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -118,4 +122,8 @@ Setting used by Windows 8.1 Selective Wipe.
-
\ No newline at end of file
+
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-datausage.md b/windows/client-management/mdm/policy-csp-datausage.md
index 73b7408f51..5e271eabfc 100644
--- a/windows/client-management/mdm/policy-csp-datausage.md
+++ b/windows/client-management/mdm/policy-csp-datausage.md
@@ -60,6 +60,7 @@ This policy is deprecated in Windows 10, version 1809.
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -83,9 +84,7 @@ This policy setting configures the cost of 4G connections on the local machine.
If this policy setting is enabled, a drop-down list box presenting possible cost values will be active. Selecting one of the following values from the list will set the cost of all 4G connections on the local machine:
- Unrestricted: Use of this connection is unlimited and not restricted by usage charges and capacity constraints.
-
- Fixed: Use of this connection is not restricted by usage charges and capacity constraints up to a certain data limit.
-
- Variable: This connection is costed on a per byte basis.
If this policy setting is disabled or is not configured, the cost of 4G connections is Fixed by default.
@@ -108,3 +107,6 @@ ADMX Info:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md
index 7a37cafe94..934f417af1 100644
--- a/windows/client-management/mdm/policy-csp-defender.md
+++ b/windows/client-management/mdm/policy-csp-defender.md
@@ -7,7 +7,7 @@ ms.prod: w10
ms.technology: windows
author: dansimp
ms.localizationpriority: medium
-ms.date: 12/29/2021
+ms.date: 05/12/2022
ms.reviewer:
manager: dansimp
ms.collection: highpri
@@ -160,6 +160,7 @@ ms.collection: highpri
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -213,6 +214,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -266,6 +268,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -287,7 +290,6 @@ The following list shows the supported values:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop.
-
To best protect your PC, Windows Defender will send information to Microsoft about any problems it finds. Microsoft will analyze that information, learn more about problems affecting you and other customers, and offer improved solutions.
@@ -320,6 +322,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -341,7 +344,6 @@ The following list shows the supported values:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop.
-
Allows or disallows scanning of email.
@@ -373,6 +375,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -394,7 +397,6 @@ The following list shows the supported values:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop.
-
Allows or disallows a full scan of mapped network drives.
@@ -426,6 +428,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -447,7 +450,6 @@ The following list shows the supported values:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop.
-
Allows or disallows a full scan of removable drives. During a quick scan, removable drives may still be scanned.
@@ -479,6 +481,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -499,7 +502,6 @@ The following list shows the supported values:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop.
-
Allows or disallows Windows Defender IOAVP Protection functionality.
@@ -532,6 +534,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -553,7 +556,6 @@ The following list shows the supported values:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop.
-
Allows or disallows Windows Defender On Access Protection functionality.
@@ -588,6 +590,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -609,7 +612,6 @@ The following list shows the supported values:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop.
-
Allows or disallows Windows Defender real-time Monitoring functionality.
@@ -641,6 +643,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -662,7 +665,6 @@ The following list shows the supported values:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop.
-
Allows or disallows a scanning of network files.
@@ -694,6 +696,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -715,7 +718,6 @@ The following list shows the supported values:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop.
-
Allows or disallows Windows Defender Script Scanning functionality.
@@ -739,6 +741,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -760,7 +763,6 @@ The following list shows the supported values:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop.
-
Allows or disallows user access to the Windows Defender UI. I disallowed, all Windows Defender notifications will also be suppressed.
@@ -792,6 +794,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -813,8 +816,7 @@ The following list shows the supported values:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop.
-
-This policy setting allows you to prevent Attack Surface reduction rules from matching on files under the paths specified or for the fully qualified resources specified. Paths should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of a path or a fully qualified resource name. As an example, a path might be defined as: "c:\Windows" to exclude all files in this directory. A fully qualified resource name might be defined as: "C:\Windows\App.exe"..
+This policy setting allows you to prevent Attack Surface reduction rules from matching on files under the paths specified or for the fully qualified resources specified. Paths should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of a path or a fully qualified resource name. As an example, a path might be defined as: "c:\Windows" to exclude all files in this directory. A fully qualified resource name might be defined as: "C:\Windows\App.exe".
Value type is string.
@@ -841,6 +843,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -862,8 +865,7 @@ ADMX Info:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop.
-
-This policy setting enables setting the state (Block/Audit/Off) for each Attack surface reduction (Azure Site Recovery) rule. Each ASR rule listed can be set to one of the following states (Block/Audit/Off). The ASR rule ID and state should be added under the Options for this setting. Each entry must be listed as a name value pair. The name defines a valid ASR rule ID, while the value contains the status ID indicating the status of the rule.
+This policy setting enables setting the state (Block/Audit/Off) for each attack surface reduction (ASR) rule. Each ASR rule listed can be set to one of the following states (Block/Audit/Off). The ASR rule ID and state should be added under the Options for this setting. Each entry must be listed as a name value pair. The name defines a valid ASR rule ID, while the value contains the status ID indicating the status of the rule.
For more information about ASR rule ID and status ID, see [Enable Attack Surface Reduction](/windows/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction).
@@ -892,6 +894,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -912,11 +915,9 @@ ADMX Info:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop.
-
Represents the average CPU load factor for the Windows Defender scan (in percent).
-
The default value is 50.
@@ -946,6 +947,7 @@ Valid values: 0–100
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1011,6 +1013,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1032,7 +1035,6 @@ ADMX Info:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop.
-
This policy setting determines how aggressive Microsoft Defender Antivirus will be in blocking and scanning suspicious files. Value type is integer.
If this setting is on, Microsoft Defender Antivirus will be more aggressive when identifying suspicious files to block and scan; otherwise, it will be less aggressive and therefore block and scan with less frequency.
@@ -1074,6 +1076,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1127,6 +1130,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1173,6 +1177,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1219,6 +1224,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1239,11 +1245,9 @@ ADMX Info:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop.
-
Time period (in days) that quarantine items will be stored on the system.
-
The default value is 0, which keeps items in quarantine, and doesn't automatically remove them.
@@ -1273,6 +1277,7 @@ Valid values: 0–90
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1336,6 +1341,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1399,6 +1405,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1453,6 +1460,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1514,6 +1522,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1574,6 +1583,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1594,7 +1604,6 @@ The following list shows the supported values:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop.
-
Allows an administrator to specify a list of file type extensions to ignore during a scan. Each file type in the list must be separated by a **|**. For example, "lib|obj".
@@ -1621,6 +1630,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1642,7 +1652,6 @@ ADMX Info:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop.
-
Allows an administrator to specify a list of directory paths to ignore during a scan. Each path in the list must be separated by a **|**. For example, "C:\\Example|C:\\Example1".
@@ -1668,6 +1677,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1689,13 +1699,11 @@ ADMX Info:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop.
-
Allows an administrator to specify a list of files opened by processes to ignore during a scan.
> [!IMPORTANT]
> The process itself is not excluded from the scan, but can be by using the **Defender/ExcludedPaths** policy to exclude its path.
-
Each file type must be separated by a **|**. For example, "C:\\Example.exe|C:\\Example1.exe".
@@ -1721,6 +1729,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1779,6 +1788,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1800,7 +1810,6 @@ The following list shows the supported values:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop.
-
Controls which sets of files should be monitored.
> [!NOTE]
@@ -1837,6 +1846,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1858,7 +1868,6 @@ The following list shows the supported values:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop.
-
Selects whether to perform a quick scan or full scan.
@@ -1891,6 +1900,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1911,7 +1921,6 @@ The following list shows the supported values:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop.
-
Selects the time of day that the Windows Defender quick scan should run.
@@ -1951,6 +1960,7 @@ Valid values: 0–1380
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1972,7 +1982,6 @@ Valid values: 0–1380
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop.
-
Selects the day that the Windows Defender scan should run.
> [!NOTE]
@@ -2015,6 +2024,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2036,14 +2046,11 @@ The following list shows the supported values:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop.
-
Selects the time of day that the Windows Defender scan should run.
> [!NOTE]
> The scan type will depends on what scan type is selected in the **Defender/ScanParameter** setting.
-
-
For example, a value of 0=12:00AM, a value of 60=1:00AM, a value of 120=2:00, and so on, up to a value of 1380=11:00PM.
The default value is 120.
@@ -2075,6 +2082,7 @@ Valid values: 0–1380.
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2095,7 +2103,7 @@ Valid values: 0–1380.
This policy setting allows you to define the security intelligence location for VDI-configured computers.
-If you disable or don't configure this setting, security intelligence will be referred from the default local source.
+If you disable or don't configure this setting, security intelligence will be referred from the default local source.
@@ -2126,6 +2134,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2193,6 +2202,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2255,6 +2265,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2276,10 +2287,8 @@ ADMX Info:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop.
-
Specifies the interval (in hours) that will be used to check for signatures, so instead of using the ScheduleDay and ScheduleTime the check for new signatures will be set according to the interval.
-
A value of 0 means no check for new signatures, a value of 1 means to check every hour, a value of 2 means to check every two hours, and so on, up to a value of 24, which means to check every day.
The default value is 8.
@@ -2313,6 +2322,7 @@ Valid values: 0–24.
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2334,8 +2344,7 @@ Valid values: 0–24.
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop.
-
-Checks for the user consent level in Windows Defender to send data. If the required consent has already been granted, Windows Defender submits them. If not, (and if the user has specified never to ask), the UI is launched to ask for user consent (when **Defender/AllowCloudProtection** is allowed) before sending data.
+Checks for the user consent level in Windows Defender to send data. If the required consent has already been granted, Windows Defender submits them. If not (and if the user has specified never to ask), the UI is launched to ask for user consent (when **Defender/AllowCloudProtection** is allowed) before sending data.
@@ -2369,6 +2378,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2389,7 +2399,6 @@ The following list shows the supported values:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop.
-
Allows an administrator to specify any valid threat severity levels and the corresponding default action ID to take.
@@ -2427,3 +2436,7 @@ ADMX Info:
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
index ba4c441b84..f49ee66cee 100644
--- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md
+++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
@@ -21,8 +21,6 @@ manager: dansimp
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
@@ -133,6 +131,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -182,6 +181,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -236,6 +236,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -291,6 +292,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -354,6 +356,7 @@ When DHCP Option ID Force (2) is set, the client will query DHCP Option ID 235 a
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -399,6 +402,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -455,6 +459,7 @@ Supported values: 0 - one month (in seconds)
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -509,6 +514,7 @@ Supported values: 0 - one month (in seconds)
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -566,6 +572,7 @@ The following list shows the supported values as number of seconds:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -623,6 +630,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -673,6 +681,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -691,7 +700,7 @@ ADMX Info:
-Set this policy to restrict peer selection to a specific source. Available options are: 1 = AD Site, 2 = Authenticated domain SID, 3 = DHCP Option ID, 4 = DNS Suffix, 5 = AAD.
+Set this policy to restrict peer selection to a specific source. Available options are: 1 = Active Directory Site, 2 = Authenticated domain SID, 3 = DHCP Option ID, 4 = DNS Suffix, 5 = Azure Active Directory.
When set, the Group ID will be assigned automatically from the selected source.
@@ -716,11 +725,11 @@ ADMX Info:
The following list shows the supported values:
-- 1 - AD site
+- 1 - Active Directory site
- 2 - Authenticated domain SID
- 3 - DHCP user option
- 4 - DNS suffix
-- 5 - AAD
+- 5 - Azure Active Directory
@@ -736,6 +745,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -781,6 +791,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -804,7 +815,7 @@ ADMX Info:
Specifies the maximum time in seconds that each file is held in the Delivery Optimization cache after downloading successfully. The value 0 (zero) means "unlimited"; Delivery Optimization will hold the files in the cache longer and make the files available for uploads to other devices, as long as the cache size hasn't exceeded. The value 0 is new in Windows 10, version 1607.
-The default value is 259200 seconds (3 days).
+The default value is 259200 seconds (three days).
@@ -829,6 +840,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -901,6 +913,7 @@ This policy is deprecated. Use [DOMaxForegroundDownloadBandwidth](#deliveryoptim
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -965,6 +978,7 @@ This policy is deprecated because it only applies to uploads to Internet peers (
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1014,6 +1028,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1062,6 +1077,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1114,6 +1130,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1163,6 +1180,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1212,6 +1230,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1261,6 +1280,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1312,6 +1332,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1370,6 +1391,7 @@ This policy is deprecated. Use [DOPercentageMaxForegroundBandwidth](#deliveryopt
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1415,6 +1437,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1467,6 +1490,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1519,6 +1543,7 @@ This policy allows an IT Admin to define the following details:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1564,3 +1589,7 @@ This policy allows an IT Admin to define the following details:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
+
diff --git a/windows/client-management/mdm/policy-csp-desktop.md b/windows/client-management/mdm/policy-csp-desktop.md
index aa850f28a4..4d3d97a6bd 100644
--- a/windows/client-management/mdm/policy-csp-desktop.md
+++ b/windows/client-management/mdm/policy-csp-desktop.md
@@ -44,6 +44,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -62,7 +63,7 @@ manager: dansimp
-Prevents users from changing the path to their profile folders.
+This policy setting prevents users from changing the path to their profile folders.
By default, a user can change the location of their individual profile folders like Documents, Music etc. by typing a new path in the Locations tab of the folder's Properties dialog box.
@@ -86,3 +87,6 @@ ADMX Info:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-deviceguard.md b/windows/client-management/mdm/policy-csp-deviceguard.md
index 9a718888b1..09369cf747 100644
--- a/windows/client-management/mdm/policy-csp-deviceguard.md
+++ b/windows/client-management/mdm/policy-csp-deviceguard.md
@@ -47,6 +47,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -107,6 +108,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -125,7 +127,7 @@ ADMX Info:
-Turns on virtualization based security(VBS) at the next reboot. virtualization based security uses the Windows Hypervisor to provide support for security services. Value type is integer.
+Turns on virtualization based security(VBS) at the next reboot. Virtualization based security uses the Windows Hypervisor to provide support for security services. Value type is integer.
@@ -156,6 +158,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -207,6 +210,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -224,7 +228,7 @@ The following list shows the supported values:
-Specifies the platform security level at the next reboot. Value type is integer.
+This setting specifies the platform security level at the next reboot. Value type is integer.
@@ -248,4 +252,8 @@ The following list shows the supported values:
-
\ No newline at end of file
+
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md b/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md
index 7a2f5f914a..65ccf2ff72 100644
--- a/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md
+++ b/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md
@@ -45,6 +45,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -69,8 +70,8 @@ DeviceHealthMonitoring is an opt-in health monitoring connection between the dev
The following list shows the supported values:
-- 1—The DeviceHealthMonitoring connection is enabled.
-- 0 (default)—The DeviceHealthMonitoring connection is disabled.
+- 1 -The DeviceHealthMonitoring connection is enabled.
+- 0 - (default)—The DeviceHealthMonitoring connection is disabled.
@@ -92,6 +93,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -138,6 +140,7 @@ IT Pros don't need to set this policy. Instead, Microsoft Intune is expected to
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -156,9 +159,12 @@ IT Pros don't need to set this policy. Instead, Microsoft Intune is expected to
-This policy is applicable only if the [AllowDeviceHealthMonitoring](#devicehealthmonitoring-allowdevicehealthmonitoring) policy has been set to 1 (Enabled) on the device.
+This policy is applicable only if the [AllowDeviceHealthMonitoring](#devicehealthmonitoring-allowdevicehealthmonitoring) policy has been set to 1 (Enabled) on the device.
+
The value of this policy constrains the DeviceHealthMonitoring connection to certain destinations in order to support regional and sovereign cloud scenarios.
-In most cases, an IT Pro doesn't need to define this policy. Instead, it's expected that this value is dynamically managed by Microsoft Intune to align with the region or cloud to which the device's tenant is already linked. Only configure this policy manually if explicitly instructed to do so by a Microsoft device monitoring service.
+In most cases, an IT Pro doesn't need to define this policy. Instead, it's expected that this value is dynamically managed by Microsoft Intune to align with the region or cloud to which the device's tenant is already linked.
+
+Configure this policy manually only when explicitly instructed to do so by a Microsoft device monitoring service.
@@ -178,3 +184,6 @@ In most cases, an IT Pro doesn't need to define this policy. Instead, it's expec
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md
index 0cc81579bc..ee81f379cf 100644
--- a/windows/client-management/mdm/policy-csp-deviceinstallation.md
+++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md
@@ -69,6 +69,7 @@ ms.localizationpriority: medium
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -93,10 +94,12 @@ This policy setting allows you to specify a list of plug-and-play hardware IDs a
> This policy setting is intended to be used only when the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting is enabled, however it may also be used with the "Prevent installation of devices not described by other policy settings" policy setting for legacy policy definitions.
When this policy setting is enabled together with the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting, Windows is allowed to install or update any device whose Plug and Play hardware ID or compatible ID appears in the list you create, unless another policy setting at the same or higher layer in the hierarchy specifically prevents that installation, such as the following policy settings:
-- Prevent installation of devices that match these device IDs
-- Prevent installation of devices that match any of these device instance IDs
+
+- Prevent installation of devices that match these device IDs.
+- Prevent installation of devices that match any of these device instance IDs.
If the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting isn't enabled with this policy setting, then any other policy settings specifically preventing installation will take precedence.
+
> [!NOTE]
> The "Prevent installation of devices not described by other policy settings" policy setting has been replaced by the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting for supported target Windows 10 versions. It's recommended that you use the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting when possible.
@@ -171,6 +174,7 @@ To verify that the policy is applied, check C:\windows\INF\setupapi.dev.log and
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -195,7 +199,8 @@ This policy setting allows you to specify a list of Plug and Play device instanc
> This policy setting is intended to be used only when the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting is enabled, however it may also be used with the "Prevent installation of devices not described by other policy settings" policy setting for legacy policy definitions.
When this policy setting is enabled together with the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting, Windows is allowed to install or update any device whose Plug and Play device instance ID appears in the list you create, unless another policy setting at the same or higher layer in the hierarchy specifically prevents that installation, such as the following policy settings:
-- Prevent installation of devices that match any of these device instance IDs
+
+- Prevent installation of devices that match any of these device instance IDs.
If the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting isn't enabled with this policy setting, then any other policy settings specifically preventing installation will take precedence.
@@ -208,7 +213,6 @@ If you enable this policy setting on a remote desktop server, the policy setting
If you disable or don't configure this policy setting, and no other policy setting describes the device, the "Prevent installation of devices not described by other policy settings" policy setting determines whether the device can be installed.
-
Peripherals can be specified by their [device instance ID](/windows-hardware/drivers/install/device-instance-ids). Test the configuration prior to rolling it out to ensure it allows the devices expected. Ideally test various instances of the hardware. For example, test multiple USB keys rather than only one.
@@ -270,6 +274,7 @@ To verify the policy is applied, check C:\windows\INF\setupapi.dev.log and see i
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -381,6 +386,7 @@ To verify that the policy is applied, check C:\windows\INF\setupapi.dev.log and
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -404,6 +410,7 @@ This policy setting will change the evaluation order in which Allow and Prevent
Device instance IDs > Device IDs > Device setup class > Removable devices
**Device instance IDs**
+
- Prevent installation of devices using drivers that match these device instance IDs.
- Allow installation of devices using drivers that match these device instance IDs.
@@ -459,13 +466,13 @@ ADMX Info:
To verify that the policy is applied, check C:\windows\INF\setupapi.dev.log and see if the following details are listed near the end of the log:
-
```txt
>>> [Device Installation Restrictions Policy Check]
>>> Section start 2018/11/15 12:26:41.659
<<< Section end 2018/11/15 12:26:41.751
<<< [Exit status: SUCCESS]
```
+
You can also change the evaluation order of device installation policy settings by using a custom profile in Intune.
:::image type="content" source="images/edit-row.png" alt-text="This image is an edit row image.":::
@@ -486,6 +493,7 @@ You can also change the evaluation order of device installation policy settings
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -543,6 +551,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -636,6 +645,7 @@ You can also block installation by using a custom profile in Intune.
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -734,6 +744,7 @@ For example, this custom profile blocks installation and usage of USB devices wi
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -811,6 +822,7 @@ For example, this custom profile prevents installation of devices with matching
To prevent installation of devices with matching device instance IDs by using custom profile in Intune:
+
1. Locate the device instance ID.
2. Replace `&` in the device instance IDs with `&`.
For example:
@@ -839,6 +851,7 @@ with
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -929,3 +942,7 @@ To verify the policy is applied, check C:\windows\INF\setupapi.dev.log and see i
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md
index 17f1c7e4b9..39fa89a03f 100644
--- a/windows/client-management/mdm/policy-csp-devicelock.md
+++ b/windows/client-management/mdm/policy-csp-devicelock.md
@@ -7,15 +7,13 @@ ms.prod: w10
ms.technology: windows
author: dansimp
ms.localizationpriority: medium
-ms.date: 05/09/2022
+ms.date: 05/16/2022
ms.reviewer:
manager: dansimp
---
# Policy CSP - DeviceLock
-
-
@@ -73,7 +71,7 @@ manager: dansimp
> [!Important]
-> The DeviceLock CSP utilizes the [Exchange ActiveSync Policy Engine](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn282287(v=ws.11)). When password length and complexity rules are applied, all the local user and administrator accounts are marked to change their password at the next sign in to ensure complexity requirements are met. For additional information, see [Password length and complexity supported by account types](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn282287(v=ws.11)#password-length-and-complexity-supported-by-account-types)).
+> The DeviceLock CSP utilizes the [Exchange ActiveSync Policy Engine](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn282287(v=ws.11)). When password length and complexity rules are applied, all the local user and administrator accounts are marked to change their password at the next sign in to ensure complexity requirements are met. For more information, see [Password length and complexity supported by account types](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn282287(v=ws.11)#password-length-and-complexity-supported-by-account-types).
**DeviceLock/AllowIdleReturnWithoutPassword**
@@ -84,6 +82,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|No|No|
|Education|No|No|
@@ -131,6 +130,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -154,7 +154,6 @@ Specifies whether PINs or passwords such as "1111" or "1234" are allowed. For th
> [!NOTE]
> This policy must be wrapped in an Atomic command.
-
For more information about this policy, see [Exchange ActiveSync Policy Engine Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn282287(v=ws.11)).
@@ -178,6 +177,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -219,6 +219,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -273,6 +274,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -355,6 +357,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -405,6 +408,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -455,6 +459,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -495,6 +500,7 @@ Value type is a string, which is the full image filepath and filename.
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -549,6 +555,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -599,6 +606,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -672,6 +680,7 @@ For more information about this policy, see [Exchange ActiveSync Policy Engine O
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -748,6 +757,7 @@ The following example shows how to set the minimum password length to 4 characte
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -792,6 +802,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -810,7 +821,7 @@ GP Info:
-Disables the lock screen camera toggle switch in PC Settings and prevents a camera from being invoked on the lock screen.
+Disables the lock screen camera toggle-switch in PC Settings and prevents a camera from being invoked on the lock screen.
By default, users can enable invocation of an available camera on the lock screen.
@@ -845,6 +856,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -863,7 +875,7 @@ ADMX Info:
-Disables the lock screen slide show settings in PC Settings and prevents a slide show from playing on the lock screen.
+Disables the lock screen slideshow settings in PC Settings and prevents a slide show from playing on the lock screen.
By default, users can enable a slide show that will run after they lock the machine.
@@ -892,3 +904,7 @@ ADMX Info:
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-display.md b/windows/client-management/mdm/policy-csp-display.md
index f3f60dd44f..25318d988f 100644
--- a/windows/client-management/mdm/policy-csp-display.md
+++ b/windows/client-management/mdm/policy-csp-display.md
@@ -14,8 +14,6 @@ manager: dansimp
# Policy CSP - Display
-
-
@@ -51,6 +49,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -94,6 +93,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -157,6 +157,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -200,6 +201,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -226,7 +228,7 @@ If you enable this policy setting, GDI DPI Scaling is turned off for all applica
If you disable or don't configure this policy setting, GDI DPI Scaling might still be turned on for legacy applications.
-If GDI DPI Scaling is configured to both turn off and turn on an application, the application will be turned off.
+If GDI DPI Scaling is configured to both turn-off and turn-on an application, the application will be turned off.
@@ -258,6 +260,7 @@ To validate on Desktop, do the following tasks:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -284,7 +287,7 @@ If you enable this policy setting, GDI DPI Scaling is turned on for all legacy a
If you disable or don't configure this policy setting, GDI DPI Scaling won't be enabled for an application except when an application is enabled by using ApplicationCompatibility database, ApplicationCompatibility UI System (Enhanced) setting, or an application manifest.
-If GDI DPI Scaling is configured to both turn off and turn on an application, the application will be turned off.
+If GDI DPI Scaling is configured to both turn-off and turn-on an application, the application will be turned off.
@@ -299,8 +302,8 @@ ADMX Info:
To validate on Desktop, do the following tasks:
-1. Configure the setting for an app, which uses GDI.
-2. Run the app and observe crisp text.
+1. Configure the setting for an app, which uses GDI.
+2. Run the app and observe crisp text.
@@ -310,3 +313,6 @@ To validate on Desktop, do the following tasks:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-dmaguard.md b/windows/client-management/mdm/policy-csp-dmaguard.md
index 1258127e5e..648380d02b 100644
--- a/windows/client-management/mdm/policy-csp-dmaguard.md
+++ b/windows/client-management/mdm/policy-csp-dmaguard.md
@@ -14,7 +14,6 @@ manager: dansimp
# Policy CSP - DmaGuard
-
@@ -38,6 +37,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -56,20 +56,20 @@ manager: dansimp
-This policy is intended to provide more security against external DMA capable devices. It allows for more control over the enumeration of external DMA capable devices incompatible with [DMA Remapping](/windows-hardware/drivers/pci/enabling-dma-remapping-for-device-drivers)/device memory isolation and sandboxing.
+This policy is intended to provide more security against external DMA capable devices. It allows for more control over the enumeration of external DMA capable devices that are incompatible with [DMA Remapping](/windows-hardware/drivers/pci/enabling-dma-remapping-for-device-drivers), device memory isolation and sandboxing.
-Device memory sandboxing allows the OS to use the I/O Memory Management Unit (IOMMU) of a device to block unallowed I/O, or memory access, by the peripheral. In other words, the OS assigns a certain memory range to the peripheral. If the peripheral attempts to read/write to memory outside of the assigned range, the OS blocks it.
+Device memory sandboxing allows the OS to use the I/O Memory Management Unit (IOMMU) of a device to block unallowed I/O, or memory access by the peripheral. In other words, the OS assigns a certain memory range to the peripheral. If the peripheral attempts to read/write to memory outside of the assigned range, the OS blocks it.
This policy only takes effect when Kernel DMA Protection is supported and enabled by the system firmware. Kernel DMA Protection is a platform feature that can't be controlled via policy or by end user. It has to be supported by the system at the time of manufacturing. To check if the system supports Kernel DMA Protection, check the Kernel DMA Protection field in the Summary page of MSINFO32.exe.
> [!NOTE]
> This policy does not apply to 1394/Firewire, PCMCIA, CardBus, or ExpressCard devices.
-Supported values:
+The following are the supported values:
0 - Block all (Most restrictive): Devices with DMA remapping compatible drivers will be allowed to enumerate at any time. Devices with DMA remapping incompatible drivers will never be allowed to start and perform DMA at any time.
-1 - Only after log in/screen unlock (Default): Devices with DMA remapping compatible drivers will be allowed to enumerate at any time. Devices with DMA remapping incompatible drivers will only be enumerated after the user unlocks the screen
+1 - Only after log in/screen unlock (Default): Devices with DMA remapping compatible drivers will be allowed to enumerate at any time. Devices with DMA remapping incompatible drivers will only be enumerated after the user unlocks the screen.
2 - Allow all (Least restrictive): All external DMA capable PCIe devices will be enumerated at any time
@@ -94,6 +94,8 @@ ADMX Info:
+
+## Related topics
-
\ No newline at end of file
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-eap.md b/windows/client-management/mdm/policy-csp-eap.md
index 4a50535a07..94c84c45ca 100644
--- a/windows/client-management/mdm/policy-csp-eap.md
+++ b/windows/client-management/mdm/policy-csp-eap.md
@@ -14,7 +14,6 @@ manager: dansimp
# Policy CSP - EAP
-
@@ -38,6 +37,7 @@ manager: dansimp
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -56,7 +56,7 @@ manager: dansimp
-This policy setting is added in Windows 10, version 21H1. Allow or disallow use of TLS 1.3 during EAP client authentication.
+Added in Windows 10, version 21H1. This policy setting allows or disallows use of TLS 1.3 during EAP client authentication.
@@ -69,8 +69,8 @@ ADMX Info:
The following list shows the supported values:
-- 0 – Use of TLS version 1.3 is not allowed for authentication.
+- 0 – Use of TLS version 1.3 is not allowed for authentication.
- 1 (default) – Use of TLS version 1.3 is allowed for authentication.
@@ -81,3 +81,6 @@ The following list shows the supported values:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-education.md b/windows/client-management/mdm/policy-csp-education.md
index f846573eda..edab7bcabf 100644
--- a/windows/client-management/mdm/policy-csp-education.md
+++ b/windows/client-management/mdm/policy-csp-education.md
@@ -14,7 +14,6 @@ manager: dansimp
# Policy CSP - Education
-
@@ -35,7 +34,6 @@ manager: dansimp
-
@@ -47,11 +45,11 @@ manager: dansimp
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
-
@@ -65,7 +63,7 @@ manager: dansimp
-This policy setting allows you to control whether graphing functionality is available in the Windows Calculator app. If you disable this policy setting, graphing functionality won't be accessible in the Windows Calculator app. If you enable or don't configure this policy setting, you'll be able to access graphing functionality.
+This policy setting allows you to control, whether graphing functionality is available in the Windows Calculator app. If you disable this policy setting, graphing functionality won't be accessible in the Windows Calculator app. If you enable or don't configure this policy setting, you'll be able to access graphing functionality.
ADMX Info:
@@ -93,11 +91,11 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
-
@@ -129,6 +127,7 @@ The policy value is expected to be the name (network host name) of an installed
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -178,11 +177,11 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
-
@@ -205,6 +204,8 @@ The policy value is expected to be a `````` separated list of printer na
-
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
index fb0a5f37eb..df2804c31e 100644
--- a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
+++ b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
@@ -14,8 +14,6 @@ manager: dansimp
# Policy CSP - EnterpriseCloudPrint
-
-
@@ -42,7 +40,6 @@ manager: dansimp
-
@@ -54,6 +51,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -71,11 +69,11 @@ manager: dansimp
-Specifies the authentication endpoint for acquiring OAuth tokens. This policy must target ./User, otherwise it fails.
+Specifies the authentication endpoint for acquiring OAuth tokens. This policy must target ./User, otherwise it fails.
-The datatype is a string.
+Supported datatype is string.
-The default value is an empty string. Otherwise, the value should contain the URL of an endpoint. For example, "https://azuretenant.contoso.com/adfs".
+The default value is an empty string. Otherwise, the value should contain the URL of an endpoint. For example, ```https://azuretenant.contoso.com/adfs```.
@@ -91,6 +89,7 @@ The default value is an empty string. Otherwise, the value should contain the UR
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -110,7 +109,7 @@ The default value is an empty string. Otherwise, the value should contain the UR
Specifies the GUID of a client application authorized to retrieve OAuth tokens from the OAuthAuthority. This policy must target ./User, otherwise it fails.
-The datatype is a string.
+Supported datatype is string.
The default value is an empty string. Otherwise, the value should contain a GUID. For example, "E1CF1107-FF90-4228-93BF-26052DD2C714".
@@ -128,6 +127,7 @@ The default value is an empty string. Otherwise, the value should contain a GUID
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -147,7 +147,7 @@ The default value is an empty string. Otherwise, the value should contain a GUID
Specifies the per-user resource URL for which access is requested by the enterprise cloud print client during OAuth authentication. This policy must target ./User, otherwise it fails.
-The datatype is a string.
+Supported datatype is string.
The default value is an empty string. Otherwise, the value should contain a URL. For example, "http://MicrosoftEnterpriseCloudPrint/CloudPrint".
@@ -165,6 +165,7 @@ The default value is an empty string. Otherwise, the value should contain a URL.
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -184,9 +185,9 @@ The default value is an empty string. Otherwise, the value should contain a URL.
Specifies the per-user end point for discovering cloud printers. This policy must target ./User, otherwise it fails.
-The datatype is a string.
+Supported datatype is string.
-The default value is an empty string. Otherwise, the value should contain the URL of an endpoint. For example, "https://cloudprinterdiscovery.contoso.com".
+The default value is an empty string. Otherwise, the value should contain the URL of an endpoint. For example, ```https://cloudprinterdiscovery.contoso.com```.
@@ -202,6 +203,7 @@ The default value is an empty string. Otherwise, the value should contain the UR
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -221,7 +223,7 @@ The default value is an empty string. Otherwise, the value should contain the UR
Defines the maximum number of printers that should be queried from a discovery end point. This policy must target ./User, otherwise it fails.
-The datatype is an integer.
+Supported datatype is integer.
@@ -237,6 +239,7 @@ The datatype is an integer.
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -256,9 +259,9 @@ The datatype is an integer.
Specifies the per-user resource URL for which access is requested by the Mopria discovery client during OAuth authentication. This policy must target ./User, otherwise it fails.
-The datatype is a string.
+Supported datatype is string.
-The default value is an empty string. Otherwise, the value should contain a URL. For example, "http://MopriaDiscoveryService/CloudPrint".
+The default value is an empty string. Otherwise, the value should contain a URL. For example, ```http://MopriaDiscoveryService/CloudPrint```.
@@ -267,3 +270,6 @@ The default value is an empty string. Otherwise, the value should contain a URL.
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-errorreporting.md b/windows/client-management/mdm/policy-csp-errorreporting.md
index 37d4c94e64..720f5cae3c 100644
--- a/windows/client-management/mdm/policy-csp-errorreporting.md
+++ b/windows/client-management/mdm/policy-csp-errorreporting.md
@@ -15,11 +15,11 @@ manager: dansimp
# Policy CSP - ErrorReporting
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -44,7 +44,6 @@ manager: dansimp
-
@@ -56,6 +55,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -83,7 +83,7 @@ If you enable this policy setting, you can add specific event types to a list by
- 2 (Send parameters): Windows Error Reporting automatically sends the minimum data required to check for an existing solution, and Windows prompts the user for consent to send any extra data requested by Microsoft.
-- 3 (Send parameters and safe extra data): Windows Error Reporting automatically sends the minimum data required to check for an existing solution, and data which Windows has determined (within a high probability) doesn't contain personally identifiable data, and prompts the user for consent to send any extra data requested by Microsoft.
+- 3 (Send parameters and safe extra data): Windows Error Reporting automatically sends the minimum data required to check for an existing solution, and data which Windows has determined (within a high probability) doesn't contain personally identifiable data, and prompts the user for consent, to send any extra data requested by Microsoft.
- 4 (Send all data): Any data requested by Microsoft is sent automatically.
@@ -112,6 +112,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -129,7 +130,7 @@ ADMX Info:
-This policy setting turns off Windows Error Reporting, so that reports aren't collected or sent to either Microsoft or internal servers within your organization when software unexpectedly stops working or fails.
+This policy setting turns off Windows Error Reporting, so that reports aren't collected or sent to either Microsoft or internal servers within your organization, when software unexpectedly stops working or fails.
If you enable this policy setting, Windows Error Reporting doesn't send any problem information to Microsoft. Additionally, solution information isn't available in Security and Maintenance in Control Panel.
@@ -158,6 +159,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -175,7 +177,7 @@ ADMX Info:
-This policy setting controls whether users are shown an error dialog box that lets them report an error.
+This policy setting controls, whether users are shown an error dialog box that lets them report an error.
If you enable this policy setting, users are notified in a dialog box that an error has occurred, and can display more details about the error. If the Configure Error Reporting policy setting is also enabled, the user can also report the error.
@@ -208,6 +210,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -225,7 +228,7 @@ ADMX Info:
-This policy setting controls whether extra data in support of error reports can be sent to Microsoft automatically.
+This policy setting controls, whether extra data in support of error reports can be sent to Microsoft automatically.
If you enable this policy setting, any extra data requests from Microsoft in response to a Windows Error Reporting report are automatically declined, without notification to the user.
@@ -254,6 +257,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -293,3 +297,6 @@ ADMX Info:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-eventlogservice.md b/windows/client-management/mdm/policy-csp-eventlogservice.md
index ced6ab68a9..1616de5ece 100644
--- a/windows/client-management/mdm/policy-csp-eventlogservice.md
+++ b/windows/client-management/mdm/policy-csp-eventlogservice.md
@@ -14,8 +14,6 @@ manager: dansimp
# Policy CSP - EventLogService
-
-
@@ -36,7 +34,6 @@ manager: dansimp
-
@@ -48,6 +45,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -65,13 +63,14 @@ manager: dansimp
-This policy setting controls Event Log behavior when the log file reaches its maximum size.
+This policy setting controls Event Log behavior, when the log file reaches its maximum size.
If you enable this policy setting and a log file reaches its maximum size, new events aren't written to the log and are lost.
If you disable or don't configure this policy setting and a log file reaches its maximum size, new events overwrite old events.
-Note: Old events may or may not be retained according to the "Backup log automatically when full" policy setting.
+> [!NOTE]
+> Old events may or may not be retained according to the "Backup log automatically when full" policy setting.
@@ -96,6 +95,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -117,7 +117,7 @@ This policy setting specifies the maximum size of the log file in kilobytes.
If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2,147,483,647 kilobytes) in kilobyte increments.
-If you disable or don't configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog and it defaults to 20 megabytes.
+If you disable or don't configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog, and it defaults to 20 megabytes.
@@ -142,6 +142,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -163,7 +164,7 @@ This policy setting specifies the maximum size of the log file in kilobytes.
If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2,147,483,647 kilobytes) in kilobyte increments.
-If you disable or don't configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog and it defaults to 20 megabytes.
+If you disable or don't configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog, and it defaults to 20 megabytes.
@@ -188,6 +189,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -209,7 +211,7 @@ This policy setting specifies the maximum size of the log file in kilobytes.
If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2,147,483,647 kilobytes) in kilobyte increments.
-If you disable or don't configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog and it defaults to 20 megabytes.
+If you disable or don't configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog, and it defaults to 20 megabytes.
@@ -227,3 +229,6 @@ ADMX Info:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md
index b115b5df8c..ae3ff0f9a6 100644
--- a/windows/client-management/mdm/policy-csp-experience.md
+++ b/windows/client-management/mdm/policy-csp-experience.md
@@ -14,8 +14,6 @@ manager: dansimp
# Policy CSP - Experience
-
-
@@ -99,7 +97,6 @@ manager: dansimp
-
@@ -111,6 +108,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -130,7 +128,7 @@ manager: dansimp
Allows history of clipboard items to be stored in memory.
-Value type is integer. Supported values:
+Supported value type is integer. Supported values are:
- 0 - Not allowed
- 1 - Allowed (default)
@@ -172,6 +170,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -205,8 +204,8 @@ ADMX Info:
The following list shows the supported values:
-- 0 – Not allowed.
-- 1 (default) – Allowed.
+- 0 – Not allowed
+- 1 (default) – Allowed
@@ -222,6 +221,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -249,8 +249,8 @@ Most restricted value is 0.
The following list shows the supported values:
-- 0 – Not allowed.
-- 1 (default) – Allowed.
+- 0 – Not allowed
+- 1 (default) – Allowed
@@ -266,6 +266,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -287,7 +288,7 @@ This policy turns on Find My Device.
When Find My Device is on, the device and its location are registered in the cloud so that the device can be located when the user initiates a Find command from account.microsoft.com. In Windows 10, version 1709 devices that are compatible with active digitizers, enabling Find My Device will also allow the user to view the last location of use of their active digitizer on their device; this location is stored locally on the user's device after each use of their active digitizer.
-When Find My Device is off, the device and its location aren't registered and the Find My Device feature won't work. In Windows 10, version 1709 the user won't be able to view the location of the last use of their active digitizer on their device.
+When Find My Device is off, the device and its location aren't registered, and the Find My Device feature won't work. In Windows 10, version 1709 the user won't be able to view the location of the last use of their active digitizer on their device.
@@ -301,8 +302,8 @@ ADMX Info:
The following list shows the supported values:
-- 0 – Not allowed.
-- 1 (default) – Allowed.
+- 0 – Not allowed
+- 1 (default) – Allowed
@@ -318,6 +319,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -335,20 +337,19 @@ The following list shows the supported values:
-Specifies whether to allow the user to delete the workplace account using the workplace control panel. If the device is Azure Active Directory joined and MDM enrolled (for example, auto-enrolled), then disabling the MDM unenrollment has no effect.
+Specifies whether to allow the user to delete the workplace account using the workplace control panel. If the device is Azure Active Directory-joined and MDM enrolled (for example, auto-enrolled), then disabling the MDM unenrollment has no effect.
> [!NOTE]
> The MDM server can always remotely delete the account.
-
Most restricted value is 0.
The following list shows the supported values:
-- 0 – Not allowed.
-- 1 (default) – Allowed.
+- 0 – Not allowed
+- 1 (default) – Allowed
@@ -377,6 +378,7 @@ This policy is deprecated.
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -423,6 +425,7 @@ This policy is deprecated.
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -459,6 +462,7 @@ Describes what values are supported in by this policy and meaning of each value
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -499,6 +503,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -522,7 +527,7 @@ This policy allows you to prevent Windows from using diagnostic data to provide
Diagnostic data can include browser, app and feature usage, depending on the "Diagnostic and usage data" setting value.
> [!NOTE]
-> This setting doesn't control Cortana cutomized experiences because there are separate policies to configure it.
+> This setting doesn't control Cortana customized experiences because there are separate policies to configure it.
Most restricted value is 0.
@@ -538,8 +543,8 @@ ADMX Info:
The following list shows the supported values:
-- 0 – Not allowed.
-- 1 (default) – Allowed.
+- 0 – Not allowed
+- 1 (default) – Allowed
@@ -555,6 +560,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -575,7 +581,6 @@ The following list shows the supported values:
> [!NOTE]
> This policy is only available for Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education.
-
Specifies whether to allow app and content suggestions from third-party software publishers in Windows spotlight features like lock screen spotlight, suggested apps in the Start menu, and Windows tips. Users may still see suggestions for Microsoft features, apps, and services.
@@ -607,6 +612,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -627,7 +633,6 @@ The following list shows the supported values:
> [!NOTE]
> Prior to Windows 10, version 1803, this policy had User scope.
-
This policy allows IT admins to turn on experiences that are typically for consumers only, such as Start suggestions, Membership notifications, Post-OOBE app install and redirect tiles.
Most restricted value is 0.
@@ -644,8 +649,8 @@ ADMX Info:
The following list shows the supported values:
-- 0 – Not allowed.
-- 1 – Allowed.
+- 0 – Not allowed
+- 1 – Allowed
@@ -661,6 +666,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -681,8 +687,7 @@ The following list shows the supported values:
> [!NOTE]
> This policy is only available for Windows 10 Enterprise and Windows 10 Education.
-
-Specifies whether to turn off all Windows spotlight features at once. If you enable this policy setting, Windows spotlight on lock screen, Windows Tips, Microsoft consumer features and other related features will be turned off. You should enable this policy setting if your goal is to minimize network traffic from target devices. If you disable or don't configure this policy setting, Windows spotlight features are allowed and may be controlled individually using their corresponding policy settings.
+Specifies whether to turn off all Windows spotlight features at once. If you enable this policy setting, Windows spotlight on lock screen, Windows Tips, Microsoft consumer features, and other related features will be turned off. You should enable this policy setting, if your goal is to minimize network traffic from target devices. If you disable or don't configure this policy setting, Windows spotlight features are allowed and may be controlled individually using their corresponding policy settings.
Most restricted value is 0.
@@ -698,8 +703,8 @@ ADMX Info:
The following list shows the supported values:
-- 0 – Not allowed.
-- 1 (default) – Allowed.
+- 0 – Not allowed
+- 1 (default) – Allowed
@@ -715,6 +720,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -749,8 +755,8 @@ ADMX Info:
The following list shows the supported values:
-- 0 – Not allowed.
-- 1 (default) – Allowed.
+- 0 – Not allowed
+- 1 (default) – Allowed
@@ -766,6 +772,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -801,8 +808,8 @@ ADMX Info:
The following list shows the supported values:
-- 0 - Not allowed.
-- 1 - Allowed.
+- 0 - Not allowed
+- 1 - Allowed
@@ -818,6 +825,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -836,7 +844,7 @@ The following list shows the supported values:
-This policy setting lets you turn off the Windows spotlight Windows welcome experience feature.
+This policy setting lets you turn off the Windows spotlight, and Windows welcome experience feature.
The Windows welcome experience feature introduces onboard users to Windows; for example, launching Microsoft Edge with a webpage that highlights new features. If you enable this policy, the Windows welcome experience will no longer be displayed when there are updates and changes to Windows and its apps. If you disable or don't configure this policy, the Windows welcome experience will be launched to inform onboard users about what's new, changed, and suggested.
Most restricted value is 0.
@@ -853,8 +861,8 @@ ADMX Info:
The following list shows the supported values:
-- 0 – Not allowed.
-- 1 (default) – Allowed.
+- 0 – Not allowed
+- 1 (default) – Allowed
@@ -870,6 +878,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -901,8 +910,8 @@ ADMX Info:
The following list shows the supported values:
-- 0 – Disabled.
-- 1 (default) – Enabled.
+- 0 – Disabled
+- 1 (default) – Enabled
@@ -918,6 +927,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|Yes|
|Pro|No|Yes|
+|Windows SE|No|Yes|
|Business|No|No|
|Enterprise|No|Yes|
|Education|No|Yes|
@@ -937,7 +947,7 @@ This policy setting allows you to configure the Chat icon on the taskbar.
-The values for this policy are 0, 1, 2, and 3. This policy defaults to 0 if not enabled.
+The values for this policy are 0, 1, 2, and 3. This policy defaults to 0, if not enabled.
- 0 - Not Configured: The Chat icon will be configured according to the defaults for your Windows edition.
- 1 - Show: The Chat icon will be displayed on the taskbar by default. Users can show or hide it in Settings.
@@ -961,6 +971,7 @@ The values for this policy are 0, 1, 2, and 3. This policy defaults to 0 if not
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -979,10 +990,9 @@ The values for this policy are 0, 1, 2, and 3. This policy defaults to 0 if not
> [!NOTE]
-> This policy is only available for Windows 10 Enterprise and Windows 10 Education.
+> This policy is only available for Windows 10 Enterprise, and Windows 10 Education.
-
-Allows IT admins to specify whether spotlight should be used on the user's lock screen. If your organization doesn't have an Enterprise spotlight content service, then this policy will behave the same as a setting of 1.
+Allows IT admins to specify, whether spotlight should be used on the user's lock screen. If your organization doesn't have an Enterprise spotlight content service, then this policy will behave the same as a setting of 1.
@@ -1012,6 +1022,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1047,8 +1058,8 @@ ADMX Info:
The following list shows the supported values:
-- 0 (default) – Disabled.
-- 1 – Enabled.
+- 0 (default) – Disabled
+- 1 – Enabled
@@ -1064,6 +1075,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1116,6 +1128,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1153,7 +1166,6 @@ Supported values:
- 0 (default) - Allowed/turned on. The "browser" group synchronizes automatically between users' devices and lets users make changes.
- 2 - Prevented/turned off. The "browser" group doesn't use the _Sync your Settings_ option.
-
_**Sync the browser settings automatically**_
Set both **DoNotSyncBrowserSettings** and **PreventUsersFromTurningOnBrowserSyncing** to 0 (Allowed/turned on).
@@ -1190,6 +1202,7 @@ _**Turn syncing off by default but don’t disable**_
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1251,7 +1264,7 @@ _**Prevent syncing of browser settings and let users turn on syncing**_
Validation procedure:
1. Select **More > Settings**.
-1. See if the setting is enabled or disabled based on your selection.
+1. See, if the setting is enabled or disabled based on your selection.
@@ -1267,6 +1280,7 @@ Validation procedure:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1291,7 +1305,7 @@ If you enable this policy setting, the lock option is shown in the User Tile men
If you disable this policy setting, the lock option is never shown in the User Tile menu.
-If you don't configure this policy setting, the lock option is shown in the User Tile menu. Users can choose if they want to show the lock in the user tile menu from the Power Options control panel.
+If you don't configure this policy setting, the lock option is shown in the User Tile menu. Users can choose, if they want to show the lock in the user tile menu from the Power Options control panel.
@@ -1317,5 +1331,8 @@ Supported values:
-
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-exploitguard.md b/windows/client-management/mdm/policy-csp-exploitguard.md
index 549a130038..80582e1ec2 100644
--- a/windows/client-management/mdm/policy-csp-exploitguard.md
+++ b/windows/client-management/mdm/policy-csp-exploitguard.md
@@ -14,8 +14,6 @@ manager: dansimp
# Policy CSP - ExploitGuard
-
-
@@ -27,7 +25,6 @@ manager: dansimp
-
@@ -39,6 +36,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -101,4 +99,8 @@ Here is an example:
-
\ No newline at end of file
+
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-feeds.md b/windows/client-management/mdm/policy-csp-feeds.md
index b6ae2e95c6..f8a8f5eea5 100644
--- a/windows/client-management/mdm/policy-csp-feeds.md
+++ b/windows/client-management/mdm/policy-csp-feeds.md
@@ -14,7 +14,6 @@ manager: dansimp
# Policy CSP - Feeds
-
@@ -26,7 +25,6 @@ manager: dansimp
-
@@ -38,6 +36,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -55,7 +54,7 @@ manager: dansimp
-This policy setting specifies whether news and interests is allowed on the device.
+This policy setting specifies, whether news and interests is allowed on the device.
The values for this policy are 1 and 0. This policy defaults to 1.
@@ -77,3 +76,6 @@ ADMX Info:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-fileexplorer.md b/windows/client-management/mdm/policy-csp-fileexplorer.md
index 3599a3ce1a..b46e93af9c 100644
--- a/windows/client-management/mdm/policy-csp-fileexplorer.md
+++ b/windows/client-management/mdm/policy-csp-fileexplorer.md
@@ -15,11 +15,11 @@ manager: dansimp
# Policy CSP - FileExplorer
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -28,14 +28,129 @@ manager: dansimp
## FileExplorer policies
+
+
+
+**FileExplorer/AllowOptionToShowNetwork**
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+
+This policy allows the user with an option to show the network folder when restricted.
+
+
+
+
+The following list shows the supported values:
+
+- 0 - Disabled
+- 1 (default) - Enabled
+
+
+
+
+ADMX Info:
+- GP Friendly name: *Allow the user the option to show Network folder when restricted*
+- GP name: *AllowOptionToShowNetwork*
+- GP path: *File Explorer*
+- GP ADMX file name: *Explorer.admx*
+
+
+
+
+
+
+
+**FileExplorer/AllowOptionToShowThisPC**
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
+
+
+
+
+This policy allows the user with an option to show this PC location when restricted.
+
+
+
+
+The following list shows the supported values:
+
+- 0 - Disabled
+- 1 (default) - Enabled
+
+
+
+
+ADMX Info:
+- GP Friendly name: *Allow the user the option to show Network folder when restricted*
+- GP name: *AllowOptionToShowThisPC*
+- GP path: *File Explorer*
+- GP ADMX file name: *Explorer.admx*
+
+
+
@@ -48,6 +163,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -90,6 +206,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -109,6 +226,8 @@ ADMX Info:
Disabling heap termination on corruption can allow certain legacy plug-in applications to function without terminating Explorer immediately, although Explorer may still terminate unexpectedly later.
+
+
ADMX Info:
- GP Friendly name: *Turn off heap termination on corruption*
@@ -120,5 +239,120 @@ ADMX Info:
+
+**FileExplorer/SetAllowedFolderLocations**
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
+
+
+
+
+
+This policy configures the folders that the user can enumerate and access in the File Explorer.
+
+
+
+
+The following list shows the supported values:
+
+- 0: All folders
+- 15:Desktop, Documents, Pictures, and Downloads
+- 31:Desktop, Documents, Pictures, Downloads, and Network
+- 47:This PC (local drive), [Desktop, Documents, Pictures], and Downloads
+- 63:This PC, [Desktop, Documents, Pictures], Downloads, and Network
+
+
+
+
+ADMX Info:
+- GP Friendly name: *Configure which folders the user can enumerate and access to in File Explorer*
+- GP name: *SetAllowedFolderLocations*
+- GP path: *File Explorer*
+- GP ADMX file name: *Explorer.admx*
+
+
+
+
+
+
+
+**FileExplorer/SetAllowedStorageLocations**
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
+
+
+
+
+
+This policy configures the folders that the user can enumerate and access in the File Explorer.
+
+
+
+
+The following list shows the supported values:
+
+- 0: all storage locations
+- 1: Removable Drives
+- 2: Sync roots
+- 3: Removable Drives, Sync roots, local drive
+
+
+
+
+ADMX Info:
+- GP Friendly name: *Configure which folders the user can enumerate and access to in File Explorer*
+- GP name: *SetAllowedStorageLocations*
+- GP path: *File Explorer*
+- GP ADMX file name: *Explorer.admx*
+
+
+
+
+
+
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-games.md b/windows/client-management/mdm/policy-csp-games.md
index 8f26e60ff4..e6fde52f63 100644
--- a/windows/client-management/mdm/policy-csp-games.md
+++ b/windows/client-management/mdm/policy-csp-games.md
@@ -14,8 +14,6 @@ manager: dansimp
# Policy CSP - Games
-
-
@@ -27,7 +25,6 @@ manager: dansimp
-
@@ -39,6 +36,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -56,7 +54,9 @@ manager: dansimp
-Added in Windows 10, version 1709. Specifies whether advanced gaming services can be used. These services may send data to Microsoft or publishers of games that use these services. Value type is integer.
+Added in Windows 10, version 1709. Specifies whether advanced gaming services can be used. These services may send data to Microsoft or publishers of games that use these services.
+
+Supported value type is integer.
@@ -72,3 +72,6 @@ The following list shows the supported values:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-handwriting.md b/windows/client-management/mdm/policy-csp-handwriting.md
index c2b205ad92..8602af165b 100644
--- a/windows/client-management/mdm/policy-csp-handwriting.md
+++ b/windows/client-management/mdm/policy-csp-handwriting.md
@@ -14,8 +14,6 @@ manager: dansimp
# Policy CSP - Handwriting
-
-
@@ -27,7 +25,6 @@ manager: dansimp
-
@@ -39,6 +36,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -60,9 +58,9 @@ This policy allows an enterprise to configure the default mode for the handwriti
The handwriting panel has two modes - floats near the text box, or docked to the bottom of the screen. The default configuration is the one floating near text box. If you want the panel to be fixed or docked, use this policy to fix it to the bottom of the screen.
-In floating mode, the content is hidden behind a flying-in panel and results in end-user dissatisfaction. The end-user will need to drag the flying-in panel to see the rest of the content. In the fixed mode, the flying-in panel is fixed to the bottom of the screen and doesn't require any user interaction.
+In floating mode, the content is hidden behind a flying-in panel and results in end-user dissatisfaction. The end-user will need to drag the flying-in panel, to see the rest of the content. In the fixed mode, the flying-in panel is fixed to the bottom of the screen and doesn't require any user interaction.
-The docked mode is especially useful in Kiosk mode where you don't expect the end-user to drag the flying-in panel out of the way.
+The docked mode is especially useful in Kiosk mode, where you don't expect the end-user to drag the flying-in panel out of the way.
@@ -85,3 +83,7 @@ The following list shows the supported values:
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-humanpresence.md b/windows/client-management/mdm/policy-csp-humanpresence.md
index 9ce283864c..8b672ccbbf 100644
--- a/windows/client-management/mdm/policy-csp-humanpresence.md
+++ b/windows/client-management/mdm/policy-csp-humanpresence.md
@@ -14,8 +14,6 @@ manager: dansimp
# Policy CSP - HumanPresence
-
-
@@ -33,7 +31,6 @@ manager: dansimp
-
@@ -45,6 +42,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|No|Yes|
|Education|No|Yes|
@@ -62,7 +60,7 @@ manager: dansimp
-This policy specifies whether the device can lock when a human presence sensor detects a human.
+This policy specifies, whether the device can lock when a human presence sensor detects a human.
@@ -79,7 +77,7 @@ The following list shows the supported values:
- 2 = ForcedOff
- 1 = ForcedOn
- 0 = DefaultToUserChoice
-- Defaults to 0.
+- Defaults to 0
@@ -94,6 +92,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|No|Yes|
|Education|No|Yes|
@@ -111,7 +110,7 @@ The following list shows the supported values:
-This policy specifies whether the device can lock when a human presence sensor detects a human.
+This policy specifies, whether the device can lock when a human presence sensor detects a human.
@@ -128,7 +127,7 @@ The following list shows the supported values:
- 2 = ForcedOff
- 1 = ForcedOn
- 0 = DefaultToUserChoice
-- Defaults to 0.
+- Defaults to 0
@@ -143,6 +142,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|No|Yes|
|Education|No|Yes|
@@ -160,7 +160,7 @@ The following list shows the supported values:
-This policy specifies at what distance the sensor wakes up when it sees a human in seconds.
+This policy specifies, at what distance the sensor wakes up when it sees a human in seconds.
@@ -172,7 +172,7 @@ ADMX Info:
-Integer value that specifies whether the device can lock when a human presence sensor detects a human.
+Integer value that specifies, whether the device can lock when a human presence sensor detects a human.
The following list shows the supported values:
@@ -188,3 +188,6 @@ The following list shows the supported values:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md
index a4b2b54bee..1f621319a6 100644
--- a/windows/client-management/mdm/policy-csp-internetexplorer.md
+++ b/windows/client-management/mdm/policy-csp-internetexplorer.md
@@ -13,8 +13,6 @@ manager: dansimp
# Policy CSP - InternetExplorer
-
-
@@ -803,11 +801,11 @@ manager: dansimp
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -820,6 +818,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -840,9 +839,12 @@ manager: dansimp
This policy setting allows you to add a specific list of search providers to the user's default list of search providers. Normally, search providers can be added from third-party toolbars or in Setup. The user can also add a search provider from the provider's website.
-If you enable this policy setting, the user can add and remove search providers, but only from the set of search providers specified in the list of policy keys for search providers (found under [HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\SearchScopes]). Note: This list can be created from a custom administrative template file. For information about creating this custom administrative template file, see the Internet Explorer documentation on search providers.
+If you enable this policy setting, the user can add and remove search providers, but only from the set of search providers specified in the list of policy keys for search providers (found under [HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\SearchScopes]).
-If you disable or do not configure this policy setting, the user can configure their list of search providers unless another policy setting restricts such configuration.
+> [!NOTE]
+> This list can be created from a custom administrative template file. For information about creating this custom administrative template file, see the Internet Explorer documentation on search providers.
+
+If you disable or do not configure this policy setting, the user can configure their list of search providers, unless another policy setting restricts such configuration.
@@ -867,6 +869,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -885,7 +888,7 @@ ADMX Info:
-This policy setting controls the ActiveX Filtering feature for websites that are running ActiveX controls. The user can choose to turn off ActiveX Filtering for specific websites so that ActiveX controls can run properly.
+This policy setting controls the ActiveX Filtering feature for websites that are running ActiveX controls. The user can choose to turn off ActiveX Filtering for specific websites, so that ActiveX controls can run properly.
If you enable this policy setting, ActiveX Filtering is enabled by default for the user. The user cannot turn off ActiveX Filtering, although they may add per-site exceptions.
@@ -914,6 +917,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -938,11 +942,11 @@ This list can be used with the 'Deny all add-ons unless specifically allowed in
If you enable this policy setting, you can enter a list of add-ons to be allowed or denied by Internet Explorer. For each entry that you add to the list, enter the following information:
-Name of the Value - the CLSID (class identifier) for the add-on you wish to add to the list. The CLSID should be in brackets for example, ‘{000000000-0000-0000-0000-0000000000000}'. The CLSID for an add-on can be obtained by reading the OBJECT tag from a Web page on which the add-on is referenced.
+- Name of the Value - the CLSID (class identifier) for the add-on you wish to add to the list. The CLSID should be in brackets for example, ‘{000000000-0000-0000-0000-0000000000000}'. The CLSID for an add-on can be obtained by reading the OBJECT tag from a Web page on which the add-on is referenced.
-Value - A number indicating whether Internet Explorer should deny or allow the add-on to be loaded. To specify that an add-on should be denied enter a 0 (zero) into this field. To specify that an add-on should be allowed, enter a 1 (one) into this field. To specify that an add-on should be allowed and also permit the user to manage the add-on through Add-on Manager, enter a 2 (two) into this field.
+- Value - A number indicating whether Internet Explorer should deny or allow the add-on to be loaded. To specify that an add-on should be denied, enter a 0 (zero) into this field. To specify that an add-on should be allowed, enter a 1 (one) into this field. To specify that an add-on should be allowed and also permit the user to manage the add-on through Add-on Manager, enter a 2 (two) into this field.
-If you disable this policy setting, the list is deleted. The 'Deny all add-ons unless specifically allowed in the Add-on List' policy setting will still determine whether add-ons not in this list are assumed to be denied.
+If you disable this policy setting, the list is deleted. The 'Deny all add-ons unless specifically allowed in the Add-on List' policy setting will determine, whether add-ons not in this list are assumed to be denied.
@@ -967,6 +971,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -988,7 +993,7 @@ This AutoComplete feature can remember and suggest User names and passwords on F
If you enable this setting, the user cannot change "User name and passwords on forms" or "prompt me to save passwords". The Auto Complete feature for User names and passwords on Forms will be turned on. You have to decide whether to select "prompt me to save passwords".
-If you disable this setting the user cannot change "User name and passwords on forms" or "prompt me to save passwords". The Auto Complete feature for User names and passwords on Forms is turned off. The user also cannot opt to be prompted to save passwords.
+If you disable this setting, the user cannot change "User name and passwords on forms" or "prompt me to save passwords". The Auto Complete feature for User names and passwords on Forms is turned off. The user also cannot opt to be prompted to save passwords.
If you do not configure this setting, the user has the freedom of turning on Auto complete for User name and passwords on forms and the option of prompting to save passwords. To display this option, the users open the Internet Options dialog box, click the Contents Tab and click the Settings button.
@@ -1015,6 +1020,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1033,7 +1039,7 @@ ADMX Info:
-This policy setting allows you to turn on the certificate address mismatch security warning. When this policy setting is turned on, the user is warned when visiting Secure HTTP (HTTPS) websites that present certificates issued for a different website address. This warning helps prevent spoofing attacks.
+This policy setting allows you to turn on the certificate address mismatch security warning. When this policy setting is turned on, the user is warned, when visiting Secure HTTP (HTTPS) websites that present certificates issued for a different website address. This warning helps prevent spoofing attacks.
If you enable this policy setting, the certificate address mismatch warning always appears.
@@ -1062,6 +1068,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1113,6 +1120,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1162,6 +1170,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1180,7 +1189,7 @@ ADMX Info:
-This policy setting allows Internet Explorer to provide enhanced suggestions as the user types in the Address bar. To provide enhanced suggestions, the user's keystrokes are sent to Microsoft through Microsoft services.
+This policy setting allows Internet Explorer to provide enhanced suggestions, as the user types in the Address bar. To provide enhanced suggestions, the user's keystrokes are sent to Microsoft through Microsoft services.
If you enable this policy setting, users receive enhanced suggestions while typing in the Address bar. In addition, users cannot change the Suggestions setting on the Settings charm.
@@ -1222,6 +1231,7 @@ Supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1240,7 +1250,7 @@ Supported values:
-This policy setting lets you decide whether users can turn on Enterprise Mode for websites with compatibility issues. Optionally, this policy also lets you specify where to get reports (through post messages) about the websites for which users turn on Enterprise Mode using the Tools menu.
+This policy setting lets you decide whether users can turn on Enterprise Mode for websites with compatibility issues. Optionally, this policy also lets you specify where to get reports (through post messages) about the websites for which users turn on Enterprise Mode, using the Tools menu.
If you turn this setting on, users can see and use the Enterprise Mode option from the Tools menu. If you turn this setting on, but don't specify a report location, Enterprise Mode will still be available to your users, but you won't get any reports.
@@ -1269,6 +1279,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1316,6 +1327,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1333,7 +1345,7 @@ ADMX Info:
-This policy setting allows you to block an insecure fallback to SSL 3.0. When this policy is enabled, Internet Explorer will attempt to connect to sites using SSL 3.0 or below when TLS 1.0 or greater fails.
+This policy setting allows you to block an insecure fallback to SSL 3.0. When this policy is enabled, Internet Explorer will attempt to connect to sites using SSL 3.0 or below, when TLS 1.0 or greater fails.
We recommend that you do not allow insecure fallback in order to prevent a man-in-the-middle attack.
@@ -1364,6 +1376,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1411,6 +1424,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1429,7 +1443,7 @@ ADMX Info:
-This policy setting controls how Internet Explorer displays local intranet content. Intranet content is defined as any webpage that belongs to the local intranet security zone.
+This policy setting controls, how Internet Explorer displays local intranet content. Intranet content is defined as any webpage that belongs to the local intranet security zone.
If you enable this policy setting, Internet Explorer uses the current user agent string for local intranet content. Additionally, all local intranet Standards Mode pages appear in the Standards Mode available with the latest version of Internet Explorer. The user cannot change this behavior through the Compatibility View Settings dialog box.
@@ -1460,6 +1474,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1478,7 +1493,7 @@ ADMX Info:
-This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.
+This template policy setting allows you to configure policy settings in this zone consistent with a selected security level. For example, Low, Medium Low, Medium, or High.
If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.
@@ -1486,9 +1501,11 @@ If you disable this template policy setting, no security level is configured.
If you do not configure this template policy setting, no security level is configured.
-Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
+> [!NOTE]
+> Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
-Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
+> [!NOTE]
+> It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
@@ -1513,6 +1530,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1531,7 +1549,7 @@ ADMX Info:
-This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.
+This template policy setting allows you to configure policy settings in this zone, consistent with a selected security level. For example, Low, Medium Low, Medium, or High.
If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.
@@ -1539,9 +1557,11 @@ If you disable this template policy setting, no security level is configured.
If you do not configure this template policy setting, no security level is configured.
-Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
+> [!NOTE]
+> Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
-Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
+> [!NOTE]
+> It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
@@ -1566,6 +1586,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1584,7 +1605,7 @@ ADMX Info:
-This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.
+This template policy setting allows you to configure policy settings in this zone consistent with a selected security level. For example, Low, Medium Low, Medium, or High.
If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.
@@ -1592,9 +1613,11 @@ If you disable this template policy setting, no security level is configured.
If you do not configure this template policy setting, no security level is configured.
-Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
+> [!NOTE]
+> Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
-Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
+> [!NOTE]
+> It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
@@ -1619,6 +1642,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1637,7 +1661,7 @@ ADMX Info:
-This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.
+This template policy setting allows you to configure policy settings in this zone consistent with a selected security level. For example, Low, Medium Low, Medium, or High.
If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.
@@ -1645,9 +1669,11 @@ If you disable this template policy setting, no security level is configured.
If you do not configure this template policy setting, no security level is configured.
-Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
+> [!NOTE]
+> Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
-Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
+> [!NOTE]
+> It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
@@ -1672,6 +1698,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1690,7 +1717,7 @@ ADMX Info:
-This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.
+This template policy setting allows you to configure policy settings in this zone consistent with a selected security level. For example, Low, Medium Low, Medium, or High.
If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.
@@ -1698,9 +1725,11 @@ If you disable this template policy setting, no security level is configured.
If you do not configure this template policy setting, no security level is configured.
-Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
+> [!NOTE]
+> Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
-Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
+> [!NOTE]
+> It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
@@ -1725,6 +1754,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1743,7 +1773,7 @@ ADMX Info:
-This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.
+This template policy setting allows you to configure policy settings in this zone consistent with a selected security level. For example, Low, Medium Low, Medium, or High.
If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.
@@ -1751,9 +1781,11 @@ If you disable this template policy setting, no security level is configured.
If you do not configure this template policy setting, no security level is configured.
-Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
+> [!NOTE]
+> Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
-Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
+> [!NOTE]
+> It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
@@ -1778,6 +1810,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1796,7 +1829,7 @@ ADMX Info:
-This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.
+This template policy setting allows you to configure policy settings in this zone consistent with a selected security level. For example, Low, Medium Low, Medium, or High.
If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.
@@ -1804,9 +1837,11 @@ If you disable this template policy setting, no security level is configured.
If you do not configure this template policy setting, no security level is configured.
-Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
+> [!NOTE]
+> Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
-Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
+> [!NOTE]
+> It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
@@ -1831,6 +1866,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1878,6 +1914,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1936,6 +1973,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1956,13 +1994,19 @@ ADMX Info:
This policy setting allows you to manage a list of sites that you want to associate with a particular security zone. These zone numbers have associated security settings that apply to all of the sites in the zone.
-Internet Explorer has 4 security zones, numbered 1-4, and these are used by this policy setting to associate sites to zones. They are: (1) Intranet zone, (2) Trusted Sites zone, (3) Internet zone, and (4) Restricted Sites zone. Security settings can be set for each of these zones through other policy settings, and their default settings are: Trusted Sites zone (Medium template), Intranet zone (Medium-Low template), Internet zone (Medium-high template), and Restricted Sites zone (High template). (The Local Machine zone and its locked down equivalent have special security settings that protect your local computer.)
+Internet Explorer has 4 security zones, numbered 1-4, and these are used by this policy setting to associate sites to zones. They are:
+1. Intranet zone
+1. Trusted Sites zone
+1. Internet zone
+1. Restricted Sites zone
-If you enable this policy setting, you can enter a list of sites and their related zone numbers. The association of a site with a zone will ensure that the security settings for the specified zone are applied to the site. For each entry that you add to the list, enter the following information:
+Security settings can be set for each of these zones through other policy settings, and their default settings are: Trusted Sites zone (Medium template), Intranet zone (Medium-Low template), Internet zone (Medium-high template), and Restricted Sites zone (High template). (The Local Machine zone and its locked down equivalent have special security settings that protect your local computer.)
-Valuename – A host for an intranet site, or a fully qualified domain name for other sites. The valuename may also include a specific protocol. For example, if you enter `` as the valuename, other protocols are not affected. If you enter just `www.contoso.com,` then all protocols are affected for that site, including http, https, ftp, and so on. The site may also be expressed as an IP address (e.g., 127.0.0.1) or range (e.g., 127.0.0.1-10). To avoid creating conflicting policies, do not include additional characters after the domain such as trailing slashes or URL path. For example, policy settings for `www.contoso.com` and `www.contoso.com/mail` would be treated as the same policy setting by Internet Explorer, and would therefore be in conflict.
+If you enable this policy setting, you can enter a list of sites and their related zone numbers. The association of a site with a zone will ensure that the security settings for the specified zone are applied to the site. For each entry that you add to the list, enter the following information:
-Value - A number indicating the zone with which this site should be associated for security settings. The Internet Explorer zones described above are 1-4.
+- Valuename – A host for an intranet site, or a fully qualified domain name for other sites. The valuename may also include a specific protocol. For example, if you enter `` as the valuename, other protocols are not affected. If you enter just `www.contoso.com,` then all protocols are affected for that site, including http, https, ftp, and so on. The site may also be expressed as an IP address (e.g., 127.0.0.1) or range (e.g., 127.0.0.1-10). To avoid creating conflicting policies, do not include additional characters after the domain such as trailing slashes or URL path. For example, policy settings for `www.contoso.com` and `www.contoso.com/mail` would be treated as the same policy setting by Internet Explorer, and would therefore be in conflict.
+
+- Value - A number indicating the zone with which this site should be associated for security settings. The Internet Explorer zones described above are 1-4.
If you disable or do not configure this policy, users may choose their own site-to-zone assignments.
@@ -2019,6 +2063,7 @@ Value and index pairs in the SyncML example:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2068,6 +2113,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2086,7 +2132,7 @@ ADMX Info:
-This policy setting controls the Suggested Sites feature, which recommends websites based on the user’s browsing activity. Suggested Sites reports a user’s browsing history to Microsoft to suggest sites that the user might want to visit.
+This policy setting controls the Suggested Sites feature, which recommends websites based on the user’s browsing activity. Suggested Sites reports a user’s browsing history to Microsoft, to suggest sites that the user might want to visit.
If you enable this policy setting, the user is not prompted to enable Suggested Sites. The user’s browsing history is sent to Microsoft to produce suggestions.
@@ -2117,6 +2163,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2135,7 +2182,7 @@ ADMX Info:
-This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.
+This template policy setting allows you to configure policy settings in this zone consistent with a selected security level. For example, Low, Medium Low, Medium, or High.
If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.
@@ -2143,9 +2190,11 @@ If you disable this template policy setting, no security level is configured.
If you do not configure this template policy setting, no security level is configured.
-Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
+> [!NOTE]
+> Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
-Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
+> [!NOTE]
+> It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
@@ -2170,6 +2219,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2188,7 +2238,7 @@ ADMX Info:
-This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.
+This template policy setting allows you to configure policy settings in this zone consistent with a selected security level. For example, Low, Medium Low, Medium, or High.
If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.
@@ -2196,9 +2246,11 @@ If you disable this template policy setting, no security level is configured.
If you do not configure this template policy setting, no security level is configured.
-Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
+> [!NOTE]
+> Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
-Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
+> [!NOTE]
+> It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
@@ -2223,6 +2275,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2241,7 +2294,7 @@ ADMX Info:
-This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.
+This template policy setting allows you to configure policy settings in this zone consistent with a selected security level. For example, Low, Medium Low, Medium, or High.
If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.
@@ -2249,9 +2302,11 @@ If you disable this template policy setting, no security level is configured.
If you do not configure this template policy setting, no security level is configured.
-Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
+> [!NOTE]
+> Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
-Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
+> [!NOTE]
+> It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
@@ -2276,6 +2331,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2325,6 +2381,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2343,7 +2400,7 @@ ADMX Info:
-This policy setting allows you to manage whether Internet Explorer checks for digital signatures (which identifies the publisher of signed software and verifies it hasn't been modified or tampered with) on user computers before downloading executable programs.
+This policy setting allows you to manage whether Internet Explorer checks for digital signatures (which identifies the publisher of signed software, and verifies it hasn't been modified or tampered with) on user computers before downloading executable programs.
If you enable this policy setting, Internet Explorer will check the digital signatures of executable programs and display their identities before downloading them to user computers.
@@ -2373,6 +2430,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2396,21 +2454,21 @@ Enables you to configure up to three versions of Microsoft Edge to open a redire
If both the Windows Update for the next version of Microsoft Edge* and Microsoft Edge Stable channel are installed, the following behaviors occur:
- If you enable this policy, you can configure redirected sites to open in up to three of the following channels where:
- 1 = Microsoft Edge Stable
- 2 = Microsoft Edge Beta version 77 or later
- 3 = Microsoft Edge Dev version 77 or later
- 4 = Microsoft Edge Canary version 77 or later
+ - 1 = Microsoft Edge Stable
+ - 2 = Microsoft Edge Beta version 77 or later
+ - 3 = Microsoft Edge Dev version 77 or later
+ - 4 = Microsoft Edge Canary version 77 or later
- If you disable or do not configure this policy, Microsoft Edge Stable channel is used. This is the default behavior.
If the Windows Update for the next version of Microsoft Edge* or Microsoft Edge Stable channel are not installed, the following behaviors occur:
- If you enable this policy, you can configure redirected sites to open in up to three of the following channels where:
- 0 = Microsoft Edge version 45 or earlier
- 1 = Microsoft Edge Stable
- 2 = Microsoft Edge Beta version 77 or later
- 3 = Microsoft Edge Dev version 77 or later
- 4 = Microsoft Edge Canary version 77 or later
+ - 0 = Microsoft Edge version 45 or earlier
+ - 1 = Microsoft Edge Stable
+ - 2 = Microsoft Edge Beta version 77 or later
+ - 3 = Microsoft Edge Dev version 77 or later
+ - 4 = Microsoft Edge Canary version 77 or later
- If you disable or do not configure this policy, Microsoft Edge version 45 or earlier is automatically used. This is the default behavior.
@@ -2642,6 +2700,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2662,7 +2721,7 @@ ADMX Info:
Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a Web server.
-This policy setting determines whether Internet Explorer requires that all file-type information provided by Web servers be consistent. For example, if the MIME type of a file is text/plain but the MIME sniff indicates that the file is really an executable file, Internet Explorer renames the file by saving it in the Internet Explorer cache and changing its extension.
+This policy setting determines, whether Internet Explorer requires that all file-type information provided by Web servers be consistent. For example, if the MIME type of a file is text/plain, but the MIME sniff indicates that the file is really an executable file, then Internet Explorer renames the file by saving it in the Internet Explorer cache and changing its extension.
If you enable this policy setting, Internet Explorer requires consistent MIME data for all received files.
@@ -2693,6 +2752,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2713,7 +2773,7 @@ ADMX Info:
This setting determines whether IE automatically downloads updated versions of Microsoft’s VersionList.XML. IE uses this file to determine whether an ActiveX control should be stopped from loading.
> [!Caution]
-> If you enable this setting, IE stops downloading updated versions of VersionList.XML. Turning off this automatic download breaks the [out-of-date ActiveX control blocking feature](/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking) by not letting the version list update with newly outdated controls, potentially compromising the security of your computer.
+> If you enable this setting, IE stops downloading updated versions of VersionList.XML. Turning off this automatic download, breaks the [out-of-date ActiveX control blocking feature](/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking) by not letting the version list update with newly outdated controls, potentially compromising the security of your computer.
If you disable or do not configure this setting, IE continues to download updated versions of VersionList.XML.
@@ -2751,6 +2811,7 @@ Supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2800,6 +2861,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2847,6 +2909,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2894,6 +2957,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2952,6 +3016,7 @@ Supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2970,7 +3035,10 @@ Supported values:
-This setting specifies the number of days that Internet Explorer tracks views of pages in the History List. To access the Temporary Internet Files and History Settings dialog box, from the Menu bar, on the Tools menu, click Internet Options, click the General tab, and then click Settings under Browsing history.
+This setting specifies the number of days that Internet Explorer tracks views of pages in the History List. To access the Temporary Internet Files and History Settings dialog box, do the following:
+
+1. From the Menu bar, on the Tools menu, click Internet Options.
+1. Click the General tab, and then click Settings under Browsing history.
If you enable this policy setting, a user cannot set the number of days that Internet Explorer tracks views of the pages in the History List. You must specify the number of days that Internet Explorer tracks views of pages in the History List. Users can not delete browsing history.
@@ -2999,6 +3067,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3046,6 +3115,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3095,6 +3165,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3146,6 +3217,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3193,6 +3265,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3217,7 +3290,8 @@ If you enable this policy setting, the browser negotiates or does not negotiate
If you disable or do not configure this policy setting, the user can select which encryption method the browser supports.
-Note: SSL 2.0 is off by default and is no longer supported starting with Windows 10 Version 1607. SSL 2.0 is an outdated security protocol, and enabling SSL 2.0 impairs the performance and functionality of TLS 1.0.
+> [!NOTE]
+> SSL 2.0 is off by default and is no longer supported starting with Windows 10 Version 1607. SSL 2.0 is an outdated security protocol, and enabling SSL 2.0 impairs the performance and functionality of TLS 1.0.
@@ -3242,6 +3316,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3300,6 +3375,7 @@ Supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3318,7 +3394,7 @@ Supported values:
-This policy setting prevents Internet Explorer from running the First Run wizard the first time a user starts the browser after installing Internet Explorer or Windows.
+This policy setting prevents Internet Explorer from running the First Run wizard, the first time a user starts the browser after installing Internet Explorer or Windows.
If you enable this policy setting, you must make one of the following choices:
- Skip the First Run wizard, and go directly to the user's home page.
@@ -3326,7 +3402,7 @@ If you enable this policy setting, you must make one of the following choices:
Starting with Windows 8, the "Welcome to Internet Explorer" webpage is not available. The user's home page will display regardless of which option is chosen.
-If you disable or do not configure this policy setting, Internet Explorer may run the First Run wizard the first time the browser is started after installation.
+If you disable or do not configure this policy setting, Internet Explorer may run the First Run wizard, the first time the browser is started after installation.
@@ -3351,6 +3427,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3402,6 +3479,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3462,6 +3540,7 @@ Supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3506,6 +3585,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3578,6 +3658,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3625,6 +3706,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3676,6 +3758,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3694,13 +3777,14 @@ ADMX Info:
-This policy setting determines whether Internet Explorer 11 uses 64-bit processes (for greater security) or 32-bit processes (for greater compatibility) when running in Enhanced Protected Mode on 64-bit versions of Windows.
+This policy setting determines whether Internet Explorer 11 uses 64-bit processes (for greater security) or 32-bit processes (for greater compatibility), when running in Enhanced Protected Mode on 64-bit versions of Windows.
-Important: Some ActiveX controls and toolbars may not be available when 64-bit processes are used.
+> [!IMPORTANT]
+> Some ActiveX controls and toolbars may not be available when 64-bit processes are used.
-If you enable this policy setting, Internet Explorer 11 will use 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows.
+If you enable this policy setting, Internet Explorer 11 will use 64-bit tab processes, when running in Enhanced Protected Mode on 64-bit versions of Windows.
-If you disable this policy setting, Internet Explorer 11 will use 32-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows.
+If you disable this policy setting, Internet Explorer 11 will use 32-bit tab processes, when running in Enhanced Protected Mode on 64-bit versions of Windows.
If you don't configure this policy setting, users can turn this feature on or off using Internet Explorer settings. This feature is turned off by default.
@@ -3727,6 +3811,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3774,6 +3859,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3821,6 +3907,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3845,7 +3932,8 @@ If you enable this policy setting, you can specify which default home pages shou
If you disable or do not configure this policy setting, the user can add secondary home pages.
-Note: If the “Disable Changing Home Page Settings” policy is enabled, the user cannot add secondary home pages.
+> [!NOTE]
+> If the “Disable Changing Home Page Settings” policy is enabled, the user cannot add secondary home pages.
@@ -3870,6 +3958,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3917,6 +4006,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3936,7 +4026,7 @@ ADMX Info:
Prevents Internet Explorer from checking whether a new version of the browser is available.
-If you enable this policy, it prevents Internet Explorer from checking to see whether it is the latest available browser version and notifying users if a new version is available.
+If you enable this policy, it prevents Internet Explorer from checking to see whether it is the latest available browser version and notifies users if a new version is available.
If you disable this policy or do not configure it, Internet Explorer checks every 30 days by default, and then notifies users if a new version is available.
@@ -3965,6 +4055,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4025,6 +4116,7 @@ Supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4076,6 +4168,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4101,7 +4194,8 @@ If you disable this policy or do not configure it, users can add Web sites to or
This policy prevents users from changing site management settings for security zones established by the administrator.
-Note: The "Disable the Security page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Security tab from the interface, takes precedence over this policy. If it is enabled, this policy is ignored.
+> [!NOTE]
+> The "Disable the Security page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Security tab from the interface, takes precedence over this policy. If it is enabled, this policy is ignored.
Also, see the "Security zones: Use only machine settings" policy.
@@ -4128,6 +4222,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4153,7 +4248,8 @@ If you disable this policy or do not configure it, users can change the settings
This policy prevents users from changing security zone settings established by the administrator.
-Note: The "Disable the Security page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Security tab from Internet Explorer in Control Panel, takes precedence over this policy. If it is enabled, this policy is ignored.
+> [!NOTE]
+> The "Disable the Security page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Security tab from Internet Explorer in Control Panel, takes precedence over this policy. If it is enabled, this policy is ignored.
Also, see the "Security zones: Use only machine settings" policy.
@@ -4180,6 +4276,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4229,6 +4326,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4251,9 +4349,9 @@ This policy setting allows you to manage a list of domains on which Internet Exp
If you enable this policy setting, you can enter a custom list of domains for which outdated ActiveX controls won't be blocked in Internet Explorer. Each domain entry must be formatted like one of the following:
-1. "domain.name.TLD". For example, if you want to include *.contoso.com/*, use "contoso.com"
-2. "hostname". For example, if you want to include http://example, use "example"
-3. "file:///path/filename.htm". For example, use "file:///C:/Users/contoso/Desktop/index.htm"
+1. "domain.name.TLD". For example, if you want to include *.contoso.com/*, use "contoso.com".
+2. "hostname". For example, if you want to include http://example, use "example".
+3. "file:///path/filename.htm". For example, use "file:///C:/Users/contoso/Desktop/index.htm".
If you disable or don't configure this policy setting, the list is deleted and Internet Explorer continues to block specific outdated ActiveX controls on all domains in the Internet Zone.
@@ -4282,6 +4380,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4310,8 +4409,8 @@ This policy setting lets admins enable extended Microsoft Edge Internet Explorer
The following list shows the supported values:
-- 0 (default) - Disabled.
-- 1 - Enabled.
+- 0 (default) - Disabled
+- 1 - Enabled
@@ -4334,6 +4433,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4352,11 +4452,11 @@ ADMX Info:
-This policy setting controls whether local sites which are not explicitly mapped into any Security Zone are forced into the local Intranet security zone.
+This policy setting controls, whether local sites which are not explicitly mapped into any Security Zone are forced into the local Intranet security zone.
If you enable this policy setting, local sites which are not explicitly mapped into a zone are considered to be in the Intranet Zone.
-If you disable this policy setting, local sites which are not explicitly mapped into a zone will not be considered to be in the Intranet Zone (so would typically be in the Internet Zone).
+If you disable this policy setting, local sites which are not explicitly mapped into a zone will not be considered in the Intranet Zone (so would typically be in the Internet Zone).
If you do not configure this policy setting, users choose whether to force local sites into the Intranet Zone.
@@ -4383,6 +4483,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4401,7 +4502,7 @@ ADMX Info:
-This policy setting controls whether URLs representing UNCs are mapped into the local Intranet security zone.
+This policy setting controls, whether URLs representing UNCs are mapped into the local Intranet security zone.
If you enable this policy setting, all network paths are mapped into the Intranet Zone.
@@ -4432,6 +4533,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4450,7 +4552,7 @@ ADMX Info:
-This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
+This policy setting allows you to manage, whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
@@ -4481,6 +4583,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4499,7 +4602,7 @@ ADMX Info:
-This policy setting manages whether users will be automatically prompted for ActiveX control installations.
+This policy setting manages, whether users will be automatically prompted for ActiveX control installations.
If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.
@@ -4530,6 +4633,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4548,7 +4652,7 @@ ADMX Info:
-This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
+This policy setting determines, whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
If you enable this setting, users will receive a file download dialog for automatic download attempts.
@@ -4577,6 +4681,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4595,11 +4700,11 @@ ADMX Info:
-This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region.
+This policy setting allows you to manage, whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region.
If you enable this policy setting, a script can perform a clipboard operation.
-If you select Prompt in the drop-down box, users are queried as to whether to perform clipboard operations.
+If you select Prompt in the drop-down box, users are queried, whether to perform clipboard operations.
If you disable this policy setting, a script cannot perform a clipboard operation.
@@ -4628,6 +4733,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4646,7 +4752,7 @@ ADMX Info:
-This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.
+This policy setting allows you to manage, whether users can drag files or copy and paste files from a source within the zone.
If you enable this policy setting, users can drag files or copy and paste files from this zone automatically. If you select Prompt in the drop-down box, users are queried to choose whether to drag or copy files from this zone.
@@ -4677,6 +4783,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4695,7 +4802,7 @@ ADMX Info:
-This policy setting allows you to manage whether pages of the zone may download HTML fonts.
+This policy setting allows you to manage, whether pages of the zone may download HTML fonts.
If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.
@@ -4726,6 +4833,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4744,11 +4852,11 @@ ADMX Info:
-This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone.
+This policy setting allows you to manage, whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone.
-If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.
+If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.
-If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
+If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone, as set by Protection from Zone Elevation feature control.
If you do not configure this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone.
@@ -4775,6 +4883,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4824,6 +4933,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4842,9 +4952,9 @@ ADMX Info:
-This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
+This policy setting allows you to manage, whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
-If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.
+If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine, whether to execute unsigned managed components.
If you disable this policy setting, Internet Explorer will not execute unsigned managed components.
@@ -4873,6 +4983,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4891,7 +5002,7 @@ ADMX Info:
-This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.
+This policy setting controls, whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.
If you enable this policy setting, the user is prompted before ActiveX controls can run from websites in this zone. The user can choose to allow the control to run from the current site or from all sites.
@@ -4920,6 +5031,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4938,7 +5050,7 @@ ADMX Info:
-This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites.
+This policy setting controls, whether or not the user is allowed to run the TDC ActiveX control on websites.
If you enable this policy setting, the TDC ActiveX control will not run from websites in this zone.
@@ -4967,6 +5079,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5016,6 +5129,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5034,7 +5148,7 @@ ADMX Info:
-This policy setting determines whether a page can control embedded WebBrowser controls via script.
+This policy setting determines, whether a page can control embedded WebBrowser controls via script.
If you enable this policy setting, script access to the WebBrowser control is allowed.
@@ -5065,6 +5179,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5083,7 +5198,7 @@ ADMX Info:
-This policy setting allows you to manage whether the user can run scriptlets.
+This policy setting allows you to manage, whether the user can run scriptlets.
If you enable this policy setting, the user can run scriptlets.
@@ -5114,6 +5229,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5132,7 +5248,7 @@ ADMX Info:
-This policy setting controls whether Windows Defender SmartScreen scans pages in this zone for malicious content.
+This policy setting controls, whether Windows Defender SmartScreen scans pages in this zone for malicious content.
If you enable this policy setting, Windows Defender SmartScreen scans pages in this zone for malicious content.
@@ -5140,7 +5256,8 @@ If you disable this policy setting, Windows Defender SmartScreen does not scan p
If you do not configure this policy setting, the user can choose whether Windows Defender SmartScreen scans pages in this zone for malicious content.
-Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
+> [!NOTE]
+> In Internet Explorer 7, this policy setting controls whether Phishing Filter, scans pages in this zone for malicious content.
@@ -5165,6 +5282,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5183,7 +5301,7 @@ ADMX Info:
-This policy setting allows you to manage whether script is allowed to update the status bar within the zone.
+This policy setting allows you to manage, whether script is allowed to update the status bar within the zone.
If you enable this policy setting, script is allowed to update the status bar.
@@ -5212,6 +5330,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5230,7 +5349,7 @@ ADMX Info:
-This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.
+This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored, if this policy setting is appropriately configured.
If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
@@ -5261,6 +5380,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5279,7 +5399,7 @@ ADMX Info:
-This policy setting allows you to manage whether VBScript can be run on pages from the specified zone in Internet Explorer.
+This policy setting allows you to manage, whether VBScript can be run on pages from the specified zone in Internet Explorer.
If you selected Enable in the drop-down box, VBScript can run without user intervention.
@@ -5312,6 +5432,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5332,11 +5453,11 @@ ADMX Info:
This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.
-If you enable this policy setting, Internet Explorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control.
+If you enable this policy setting, Internet Explorer won't check with your antimalware program, to see if it's safe to create an instance of the ActiveX control.
-If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control.
+If you disable this policy setting, Internet Explorer always checks with your antimalware program, to see if it's safe to create an instance of the ActiveX control.
-If you don't configure this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings.
+If you don't configure this policy setting, Internet Explorer always checks with your antimalware program, to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings.
@@ -5361,6 +5482,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5379,13 +5501,13 @@ ADMX Info:
-This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.
+This policy setting allows you to manage, whether users may download signed ActiveX controls from a page in the zone.
If you enable this policy, users can download signed controls without user intervention. If you select Prompt in the drop-down box, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.
If you disable the policy setting, signed controls cannot be downloaded.
-If you do not configure this policy setting, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.
+If you do not configure this policy setting, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.
@@ -5410,6 +5532,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5428,7 +5551,7 @@ ADMX Info:
-This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone.
+This policy setting allows you to manage, whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone.
If you enable this policy setting, users can run unsigned controls without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to allow the unsigned control to run.
@@ -5459,6 +5582,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5506,6 +5630,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5524,15 +5649,15 @@ ADMX Info:
-This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.
+This policy setting allows you to set options for dragging content from one domain to a different domain, when the source and destination are in different windows.
-If you enable this policy setting and click Enable, users can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change this setting.
+If you enable this policy setting and click Enable, users can drag content from one domain to a different domain, when the source and destination are in different windows. Users cannot change this setting.
-If you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain when both the source and destination are in different windows. Users cannot change this setting.
+If you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain, when both the source and destination are in different windows. Users cannot change this setting.
-In Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are in different windows. Users can change this setting in the Internet Options dialog.
+In Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain, when the source and destination are in different windows. Users can change this setting in the Internet Options dialog.
-In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change this setting.
+In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one domain to a different domain, when the source and destination are in different windows. Users cannot change this setting.
@@ -5557,6 +5682,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5575,15 +5701,15 @@ ADMX Info:
-This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.
+This policy setting allows you to set options for dragging content from one domain to a different domain, when the source and destination are in the same window.
-If you enable this policy setting and click Enable, users can drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting.
+If you enable this policy setting and click Enable, users can drag content from one domain to a different domain, when the source and destination are in the same window. Users cannot change this setting.
-If you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog.
+If you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain, when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog.
-In Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialog.
+In Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain, when the source and destination are in the same window. Users can change this setting in the Internet Options dialog.
-In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog.
+In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users can drag content from one domain to a different domain, when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog.
@@ -5608,6 +5734,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5657,6 +5784,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5675,7 +5803,7 @@ ADMX Info:
-This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.
+This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities, by reducing the locations that Internet Explorer can write to in the registry and the file system.
If you enable this policy setting, Protected Mode is turned on. The user cannot turn off Protected Mode.
@@ -5706,6 +5834,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5724,7 +5853,7 @@ ADMX Info:
-This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent, some information may be unintentionally revealed to the server. For instance, files sent from the user's desktop may contain the user name as a part of the path.
+This policy setting controls whether or not local path information is sent, when the user is uploading a file via an HTML form. If the local path information is sent, some information may be unintentionally revealed to the server. For instance, files sent from the user's desktop may contain the user name as a part of the path.
If you enable this policy setting, path information is sent when the user is uploading a file via an HTML form.
@@ -5755,6 +5884,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5805,7 +5935,8 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
-|Business|||
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5828,6 +5959,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5852,7 +5984,7 @@ If you enable this policy setting, you can choose options from the drop-down box
Low Safety enables applets to perform all operations.
-Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.
+Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer), and user-controlled file I/O.
High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.
@@ -5883,6 +6015,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5901,9 +6034,9 @@ ADMX Info:
-This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.
+This policy setting allows you to manage, whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.
-If you enable this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.
+If you enable this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone, without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.
If you disable this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone.
@@ -5932,6 +6065,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5954,11 +6088,11 @@ This policy setting allows you to manage settings for logon options.
If you enable this policy setting, you can choose from the following logon options.
-Anonymous logon to disable HTTP authentication and use the guest account only for the Common Internet File System (CIFS) protocol.
+Anonymous logon to disable HTTP authentication, and use the guest account only for the Common Internet File System (CIFS) protocol.
Prompt for user name and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder of the session.
-Automatic logon only in Intranet zone to query users for user IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session.
+Automatic logon, only in Intranet zone to query users for user IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session.
Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supported by the server, the user is queried to provide the user name and password.
@@ -5989,6 +6123,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6007,13 +6142,13 @@ ADMX Info:
-This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.
+This policy setting allows you to manage the opening of windows and frames, and access of applications across different domains.
-If you enable this policy setting, users can open windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.
+If you enable this policy setting, users can open windows and frames from other domains, and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.
If you disable this policy setting, users cannot open windows and frames to access applications from different domains.
-If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains.
+If you do not configure this policy setting, users can open windows and frames from other domains, and access applications from other domains.
@@ -6038,6 +6173,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6056,9 +6192,9 @@ ADMX Info:
-This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
+This policy setting allows you to manage, whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
-If you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute signed managed components.
+If you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine, whether to execute signed managed components.
If you disable this policy setting, Internet Explorer will not execute signed managed components.
@@ -6087,6 +6223,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6105,7 +6242,7 @@ ADMX Info:
-This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer, for example).
+This policy setting controls, whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer, for example).
If you enable this policy setting and set the drop-down box to Enable, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open.
@@ -6136,6 +6273,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6154,7 +6292,7 @@ ADMX Info:
-This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.
+This policy setting allows you to manage, whether unwanted pop-up windows appear. Pop-up windows that are opened, when the end user clicks a link are not blocked.
If you enable this policy setting, most unwanted pop-up windows are prevented from appearing.
@@ -6185,6 +6323,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6203,13 +6342,13 @@ ADMX Info:
-This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
+This policy setting allows you to manage, whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
-If you do not configure this policy setting, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
+If you do not configure this policy setting, users are queried to choose, whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
@@ -6234,6 +6373,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6252,7 +6392,7 @@ ADMX Info:
-This policy setting manages whether users will be automatically prompted for ActiveX control installations.
+This policy setting manages, whether users will be automatically prompted for ActiveX control installations.
If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.
@@ -6283,6 +6423,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6301,7 +6442,7 @@ ADMX Info:
-This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
+This policy setting determines, whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
If you enable this setting, users will receive a file download dialog for automatic download attempts.
@@ -6330,6 +6471,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6348,7 +6490,7 @@ ADMX Info:
-This policy setting allows you to manage whether pages of the zone may download HTML fonts.
+This policy setting allows you to manage, whether pages of the zone may download HTML fonts.
If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.
@@ -6379,6 +6521,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6397,11 +6540,11 @@ ADMX Info:
-This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone.
+This policy setting allows you to manage, whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone.
-If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.
+If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.
-If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
+If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone, as set by Protection from Zone Elevation feature control.
If you do not configure this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone.
@@ -6428,6 +6571,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6446,9 +6590,9 @@ ADMX Info:
-This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
+This policy setting allows you to manage, whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag, and managed executables referenced from a link.
-If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.
+If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine, whether to execute unsigned managed components.
If you disable this policy setting, Internet Explorer will not execute unsigned managed components.
@@ -6477,6 +6621,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6495,7 +6640,7 @@ ADMX Info:
-This policy setting allows you to manage whether the user can run scriptlets.
+This policy setting allows you to manage, whether the user can run scriptlets.
If you enable this policy setting, the user can run scriptlets.
@@ -6526,6 +6671,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6544,7 +6690,7 @@ ADMX Info:
-This policy setting controls whether Windows Defender SmartScreen scans pages in this zone for malicious content.
+This policy setting controls, whether Windows Defender SmartScreen scans pages in this zone for malicious content.
If you enable this policy setting, Windows Defender SmartScreen scans pages in this zone for malicious content.
@@ -6552,7 +6698,8 @@ If you disable this policy setting, Windows Defender SmartScreen does not scan p
If you do not configure this policy setting, the user can choose whether Windows Defender SmartScreen scans pages in this zone for malicious content.
-Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
+> [!NOTE]
+> In Internet Explorer 7, this policy setting controls whether Phishing Filter, scans pages in this zone for malicious content.
@@ -6577,6 +6724,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6595,7 +6743,7 @@ ADMX Info:
-This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.
+This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored, if this policy setting is appropriately configured.
If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
@@ -6626,6 +6774,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6644,13 +6793,13 @@ ADMX Info:
-This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.
+This policy setting determines, whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.
If you enable this policy setting, Internet Explorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control.
-If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control.
+If you disable this policy setting, Internet Explorer always checks with your antimalware program, to see if it's safe to create an instance of the ActiveX control.
-If you don't configure this policy setting, Internet Explorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings.
+If you don't configure this policy setting, Internet Explorer won't check with your antimalware program, to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings.
@@ -6675,6 +6824,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6726,6 +6876,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6750,7 +6901,7 @@ If you enable this policy setting, you can choose options from the drop-down box
Low Safety enables applets to perform all operations.
-Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.
+Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer), and user-controlled file I/O.
High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.
@@ -6781,6 +6932,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6799,13 +6951,13 @@ ADMX Info:
-This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.
+This policy setting allows you to manage the opening of windows and frames, and access of applications across different domains.
-If you enable this policy setting, users can open windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.
+If you enable this policy setting, users can open windows and frames from other domains, and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.
If you disable this policy setting, users cannot open windows and frames to access applications from different domains.
-If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains.
+If you do not configure this policy setting, users can open windows and frames from other domains, and access applications from other domains.
@@ -6830,6 +6982,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6851,7 +7004,7 @@ ADMX Info:
This policy setting prevents intranet sites from being opened in any browser except Internet Explorer.
> [!NOTE]
-> If the [InternetExplorer/SendSitesNotInEnterpriseSiteListToEdg](#internetexplorer-policies)e policy is not enabled, then this policy has no effect.
+> If the [InternetExplorer/SendSitesNotInEnterpriseSiteListToEdge](#internetexplorer-policies) policy is not enabled, then this policy has no effect.
If you enable this policy, all intranet sites are opened in Internet Explorer 11. The only exceptions are sites listed in your Enterprise Mode Site List.
If you disable or do not configure this policy, all intranet sites are automatically opened in Microsoft Edge.
@@ -6905,6 +7058,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6923,7 +7077,7 @@ ADMX Info:
-This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
+This policy setting allows you to manage, whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
@@ -6954,6 +7108,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6972,7 +7127,7 @@ ADMX Info:
-This policy setting manages whether users will be automatically prompted for ActiveX control installations.
+This policy setting manages, whether users will be automatically prompted for ActiveX control installations.
If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.
@@ -7003,6 +7158,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -7021,7 +7177,7 @@ ADMX Info:
-This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
+This policy setting determines, whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
If you enable this setting, users will receive a file download dialog for automatic download attempts.
@@ -7050,6 +7206,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -7068,7 +7225,7 @@ ADMX Info:
-This policy setting allows you to manage whether pages of the zone may download HTML fonts.
+This policy setting allows you to manage, whether pages of the zone may download HTML fonts.
If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.
@@ -7099,6 +7256,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -7117,13 +7275,13 @@ ADMX Info:
-This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.
+This policy setting allows you to manage, whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.
If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.
-If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
+If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone, as set by Protection from Zone Elevation feature control.
-If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
+If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be in this zone, as set by Protection from Zone Elevation feature control.
@@ -7148,6 +7306,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -7166,9 +7325,9 @@ ADMX Info:
-This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
+This policy setting allows you to manage, whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
-If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.
+If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine, whether to execute unsigned managed components.
If you disable this policy setting, Internet Explorer will not execute unsigned managed components.
@@ -7197,6 +7356,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -7215,7 +7375,7 @@ ADMX Info:
-This policy setting allows you to manage whether the user can run scriptlets.
+This policy setting allows you to manage, whether the user can run scriptlets.
If you enable this policy setting, the user can run scriptlets.
@@ -7246,6 +7406,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -7264,7 +7425,7 @@ ADMX Info:
-This policy setting controls whether Windows Defender SmartScreen scans pages in this zone for malicious content.
+This policy setting controls, whether Windows Defender SmartScreen scans pages in this zone for malicious content.
If you enable this policy setting, Windows Defender SmartScreen scans pages in this zone for malicious content.
@@ -7272,7 +7433,8 @@ If you disable this policy setting, Windows Defender SmartScreen does not scan p
If you do not configure this policy setting, the user can choose whether Windows Defender SmartScreen scans pages in this zone for malicious content.
-Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
+> [!NOTE]
+> In Internet Explorer 7, this policy setting controls whether Phishing Filter, scans pages in this zone for malicious content.
@@ -7297,6 +7459,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -7315,7 +7478,7 @@ ADMX Info:
-This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.
+This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored, if this policy setting is appropriately configured.
If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
@@ -7346,6 +7509,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -7364,13 +7528,13 @@ ADMX Info:
-This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.
+This policy setting determines, whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.
-If you enable this policy setting, Internet Explorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control.
+If you enable this policy setting, Internet Explorer won't check with your antimalware program, to see if it's safe to create an instance of the ActiveX control.
-If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control.
+If you disable this policy setting, Internet Explorer always checks with your antimalware program, to see if it's safe to create an instance of the ActiveX control.
-If you don't configure this policy setting, Internet Explorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings.
+If you don't configure this policy setting, Internet Explorer won't check with your antimalware program, to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings.
@@ -7395,6 +7559,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -7446,6 +7611,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -7470,7 +7636,7 @@ If you enable this policy setting, you can choose options from the drop-down box
Low Safety enables applets to perform all operations.
-Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.
+Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer), and user-controlled file I/O.
High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.
@@ -7501,6 +7667,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -7519,13 +7686,13 @@ ADMX Info:
-This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.
+This policy setting allows you to manage the opening of windows and frames, and access of applications across different domains.
-If you enable this policy setting, users can open windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.
+If you enable this policy setting, users can open windows and frames from other domains, and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.
If you disable this policy setting, users cannot open windows and frames to access applications from different domains.
-If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains.
+If you do not configure this policy setting, users can open windows and frames from other domains, and access applications from other domains.
@@ -7550,6 +7717,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -7568,7 +7736,7 @@ ADMX Info:
-This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
+This policy setting allows you to manage, whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
@@ -7599,6 +7767,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -7617,7 +7786,7 @@ ADMX Info:
-This policy setting manages whether users will be automatically prompted for ActiveX control installations.
+This policy setting manages, whether users will be automatically prompted for ActiveX control installations.
If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.
@@ -7648,6 +7817,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -7666,7 +7836,7 @@ ADMX Info:
-This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
+This policy setting determines, whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
If you enable this setting, users will receive a file download dialog for automatic download attempts.
@@ -7695,6 +7865,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -7713,7 +7884,7 @@ ADMX Info:
-This policy setting allows you to manage whether pages of the zone may download HTML fonts.
+This policy setting allows you to manage, whether pages of the zone may download HTML fonts.
If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.
@@ -7744,6 +7915,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -7762,13 +7934,13 @@ ADMX Info:
-This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.
+This policy setting allows you to manage, whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.
If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.
-If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
+If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone, as set by Protection from Zone Elevation feature control.
-If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
+If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be in this zone, as set by Protection from Zone Elevation feature control.
@@ -7793,6 +7965,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -7811,9 +7984,9 @@ ADMX Info:
-This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
+This policy setting allows you to manage whether, .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
-If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.
+If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine, whether to execute unsigned managed components.
If you disable this policy setting, Internet Explorer will not execute unsigned managed components.
@@ -7842,6 +8015,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -7860,7 +8034,7 @@ ADMX Info:
-This policy setting allows you to manage whether the user can run scriptlets.
+This policy setting allows you to manage, whether the user can run scriptlets.
If you enable this policy setting, the user can run scriptlets.
@@ -7891,6 +8065,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -7909,7 +8084,7 @@ ADMX Info:
-This policy setting controls whether Windows Defender SmartScreen scans pages in this zone for malicious content.
+This policy setting controls, whether Windows Defender SmartScreen scans pages in this zone for malicious content.
If you enable this policy setting, Windows Defender SmartScreen scans pages in this zone for malicious content.
@@ -7917,7 +8092,8 @@ If you disable this policy setting, Windows Defender SmartScreen does not scan p
If you do not configure this policy setting, the user can choose whether Windows Defender SmartScreen scans pages in this zone for malicious content.
-Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
+> [!NOTE]
+> In Internet Explorer 7, this policy setting controls whether Phishing Filter, scans pages in this zone for malicious content.
@@ -7942,6 +8118,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -7960,7 +8137,7 @@ ADMX Info:
-This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.
+This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored, if this policy setting is appropriately configured.
If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
@@ -7991,6 +8168,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -8042,6 +8220,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -8066,7 +8245,7 @@ If you enable this policy setting, you can choose options from the drop-down box
Low Safety enables applets to perform all operations.
-Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.
+Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer), and user-controlled file I/O.
High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.
@@ -8097,6 +8276,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -8115,13 +8295,13 @@ ADMX Info:
-This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.
+This policy setting allows you to manage the opening of windows and frames, and access of applications across different domains.
-If you enable this policy setting, users can open windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.
+If you enable this policy setting, users can open windows and frames from other domains, and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.
If you disable this policy setting, users cannot open windows and frames to access applications from different domains.
-If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains.
+If you do not configure this policy setting, users can open windows and frames from other domains, and access applications from other domains.
@@ -8146,6 +8326,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -8170,7 +8351,7 @@ If you enable this policy setting, you can choose options from the drop-down box
Low Safety enables applets to perform all operations.
-Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.
+Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer), and user-controlled file I/O.
High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.
@@ -8201,6 +8382,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -8219,13 +8401,13 @@ ADMX Info:
-This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
+This policy setting allows you to manage, whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
-If you do not configure this policy setting, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
+If you do not configure this policy setting, users are queried to choose, whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
@@ -8250,6 +8432,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -8268,7 +8451,7 @@ ADMX Info:
-This policy setting manages whether users will be automatically prompted for ActiveX control installations.
+This policy setting manages, whether users will be automatically prompted for ActiveX control installations.
If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.
@@ -8299,6 +8482,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -8317,7 +8501,7 @@ ADMX Info:
-This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
+This policy setting determines, whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
If you enable this setting, users will receive a file download dialog for automatic download attempts.
@@ -8346,6 +8530,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -8364,7 +8549,7 @@ ADMX Info:
-This policy setting allows you to manage whether pages of the zone may download HTML fonts.
+This policy setting allows you to manage, whether pages of the zone may download HTML fonts.
If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.
@@ -8395,6 +8580,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -8413,13 +8599,13 @@ ADMX Info:
-This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.
+This policy setting allows you to manage, whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.
If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.
-If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
+If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone, as set by Protection from Zone Elevation feature control.
-If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
+If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone, as set by Protection from Zone Elevation feature control.
@@ -8444,6 +8630,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -8462,9 +8649,9 @@ ADMX Info:
-This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
+This policy setting allows you to manage, whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
-If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.
+If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine, whether to execute unsigned managed components.
If you disable this policy setting, Internet Explorer will not execute unsigned managed components.
@@ -8493,6 +8680,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -8511,7 +8699,7 @@ ADMX Info:
-This policy setting allows you to manage whether the user can run scriptlets.
+This policy setting allows you to manage, whether the user can run scriptlets.
If you enable this policy setting, the user can run scriptlets.
@@ -8542,6 +8730,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -8560,7 +8749,7 @@ ADMX Info:
-This policy setting controls whether Windows Defender SmartScreen scans pages in this zone for malicious content.
+This policy setting controls, whether Windows Defender SmartScreen scans pages in this zone for malicious content.
If you enable this policy setting, Windows Defender SmartScreen scans pages in this zone for malicious content.
@@ -8568,7 +8757,8 @@ If you disable this policy setting, Windows Defender SmartScreen does not scan p
If you do not configure this policy setting, the user can choose whether Windows Defender SmartScreen scans pages in this zone for malicious content.
-Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
+> [!NOTE]
+> In Internet Explorer 7, this policy setting controls whether Phishing Filter, scans pages in this zone for malicious content.
@@ -8593,6 +8783,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -8611,7 +8802,7 @@ ADMX Info:
-This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.
+This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored, if this policy setting is appropriately configured.
If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
@@ -8642,6 +8833,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -8693,6 +8885,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -8711,13 +8904,13 @@ ADMX Info:
-This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.
+This policy setting allows you to manage the opening of windows and frames, and access of applications across different domains.
-If you enable this policy setting, users can open windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.
+If you enable this policy setting, users can open windows and frames from other domains, and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.
If you disable this policy setting, users cannot open windows and frames to access applications from different domains.
-If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains.
+If you do not configure this policy setting, users can open windows and frames from other domains, and access applications from other domains.
@@ -8742,6 +8935,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -8760,7 +8954,7 @@ ADMX Info:
-This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
+This policy setting allows you to manage, whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
@@ -8791,6 +8985,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -8809,7 +9004,7 @@ ADMX Info:
-This policy setting manages whether users will be automatically prompted for ActiveX control installations.
+This policy setting manages, whether users will be automatically prompted for ActiveX control installations.
If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.
@@ -8840,6 +9035,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -8858,7 +9054,7 @@ ADMX Info:
-This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
+This policy setting determines, whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
If you enable this setting, users will receive a file download dialog for automatic download attempts.
@@ -8887,6 +9083,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -8905,7 +9102,7 @@ ADMX Info:
-This policy setting allows you to manage whether pages of the zone may download HTML fonts.
+This policy setting allows you to manage, whether pages of the zone may download HTML fonts.
If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.
@@ -8936,6 +9133,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -8954,13 +9152,13 @@ ADMX Info:
-This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.
+This policy setting allows you to manage, whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.
If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.
-If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
+If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone, as set by Protection from Zone Elevation feature control.
-If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
+If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone, as set by Protection from Zone Elevation feature control.
@@ -8985,6 +9183,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -9003,9 +9202,9 @@ ADMX Info:
-This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
+This policy setting allows you to manage, whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
-If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.
+If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine, whether to execute unsigned managed components.
If you disable this policy setting, Internet Explorer will not execute unsigned managed components.
@@ -9034,6 +9233,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -9052,7 +9252,7 @@ ADMX Info:
-This policy setting allows you to manage whether the user can run scriptlets.
+This policy setting allows you to manage, whether the user can run scriptlets.
If you enable this policy setting, the user can run scriptlets.
@@ -9083,6 +9283,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -9101,7 +9302,7 @@ ADMX Info:
-This policy setting controls whether Windows Defender SmartScreen scans pages in this zone for malicious content.
+This policy setting controls, whether Windows Defender SmartScreen scans pages in this zone for malicious content.
If you enable this policy setting, Windows Defender SmartScreen scans pages in this zone for malicious content.
@@ -9109,7 +9310,8 @@ If you disable this policy setting, Windows Defender SmartScreen does not scan p
If you do not configure this policy setting, the user can choose whether Windows Defender SmartScreen scans pages in this zone for malicious content.
-Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
+> [!NOTE]
+> In Internet Explorer 7, this policy setting controls whether Phishing Filter, scans pages in this zone for malicious content.
@@ -9134,6 +9336,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -9152,7 +9355,7 @@ ADMX Info:
-This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.
+This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored, if this policy setting is appropriately configured.
If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
@@ -9183,6 +9386,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -9234,6 +9438,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -9258,7 +9463,7 @@ If you enable this policy setting, you can choose options from the drop-down box
Low Safety enables applets to perform all operations.
-Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.
+Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer), and user-controlled file I/O.
High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.
@@ -9289,6 +9494,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -9307,13 +9513,13 @@ ADMX Info:
-This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.
+This policy setting allows you to manage the opening of windows and frames, and access of applications across different domains.
-If you enable this policy setting, users can open windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.
+If you enable this policy setting, users can open windows and frames from other domains, and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.
If you disable this policy setting, users cannot open windows and frames to access applications from different domains.
-If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains.
+If you do not configure this policy setting, users can open windows and frames from other domains, and access applications from other domains.
@@ -9338,6 +9544,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -9356,7 +9563,7 @@ ADMX Info:
-This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
+This policy setting allows you to manage, whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
@@ -9387,6 +9594,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -9405,7 +9613,7 @@ ADMX Info:
-This policy setting manages whether users will be automatically prompted for ActiveX control installations.
+This policy setting manages, whether users will be automatically prompted for ActiveX control installations.
If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.
@@ -9436,6 +9644,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -9454,7 +9663,7 @@ ADMX Info:
-This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
+This policy setting determines, whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
If you enable this setting, users will receive a file download dialog for automatic download attempts.
@@ -9483,6 +9692,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -9501,7 +9711,7 @@ ADMX Info:
-This policy setting allows you to manage whether pages of the zone may download HTML fonts.
+This policy setting allows you to manage, whether pages of the zone may download HTML fonts.
If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.
@@ -9532,6 +9742,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -9550,13 +9761,13 @@ ADMX Info:
-This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.
+This policy setting allows you to manage, whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.
If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.
-If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
+If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone, as set by Protection from Zone Elevation feature control.
-If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
+If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone, as set by Protection from Zone Elevation feature control.
@@ -9581,6 +9792,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -9599,9 +9811,9 @@ ADMX Info:
-This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
+This policy setting allows you to manage, whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
-If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.
+If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine, whether to execute unsigned managed components.
If you disable this policy setting, Internet Explorer will not execute unsigned managed components.
@@ -9630,6 +9842,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -9648,7 +9861,7 @@ ADMX Info:
-This policy setting allows you to manage whether the user can run scriptlets.
+This policy setting allows you to manage, whether the user can run scriptlets.
If you enable this policy setting, the user can run scriptlets.
@@ -9679,6 +9892,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -9697,7 +9911,7 @@ ADMX Info:
-This policy setting controls whether Windows Defender SmartScreen scans pages in this zone for malicious content.
+This policy setting controls, whether Windows Defender SmartScreen scans pages in this zone for malicious content.
If you enable this policy setting, Windows Defender SmartScreen scans pages in this zone for malicious content.
@@ -9705,7 +9919,8 @@ If you disable this policy setting, Windows Defender SmartScreen does not scan p
If you do not configure this policy setting, the user can choose whether Windows Defender SmartScreen scans pages in this zone for malicious content.
-Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
+> [!NOTE]
+> In Internet Explorer 7, this policy setting controls whether Phishing Filter, scans pages in this zone for malicious content.
@@ -9730,6 +9945,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -9748,7 +9964,7 @@ ADMX Info:
-This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.
+This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored, if this policy setting is appropriately configured.
If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
@@ -9779,6 +9995,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -9797,7 +10014,7 @@ ADMX Info:
-This policy setting allows you to manage ActiveX controls not marked as safe.
+This policy setting allows you to manage, ActiveX controls not marked as safe.
If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.
@@ -9830,6 +10047,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -9854,7 +10072,7 @@ If you enable this policy setting, you can choose options from the drop-down box
Low Safety enables applets to perform all operations.
-Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.
+Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer), and user-controlled file I/O.
High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.
@@ -9885,6 +10103,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -9903,9 +10122,9 @@ ADMX Info:
-This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.
+This policy setting allows you to manage the opening of windows and frames, and access of applications across different domains.
-If you enable this policy setting, users can open additional windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow additional windows and frames to access applications from other domains.
+If you enable this policy setting, users can open additional windows and frames from other domains, and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow additional windows and frames to access applications from other domains.
If you disable this policy setting, users cannot open other windows and frames from other domains or access applications from different domains.
@@ -9934,6 +10153,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -9952,7 +10172,7 @@ ADMX Info:
-This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
+This policy setting allows you to manage, whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
@@ -9983,6 +10203,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -10001,7 +10222,7 @@ ADMX Info:
-This policy setting manages whether users will be automatically prompted for ActiveX control installations.
+This policy setting manages, whether users will be automatically prompted for ActiveX control installations.
If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.
@@ -10032,6 +10253,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -10050,7 +10272,7 @@ ADMX Info:
-This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
+This policy setting determines, whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
If you enable this setting, users will receive a file download dialog for automatic download attempts.
@@ -10079,6 +10301,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -10097,7 +10320,7 @@ ADMX Info:
-This policy setting allows you to manage whether pages of the zone may download HTML fonts.
+This policy setting allows you to manage, whether pages of the zone may download HTML fonts.
If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.
@@ -10128,6 +10351,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -10150,9 +10374,9 @@ This policy setting allows you to manage whether Web sites from less privileged
If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.
-If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
+If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone, as set by Protection from Zone Elevation feature control.
-If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
+If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone, as set by Protection from Zone Elevation feature control.
@@ -10177,6 +10401,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -10195,9 +10420,9 @@ ADMX Info:
-This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
+This policy setting allows you to manage, whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
-If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.
+If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine, whether to execute unsigned managed components.
If you disable this policy setting, Internet Explorer will not execute unsigned managed components.
@@ -10226,6 +10451,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -10244,7 +10470,7 @@ ADMX Info:
-This policy setting allows you to manage whether the user can run scriptlets.
+This policy setting allows you to manage, whether the user can run scriptlets.
If you enable this policy setting, the user can run scriptlets.
@@ -10275,6 +10501,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -10293,7 +10520,7 @@ ADMX Info:
-This policy setting controls whether Windows Defender SmartScreen scans pages in this zone for malicious content.
+This policy setting controls whether, Windows Defender SmartScreen scans pages in this zone for malicious content.
If you enable this policy setting, Windows Defender SmartScreen scans pages in this zone for malicious content.
@@ -10301,7 +10528,8 @@ If you disable this policy setting, Windows Defender SmartScreen does not scan p
If you do not configure this policy setting, the user can choose whether Windows Defender SmartScreen scans pages in this zone for malicious content.
-Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
+> [!NOTE]
+> In Internet Explorer 7, this policy setting controls whether Phishing Filter, scans pages in this zone for malicious content.
@@ -10326,6 +10554,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -10344,7 +10573,7 @@ ADMX Info:
-This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.
+This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored, if this policy setting is appropriately configured.
If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
@@ -10375,6 +10604,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -10426,6 +10656,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -10450,7 +10681,7 @@ If you enable this policy setting, you can choose options from the drop-down box
Low Safety enables applets to perform all operations.
-Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.
+Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer), and user-controlled file I/O.
High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.
@@ -10481,6 +10712,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -10499,13 +10731,13 @@ ADMX Info:
-This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.
+This policy setting allows you to manage the opening of windows and frames, and access of applications across different domains.
-If you enable this policy setting, users can open windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.
+If you enable this policy setting, users can open windows and frames from other domains, and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.
If you disable this policy setting, users cannot open windows and frames to access applications from different domains.
-If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains.
+If you do not configure this policy setting, users can open windows and frames from other domains, and access applications from other domains.
@@ -10530,6 +10762,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -10579,6 +10812,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -10597,7 +10831,7 @@ ADMX Info:
-This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more dangerous file type.
+This policy setting determines, whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more dangerous file type.
If you enable this policy setting, MIME sniffing will never promote a file of one type to a more dangerous file type.
@@ -10628,6 +10862,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -10646,7 +10881,7 @@ ADMX Info:
-This policy setting allows you to specify what is displayed when the user opens a new tab.
+This policy setting allows you to specify, what is displayed when the user opens a new tab.
If you enable this policy setting, you can choose which page to display when the user opens a new tab: blank page (about:blank), the first home page, the new tab page or the new tab page with my news feed.
@@ -10689,6 +10924,7 @@ Supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -10707,7 +10943,7 @@ Supported values:
-This policy setting allows you to manage whether the Notification bar is displayed for Internet Explorer processes when file or code installs are restricted. By default, the Notification bar is displayed for Internet Explorer processes.
+This policy setting allows you to manage, whether the Notification bar is displayed for Internet Explorer processes when file or code installs are restricted. By default, the Notification bar is displayed for Internet Explorer processes.
If you enable this policy setting, the Notification bar will be displayed for Internet Explorer Processes.
@@ -10738,6 +10974,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -10785,6 +11022,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -10832,6 +11070,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -10850,7 +11089,7 @@ ADMX Info:
-Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, etc.). Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone, making the Local Machine security zone a prime target for malicious users. Zone Elevation also disables JavaScript navigation if there is no security context.
+Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, etc.). Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone, making the Local Machine security zone a prime target for malicious users. Zone Elevation also disables JavaScript navigation, if there is no security context.
If you enable this policy setting, any zone can be protected from zone elevation by Internet Explorer processes.
@@ -10881,6 +11120,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -10901,9 +11141,9 @@ ADMX Info:
This policy setting allows you to stop users from seeing the "Run this time" button and from running specific outdated ActiveX controls in Internet Explorer.
-If you enable this policy setting, users won't see the "Run this time" button on the warning message that appears when Internet Explorer blocks an outdated ActiveX control.
+If you enable this policy setting, users won't see the "Run this time" button on the warning message that appears, when Internet Explorer blocks an outdated ActiveX control.
-If you disable or don't configure this policy setting, users will see the "Run this time" button on the warning message that appears when Internet Explorer blocks an outdated ActiveX control. Clicking this button lets the user run the outdated ActiveX control once.
+If you disable or don't configure this policy setting, users will see the "Run this time" button on the warning message that appears, when Internet Explorer blocks an outdated ActiveX control. Clicking this button lets the user run the outdated ActiveX control once.
For more information, see "Outdated ActiveX Controls" in the Internet Explorer TechNet library.
@@ -10930,6 +11170,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -10979,6 +11220,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -11028,6 +11270,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -11046,7 +11289,7 @@ ADMX Info:
-This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
+This policy setting allows you to manage, whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
@@ -11077,6 +11320,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -11095,7 +11339,7 @@ ADMX Info:
-This policy setting allows you to manage whether script code on pages in the zone is run.
+This policy setting allows you to manage, whether script code on pages in the zone is run.
If you enable this policy setting, script code on pages in the zone can run automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow script code on pages in the zone to run.
@@ -11126,6 +11370,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -11144,7 +11389,7 @@ ADMX Info:
-This policy setting manages whether users will be automatically prompted for ActiveX control installations.
+This policy setting manages, whether users will be automatically prompted for ActiveX control installations.
If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.
@@ -11175,6 +11420,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -11193,7 +11439,7 @@ ADMX Info:
-This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
+This policy setting determines, whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
If you enable this setting, users will receive a file download dialog for automatic download attempts.
@@ -11222,6 +11468,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -11271,6 +11518,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -11289,7 +11537,7 @@ ADMX Info:
-This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region.
+This policy setting allows you to manage, whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region.
If you enable this policy setting, a script can perform a clipboard operation.
@@ -11322,6 +11570,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -11340,7 +11589,7 @@ ADMX Info:
-This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.
+This policy setting allows you to manage, whether users can drag files or copy and paste files from a source within the zone.
If you enable this policy setting, users can drag files or copy and paste files from this zone automatically. If you select Prompt in the drop-down box, users are queried to choose whether to drag or copy files from this zone.
@@ -11371,6 +11620,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -11389,7 +11639,7 @@ ADMX Info:
-This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download, not the zone from which the file is delivered.
+This policy setting allows you to manage, whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download, not the zone from which the file is delivered.
If you enable this policy setting, files can be downloaded from the zone.
@@ -11420,6 +11670,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -11438,7 +11689,7 @@ ADMX Info:
-This policy setting allows you to manage whether pages of the zone may download HTML fonts.
+This policy setting allows you to manage, whether pages of the zone may download HTML fonts.
If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.
@@ -11469,6 +11720,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -11487,13 +11739,13 @@ ADMX Info:
-This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.
+This policy setting allows you to manage, whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.
If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.
-If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
+If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone, as set by Protection from Zone Elevation feature control.
-If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
+If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone, as set by Protection from Zone Elevation feature control.
@@ -11518,6 +11770,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -11567,6 +11820,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -11585,7 +11839,7 @@ ADMX Info:
-This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.
+This policy setting allows you to manage, whether a user's browser can be redirected to another Web page, if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.
If you enable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to another Web page.
@@ -11616,6 +11870,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -11634,9 +11889,9 @@ ADMX Info:
-This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
+This policy setting allows you to manage, whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
-If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.
+If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine, whether to execute unsigned managed components.
If you disable this policy setting, Internet Explorer will not execute unsigned managed components.
@@ -11665,6 +11920,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -11685,7 +11941,7 @@ ADMX Info:
This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.
-If you enable this policy setting, the user is prompted before ActiveX controls can run from websites in this zone. The user can choose to allow the control to run from the current site or from all sites.
+If you enable this policy setting, the user is prompted before ActiveX controls can run from websites in this zone. The user can choose to allow the control, to run from the current site or from all sites.
If you disable this policy setting, the user does not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.
@@ -11712,6 +11968,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -11730,7 +11987,7 @@ ADMX Info:
-This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites.
+This policy setting controls, whether or not the user is allowed to run the TDC ActiveX control on websites.
If you enable this policy setting, the TDC ActiveX control will not run from websites in this zone.
@@ -11759,6 +12016,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -11777,13 +12035,13 @@ ADMX Info:
-This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.
+This policy setting allows you to manage restrictions on script-initiated pop-up windows, and windows that include the title and status bars.
If you enable this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature.
-If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.
+If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows, and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone, as dictated by the Scripted Windows Security Restrictions feature control setting for the process.
-If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.
+If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows, and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone<> as dictated by the Scripted Windows Security Restrictions feature control setting for the process.
@@ -11808,6 +12066,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -11826,7 +12085,7 @@ ADMX Info:
-This policy setting determines whether a page can control embedded WebBrowser controls via script.
+This policy setting determines, whether a page can control embedded WebBrowser controls via script.
If you enable this policy setting, script access to the WebBrowser control is allowed.
@@ -11857,6 +12116,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -11875,7 +12135,7 @@ ADMX Info:
-This policy setting allows you to manage whether the user can run scriptlets.
+This policy setting allows you to manage, whether the user can run scriptlets.
If you enable this policy setting, the user can run scriptlets.
@@ -11906,6 +12166,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -11924,7 +12185,7 @@ ADMX Info:
-This policy setting controls whether Windows Defender SmartScreen scans pages in this zone for malicious content.
+This policy setting controls, whether Windows Defender SmartScreen scans pages in this zone for malicious content.
If you enable this policy setting, Windows Defender SmartScreen scans pages in this zone for malicious content.
@@ -11932,7 +12193,8 @@ If you disable this policy setting, Windows Defender SmartScreen does not scan p
If you do not configure this policy setting, the user can choose whether Windows Defender SmartScreen scans pages in this zone for malicious content.
-Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
+> [!NOTE]
+> In Internet Explorer 7, this policy setting controls whether Phishing Filter, scans pages in this zone for malicious content.
@@ -11957,6 +12219,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -11975,7 +12238,7 @@ ADMX Info:
-This policy setting allows you to manage whether script is allowed to update the status bar within the zone.
+This policy setting allows you to manage, whether script is allowed to update the status bar within the zone.
If you enable this policy setting, script is allowed to update the status bar.
@@ -12004,6 +12267,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -12022,7 +12286,7 @@ ADMX Info:
-This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.
+This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored, if this policy setting is appropriately configured.
If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
@@ -12053,6 +12317,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -12071,7 +12336,7 @@ ADMX Info:
-This policy setting allows you to manage whether VBScript can be run on pages from the specified zone in Internet Explorer.
+This policy setting allows you to manage, whether VBScript can be run on pages from the specified zone in Internet Explorer.
If you selected Enable in the drop-down box, VBScript can run without user intervention.
@@ -12104,6 +12369,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -12122,13 +12388,13 @@ ADMX Info:
-This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.
+This policy setting determines, whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.
-If you enable this policy setting, Internet Explorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control.
+If you enable this policy setting, Internet Explorer won't check with your antimalware program, to see if it's safe to create an instance of the ActiveX control.
-If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control.
+If you disable this policy setting, Internet Explorer always checks with your antimalware program, to see if it's safe to create an instance of the ActiveX control.
-If you don't configure this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings.
+If you don't configure this policy setting, Internet Explorer always checks with your antimalware program, to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings.
@@ -12153,6 +12419,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -12171,7 +12438,7 @@ ADMX Info:
-This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.
+This policy setting allows you to manage, whether users may download signed ActiveX controls from a page in the zone.
If you enable this policy, users can download signed controls without user intervention. If you select Prompt in the drop-down box, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.
@@ -12202,6 +12469,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -12220,7 +12488,7 @@ ADMX Info:
-This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone.
+This policy setting allows you to manage, whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone.
If you enable this policy setting, users can run unsigned controls without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to allow the unsigned control to run.
@@ -12251,6 +12519,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -12269,7 +12538,7 @@ ADMX Info:
-This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.
+This policy controls, whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.
If you enable this policy setting, the XSS Filter is turned on for sites in this zone, and the XSS Filter attempts to block cross-site script injections.
@@ -12298,6 +12567,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -12316,15 +12586,15 @@ ADMX Info:
-This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.
+This policy setting allows you to set options for dragging content from one domain to a different domain, when the source and destination are in different windows.
-If you enable this policy setting and click Enable, users can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change this setting.
+If you enable this policy setting and click Enable, users can drag content from one domain to a different domain, when the source and destination are in different windows. Users cannot change this setting.
-If you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain when both the source and destination are in different windows. Users cannot change this setting.
+If you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain, when both the source and destination are in different windows. Users cannot change this setting.
-In Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are in different windows. Users can change this setting in the Internet Options dialog.
+In Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain, when the source and destination are in different windows. Users can change this setting in the Internet Options dialog.
-In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change this setting.
+In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one domain to a different domain, when the source and destination are in different windows. Users cannot change this setting.
@@ -12349,6 +12619,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -12367,15 +12638,15 @@ ADMX Info:
-This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.
+This policy setting allows you to set options for dragging content from one domain to a different domain, when the source and destination are in the same window.
-If you enable this policy setting and click Enable, users can drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting.
+If you enable this policy setting and click Enable, users can drag content from one domain to a different domain, when the source and destination are in the same window. Users cannot change this setting.
-If you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog.
+If you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain, when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog.
-In Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialog.
+In Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain, when the source and destination are in the same window. Users can change this setting in the Internet Options dialog.
-In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog.
+In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users can drag content from one domain to a different domain, when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog.
@@ -12400,6 +12671,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -12449,6 +12721,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -12467,13 +12740,13 @@ ADMX Info:
-This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent, some information may be unintentionally revealed to the server. For instance, files sent from the user's desktop may contain the user name as a part of the path.
+This policy setting controls, whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent, some information may be unintentionally revealed to the server. For instance, files sent from the user's desktop may contain the user name as a part of the path.
If you enable this policy setting, path information is sent when the user is uploading a file via an HTML form.
If you disable this policy setting, path information is removed when the user is uploading a file via an HTML form.
-If you do not configure this policy setting, the user can choose whether path information is sent when he or she is uploading a file via an HTML form. By default, path information is sent.
+If you do not configure this policy setting, the user can choose whether path information is sent, when he or she is uploading a file via an HTML form. By default, path information is sent.
@@ -12498,6 +12771,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -12549,6 +12823,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -12573,7 +12848,7 @@ If you enable this policy setting, you can choose options from the drop-down box
Low Safety enables applets to perform all operations.
-Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.
+Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer), and user-controlled file I/O.
High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.
@@ -12604,6 +12879,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -12622,7 +12898,7 @@ ADMX Info:
-This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.
+This policy setting allows you to manage, whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.
If you enable this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.
@@ -12653,6 +12929,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -12675,7 +12952,7 @@ This policy setting allows you to manage settings for logon options.
If you enable this policy setting, you can choose from the following logon options.
-Anonymous logon to disable HTTP authentication and use the guest account only for the Common Internet File System (CIFS) protocol.
+Anonymous logon to disable HTTP authentication, and use the guest account only for the Common Internet File System (CIFS) protocol.
Prompt for user name and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder of the session.
@@ -12710,6 +12987,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -12728,9 +13006,9 @@ ADMX Info:
-This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.
+This policy setting allows you to manage the opening of windows and frames, and access of applications across different domains.
-If you enable this policy setting, users can open additional windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow additional windows and frames to access applications from other domains.
+If you enable this policy setting, users can open additional windows and frames from other domains, and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow additional windows and frames to access applications from other domains.
If you disable this policy setting, users cannot open other windows and frames from other domains or access applications from different domains.
@@ -12759,6 +13037,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -12777,7 +13056,7 @@ ADMX Info:
-This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.
+This policy setting allows you to manage, whether ActiveX controls and plug-ins can be run on pages from the specified zone.
If you enable this policy setting, controls and plug-ins can run without user intervention.
@@ -12810,6 +13089,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -12828,9 +13108,9 @@ ADMX Info:
-This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
+This policy setting allows you to manage, whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
-If you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute signed managed components.
+If you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine, whether to execute signed managed components.
If you disable this policy setting, Internet Explorer will not execute signed managed components.
@@ -12859,6 +13139,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -12877,7 +13158,7 @@ ADMX Info:
-This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.
+This policy setting allows you to manage, whether an ActiveX control marked safe for scripting can interact with a script.
If you enable this policy setting, script interaction can occur automatically without user intervention.
@@ -12910,6 +13191,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -12928,7 +13210,7 @@ ADMX Info:
-This policy setting allows you to manage whether applets are exposed to scripts within the zone.
+This policy setting allows you to manage, whether applets are exposed to scripts within the zone.
If you enable this policy setting, scripts can access applets automatically without user intervention.
@@ -12961,6 +13243,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -12979,7 +13262,7 @@ ADMX Info:
-This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer, for example).
+This policy setting controls, whether or not the "Open File - Security Warning" message appears, when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer, for example).
If you enable this policy setting and set the drop-down box to Enable, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open.
@@ -13010,6 +13293,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -13059,6 +13343,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -13077,7 +13362,7 @@ ADMX Info:
-This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.
+This policy setting allows you to manage, whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.
If you enable this policy setting, most unwanted pop-up windows are prevented from appearing.
@@ -13108,6 +13393,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -13126,13 +13412,13 @@ ADMX Info:
-Internet Explorer allows scripts to programmatically open, resize, and reposition windows of various types. The Window Restrictions security feature restricts popup windows and prohibits scripts from displaying windows in which the title and status bars are not visible to the user or obfuscate other Windows' title and status bars.
+Internet Explorer allows scripts to programmatically open, resize, and reposition windows of various types. The Window Restrictions security feature restricts pop-up windows, and prohibits scripts from displaying windows in which the title and status bars are not visible to the user or obfuscate other Windows' title and status bars.
-If you enable this policy setting, popup windows and other restrictions apply for File Explorer and Internet Explorer processes.
+If you enable this policy setting, pop-up windows and other restrictions apply for File Explorer and Internet Explorer processes.
-If you disable this policy setting, scripts can continue to create popup windows and windows that obfuscate other windows.
+If you disable this policy setting, scripts can continue to create pop-up windows and windows that obfuscate other windows.
-If you do not configure this policy setting, popup windows and other restrictions apply for File Explorer and Internet Explorer processes.
+If you do not configure this policy setting, pop-up windows and other restrictions apply for File Explorer and Internet Explorer processes.
@@ -13157,6 +13443,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -13177,7 +13464,10 @@ ADMX Info:
This policy setting allows you to restrict the search providers that appear in the Search box in Internet Explorer to those defined in the list of policy keys for search providers (found under [HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\SearchScopes]). Normally, search providers can be added from third-party toolbars or in Setup, but the user can also add them from a search provider's website.
-If you enable this policy setting, the user cannot configure the list of search providers on his or her computer, and any default providers installed do not appear (including providers installed from other applications). The only providers that appear are those in the list of policy keys for search providers. Note: This list can be created through a custom administrative template file. For information about creating this custom administrative template file, see the Internet Explorer documentation on search providers.
+If you enable this policy setting, the user cannot configure the list of search providers on his or her computer, and any default providers installed do not appear (including providers installed from other applications). The only providers that appear are those in the list of policy keys for search providers.
+
+> [!NOTE]
+> This list can be created through a custom administrative template file. For information about creating this custom administrative template file, see the Internet Explorer documentation on search providers.
If you disable or do not configure this policy setting, the user can configure his or her list of search providers.
@@ -13204,6 +13494,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -13254,6 +13545,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -13272,7 +13564,7 @@ ADMX Info:
-This setting lets you decide whether to open all sites not included in the Enterprise Mode Site List in Microsoft Edge. If you use this setting, you must also turn on the [InternetExplorer/AllowEnterpriseModeSiteList ](#internetexplorer-policies) policy setting and you must include at least one site in the Enterprise Mode Site List.
+This setting lets you decide, whether to open all sites not included in the Enterprise Mode Site List in Microsoft Edge. If you use this setting, you must also turn on the [InternetExplorer/AllowEnterpriseModeSiteList ](#internetexplorer-policies) policy setting, and you must include at least one site in the Enterprise Mode Site List.
If you enable this setting, it automatically opens all sites not included in the Enterprise Mode Site List in Microsoft Edge.
@@ -13324,6 +13616,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -13371,6 +13664,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -13389,7 +13683,7 @@ ADMX Info:
-This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
+This policy setting allows you to manage, whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
@@ -13420,6 +13714,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -13438,7 +13733,7 @@ ADMX Info:
-This policy setting manages whether users will be automatically prompted for ActiveX control installations.
+This policy setting manages, whether users will be automatically prompted for ActiveX control installations.
If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.
@@ -13469,6 +13764,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -13487,7 +13783,7 @@ ADMX Info:
-This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
+This policy setting determines, whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
If you enable this setting, users will receive a file download dialog for automatic download attempts.
@@ -13516,6 +13812,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -13534,7 +13831,7 @@ ADMX Info:
-This policy setting allows you to manage whether pages of the zone may download HTML fonts.
+This policy setting allows you to manage, whether pages of the zone may download HTML fonts.
If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.
@@ -13565,6 +13862,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -13583,11 +13881,11 @@ ADMX Info:
-This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone.
+This policy setting allows you to manage, whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone.
-If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.
+If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.
-If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
+If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone, as set by Protection from Zone Elevation feature control.
If you do not configure this policy setting, a warning is issued to the user that potentially risky navigation is about to occur.
@@ -13614,6 +13912,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -13632,9 +13931,9 @@ ADMX Info:
-This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
+This policy setting allows you to manage, whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
-If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.
+If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine, whether to execute unsigned managed components.
If you disable this policy setting, Internet Explorer will not execute unsigned managed components.
@@ -13663,6 +13962,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -13681,7 +13981,7 @@ ADMX Info:
-This policy setting allows you to manage whether the user can run scriptlets.
+This policy setting allows you to manage, whether the user can run scriptlets.
If you enable this policy setting, the user can run scriptlets.
@@ -13712,6 +14012,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -13730,7 +14031,7 @@ ADMX Info:
-This policy setting controls whether Windows Defender SmartScreen scans pages in this zone for malicious content.
+This policy setting controls, whether Windows Defender SmartScreen scans pages in this zone for malicious content.
If you enable this policy setting, Windows Defender SmartScreen scans pages in this zone for malicious content.
@@ -13738,7 +14039,8 @@ If you disable this policy setting, Windows Defender SmartScreen does not scan p
If you do not configure this policy setting, the user can choose whether Windows Defender SmartScreen scans pages in this zone for malicious content.
-Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
+> [!NOTE]
+> In Internet Explorer 7, this policy setting controls whether Phishing Filter, scans pages in this zone for malicious content.
@@ -13763,6 +14065,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -13781,7 +14084,7 @@ ADMX Info:
-This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.
+This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored, if this policy setting is appropriately configured.
If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
@@ -13812,6 +14115,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -13830,13 +14134,13 @@ ADMX Info:
-This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.
+This policy setting determines, whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.
-If you enable this policy setting, Internet Explorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control.
+If you enable this policy setting, Internet Explorer won't check with your antimalware program, to see if it's safe to create an instance of the ActiveX control.
-If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control.
+If you disable this policy setting, Internet Explorer always checks with your antimalware program, to see if it's safe to create an instance of the ActiveX control.
-If you don't configure this policy setting, Internet Explorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings.
+If you don't configure this policy setting, Internet Explorer won't check with your antimalware program, to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings.
@@ -13861,6 +14165,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -13912,6 +14217,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -13936,7 +14242,7 @@ If you enable this policy setting, you can choose options from the drop-down box
Low Safety enables applets to perform all operations.
-Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.
+Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer), and user-controlled file I/O.
High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.
@@ -13967,6 +14273,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -13985,13 +14292,13 @@ ADMX Info:
-This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.
+This policy setting allows you to manage the opening of windows and frames, and access of applications across different domains.
-If you enable this policy setting, users can open windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.
+If you enable this policy setting, users can open windows and frames from other domains, and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.
If you disable this policy setting, users cannot open windows and frames to access applications from different domains.
-If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains.
+If you do not configure this policy setting, users can open windows and frames from other domains, and access applications from other domains.
@@ -14007,3 +14314,7 @@ ADMX Info:
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-kerberos.md b/windows/client-management/mdm/policy-csp-kerberos.md
index f8ed8cecde..5e4320bf4c 100644
--- a/windows/client-management/mdm/policy-csp-kerberos.md
+++ b/windows/client-management/mdm/policy-csp-kerberos.md
@@ -14,7 +14,6 @@ manager: dansimp
# Policy CSP - Kerberos
-
@@ -54,7 +53,6 @@ manager: dansimp
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
@@ -66,6 +64,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -112,6 +111,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -138,8 +138,8 @@ This policy allows retrieving the cloud Kerberos ticket during the sign in.
Valid values:
-0 (default) - Disabled.
-1 - Enabled.
+0 (default) - Disabled
+1 - Enabled
@@ -164,6 +164,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -181,7 +182,7 @@ ADMX Info:
-This policy setting controls whether a device will request claims and compound authentication for Dynamic Access Control and Kerberos armoring using Kerberos authentication with domains that support these features.
+This policy setting controls whether a device will request claims and compound authentication for Dynamic Access Control and Kerberos armoring, using Kerberos authentication with domains that support these features.
If you enable this policy setting, the client computers will request claims, provide information required to create compounded authentication and armor Kerberos messages in domains that support claims and compound authentication for Dynamic Access Control and Kerberos armoring.
If you disable or don't configure this policy setting, the client devices won't request claims, provide information required to create compounded authentication and armor Kerberos messages. Services hosted on the device won't be able to retrieve claims for clients using Kerberos protocol transition.
@@ -209,6 +210,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -263,6 +265,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -280,9 +283,10 @@ ADMX Info:
-This policy setting controls whether a computer requires that Kerberos message exchanges be armored when communicating with a domain controller.
+This policy setting controls whether a computer requires that Kerberos message exchanges being armored when communicating with a domain controller.
-Warning: When a domain doesn't support Kerberos armoring by enabling "Support Dynamic Access Control and Kerberos armoring", then all authentication for all its users will fail from computers with this policy setting enabled.
+> [!WARNING]
+> When a domain doesn't support Kerberos armoring by enabling "Support Dynamic Access Control and Kerberos armoring", then all authentication for all its users will fail from computers with this policy setting enabled.
If you enable this policy setting, the client computers in the domain enforce the use of Kerberos armoring in only authentication service (AS) and ticket-granting service (TGS) message exchanges with the domain controllers.
@@ -314,6 +318,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -335,7 +340,7 @@ This policy setting controls the Kerberos client's behavior in validating the KD
If you enable this policy setting, the Kerberos client requires that the KDC's X.509 certificate contains the KDC key purpose object identifier in the Extended Key Usage (EKU) extensions, and that the KDC's X.509 certificate contains a dNSName subjectAltName (SAN) extension that matches the DNS name of the domain. If the computer is joined to a domain, the Kerberos client requires that the KDC's X.509 certificate must be signed by a Certificate Authority (CA) in the NTAuth store. If the computer isn't joined to a domain, the Kerberos client allows the root CA certificate on the smart card to be used in the path validation of the KDC's X.509 certificate.
-If you disable or don't configure this policy setting, the Kerberos client requires only that the KDC certificate contain the Server Authentication purpose object identifier in the EKU extensions that can be issued to any server.
+If you disable or don't configure this policy setting, the Kerberos client requires only the KDC certificate that contains the Server Authentication purpose object identifier in the EKU extensions that can be issued to any server.
@@ -360,6 +365,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -386,7 +392,7 @@ If you enable this policy setting, the Kerberos client or server uses the config
If you disable or don't configure this policy setting, the Kerberos client or server uses the locally configured value or the default value.
> [!NOTE]
-> This policy setting configures the existing MaxTokenSize registry value in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters, which was added in Windows XP and Windows Server 2003, with a default value of 12,000 bytes. Beginning with Windows 8 the default is 48,000 bytes. Due to HTTP's base64 encoding of authentication context tokens, it's not advised to set this value more than 48,000 bytes.
+> This policy setting configures the existing MaxTokenSize registry value in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters, which was added in Windows XP and Windows Server 2003, with a default value of 12,000 bytes. Beginning with Windows 8, the default is 48,000 bytes. Due to HTTP's base64 encoding of authentication context tokens, it's not advised to set this value more than 48,000 bytes.
@@ -411,6 +417,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -428,9 +435,9 @@ ADMX Info:
-Adds a list of domains that an Azure Active Directory joined device can attempt to contact when it can't resolve a UPN to a principal.
+Adds a list of domains that an Azure Active Directory-joined device can attempt to contact when it can't resolve a UPN to a principal.
-Devices joined to Azure Active Directory in a hybrid environment need to interact with Active Directory Domain Controllers, but they lack the built-in ability to find a Domain Controller that a domain-joined device has. This limitation can cause failures when such a device needs to resolve an Azure Active Directory UPN into an Active Directory Principal. You can use this policy to avoid those failures.
+Devices joined to Azure Active Directory in a hybrid environment need to interact with Active Directory Domain Controllers, but they lack the built-in ability to find a Domain Controller that a domain-joined device has. This limitation can cause failures, when such a device needs to resolve an Azure Active Directory UPN into an Active Directory Principal. You can use this policy to avoid those failures.
@@ -447,3 +454,6 @@ Devices joined to Azure Active Directory in a hybrid environment need to interac
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-kioskbrowser.md b/windows/client-management/mdm/policy-csp-kioskbrowser.md
index ec353dc9aa..e5a08afafe 100644
--- a/windows/client-management/mdm/policy-csp-kioskbrowser.md
+++ b/windows/client-management/mdm/policy-csp-kioskbrowser.md
@@ -14,8 +14,6 @@ manager: dansimp
# Policy CSP - KioskBrowser
-
-
These policies currently only apply to Kiosk Browser app. Kiosk Browser is a Microsoft Store app, added in Windows 10 version 1803, that provides IT a way to customize the end user's browsing experience to fulfill kiosk, signage, and shared device scenarios. Application developers can also create their own kiosk browser and read these policies using [NamedPolicy.GetPolicyFromPath(String, String) Method](/uwp/api/windows.management.policies.namedpolicy.getpolicyfrompath#Windows_Management_Policies_NamedPolicy_GetPolicyFromPath_System_String_System_String_).
@@ -60,6 +58,7 @@ These policies currently only apply to Kiosk Browser app. Kiosk Browser is a Mic
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -96,6 +95,7 @@ List of exceptions to the blocked website URLs (with wildcard support). This pol
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -132,6 +132,7 @@ List of blocked website URLs (with wildcard support). This policy is used to con
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -168,6 +169,7 @@ Configures the default URL kiosk browsers to navigate on launch and restart.
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -201,6 +203,7 @@ Shows the Kiosk Browser's end session button. When the policy is enabled, the Ki
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -237,6 +240,7 @@ Enable/disable kiosk browser's home button.
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -273,6 +277,7 @@ Enable/disable kiosk browser's navigation buttons (forward/back).
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -290,7 +295,7 @@ Enable/disable kiosk browser's navigation buttons (forward/back).
-Amount of time in minutes the session is idle until the kiosk browser restarts in a fresh state.
+Amount of time in minutes, the session is idle until the kiosk browser restarts in a fresh state.
The value is an int 1-1440 that specifies the number of minutes the session is idle until the kiosk browser restarts in a fresh state. The default value is empty, which means there's no idle timeout within the kiosk browser.
@@ -301,4 +306,8 @@ The value is an int 1-1440 that specifies the number of minutes the session is i
-
\ No newline at end of file
+
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-lanmanworkstation.md b/windows/client-management/mdm/policy-csp-lanmanworkstation.md
index abd1293e59..40e82cbc5d 100644
--- a/windows/client-management/mdm/policy-csp-lanmanworkstation.md
+++ b/windows/client-management/mdm/policy-csp-lanmanworkstation.md
@@ -14,8 +14,6 @@ manager: dansimp
# Policy CSP - LanmanWorkstation
-
-
@@ -27,7 +25,6 @@ manager: dansimp
-
@@ -39,6 +36,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -56,13 +54,13 @@ manager: dansimp
-This policy setting determines if the SMB client will allow insecure guest sign ins to an SMB server.
+This policy setting determines, if the SMB client will allow insecure guest sign in to an SMB server.
-If you enable this policy setting or if you don't configure this policy setting, the SMB client will allow insecure guest sign ins.
+If you enable this policy setting or if you don't configure this policy setting, the SMB client will allow insecure guest sign in.
-If you disable this policy setting, the SMB client will reject insecure guest sign ins.
+If you disable this policy setting, the SMB client will reject insecure guest sign in.
-Insecure guest sign ins are used by file servers to allow unauthenticated access to shared folders. While uncommon in an enterprise environment, insecure guest sign ins are frequently used by consumer Network Attached Storage (NAS) appliances acting as file servers. Windows file servers require authentication and don't use insecure guest sign ins by default. Since insecure guest sign ins are unauthenticated, important security features such as SMB Signing and SMB Encryption are disabled. As a result, clients that allow insecure guest sign ins are vulnerable to various man-in-the-middle attacks that can result in data loss, data corruption, and exposure to malware. Additionally, any data written to a file server using an insecure guest sign in is potentially accessible to anyone on the network. Microsoft recommends disabling insecure guest sign ins and configuring file servers to require authenticated access.
+Insecure guest sign in are used by file servers to allow unauthenticated access to shared folders. While uncommon in an enterprise environment, insecure guest sign in are frequently used by consumer Network Attached Storage (NAS) appliances acting as file servers. Windows file servers require authentication, and don't use insecure guest sign in by default. Since insecure guest sign in are unauthenticated, important security features such as SMB Signing and SMB Encryption are disabled. As a result, clients that allow insecure guest sign in are vulnerable to various man-in-the-middle attacks that can result in data loss, data corruption, and exposure to malware. Additionally, any data written to a file server using an insecure guest sign in is potentially accessible to anyone on the network. Microsoft recommends disabling insecure guest sign in and configuring file servers to require authenticated access.
@@ -82,3 +80,6 @@ This setting supports a range of values between 0 and 1.
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-licensing.md b/windows/client-management/mdm/policy-csp-licensing.md
index 430b7af709..80e2f0bd5a 100644
--- a/windows/client-management/mdm/policy-csp-licensing.md
+++ b/windows/client-management/mdm/policy-csp-licensing.md
@@ -14,8 +14,6 @@ manager: dansimp
# Policy CSP - Licensing
-
-
@@ -30,7 +28,6 @@ manager: dansimp
-
@@ -42,6 +39,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -90,6 +88,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -121,8 +120,8 @@ ADMX Info:
The following list shows the supported values:
-- 0 (default) – Disabled.
-- 1 – Enabled.
+- 0 (default) – Disabled
+- 1 – Enabled
@@ -131,3 +130,6 @@ The following list shows the supported values:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
index affd8a51ea..af2cf856e3 100644
--- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
+++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
@@ -182,6 +182,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -201,13 +202,15 @@ manager: dansimp
This policy setting prevents users from adding new Microsoft accounts on this computer.
-If you select the "Users cannot add Microsoft accounts" option, users won't be able to create new Microsoft accounts on this computer, switch a local account to a Microsoft account, or connect a domain account to a Microsoft account. This option is the preferred option if you need to limit the use of Microsoft accounts in your enterprise.
+If you select the "Users cannot add Microsoft accounts" option, users won't be able to create new Microsoft accounts on this computer. Switch a local account to a Microsoft account, or connect a domain account to a Microsoft account. This option is the preferred option if you need to limit the use of Microsoft accounts in your enterprise.
If you select the "Users cannot add or log on with Microsoft accounts" option, existing Microsoft account users won't be able to sign in to Windows. Selecting this option might make it impossible for an existing administrator on this computer to sign in and manage the system.
If you disable or don't configure this policy (recommended), users will be able to use Microsoft accounts with Windows.
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+This policy supports the following:
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -236,6 +239,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -255,7 +259,9 @@ The following list shows the supported values:
This setting allows the administrator to enable the local Administrator account.
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+This policy supports the following:
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -283,6 +289,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -302,7 +309,9 @@ The following list shows the supported values:
This setting allows the administrator to enable the guest Administrator account.
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+This policy supports the following:
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -331,6 +340,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -352,16 +362,19 @@ Accounts: Limit local account use of blank passwords to console logon only
This security setting determines whether local accounts that aren't password protected can be used to sign in from locations other than the physical computer console. If enabled, local accounts that aren't password protected will only be able to sign in at the computer's keyboard.
-Default: Enabled.
+Default: Enabled
> [!WARNING]
> Computers that aren't in physically secure locations should always enforce strong password policies for all local user accounts. Otherwise, anyone with physical access to the computer can sign in by using a user account that doesn't have a password. This is especially important for portable computers.
-If you apply this security policy to the Everyone group, no one will be able to sign in through Remote Desktop Services.
+>
+> If you apply this security policy to the Everyone group, no one will be able to sign in through Remote Desktop Services.
-This setting doesn't affect sign ins that use domain accounts.
-It's possible for applications that use remote interactive sign ins to bypass this setting.
+This setting doesn't affect sign in that use domain accounts.
+It's possible for applications that use remote interactive sign in to bypass this setting.
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+This policy supports the following:
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -372,8 +385,8 @@ GP Info:
Valid values:
-- 0 - disabled - local accounts that aren't password protected can be used to sign in from locations other than the physical computer console
-- 1 - enabled - local accounts that aren't password protected will only be able to sign in at the computer's keyboard
+- 0 - disabled - local accounts that aren't password protected can be used to sign in from locations other than the physical computer console.
+- 1 - enabled - local accounts that aren't password protected will only be able to sign in at the computer's keyboard.
@@ -389,6 +402,7 @@ Valid values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -410,9 +424,11 @@ Accounts: Rename administrator account
This security setting determines whether a different account name is associated with the security identifier (SID) for the account Administrator. Renaming the well-known Administrator account makes it slightly more difficult for unauthorized persons to guess this privileged user name and password combination.
-Default: Administrator.
+Default: Administrator
-Value type is string. Supported operations are Add, Get, Replace, and Delete.
+This policy supports the following:
+- Supported value type is string.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -434,6 +450,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -455,9 +472,11 @@ Accounts: Rename guest account
This security setting determines whether a different account name is associated with the security identifier (SID) for the account "Guest." Renaming the well-known Guest account makes it slightly more difficult for unauthorized persons to guess this user name and password combination.
-Default: Guest.
+Default: Guest
-Value type is string. Supported operations are Add, Get, Replace, and Delete.
+This policy supports the following:
+- Supported value type is string.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -479,6 +498,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -496,10 +516,11 @@ GP Info:
-Devices: Allow undock without having to sign in.
+Devices: Allow undock without having to sign in
This security setting determines whether a portable computer can be undocked without having to sign in. If this policy is enabled, sign in isn't required and an external hardware eject button can be used to undock the computer. If disabled, a user must sign in and have the Remove computer from docking station privilege to undock the computer.
-Default: Enabled.
+
+Default: Enabled
> [!CAUTION]
> Disabling this policy may tempt users to try and physically remove the laptop from its docking station using methods other than the external hardware eject button. Since this may cause damage to the hardware, this setting, in general, should only be disabled on laptop configurations that are physically securable.
@@ -524,6 +545,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -545,8 +567,8 @@ Devices: Allowed to format and eject removable media
This security setting determines who is allowed to format and eject removable NTFS media. This capability can be given to:
-- Administrators
-- Administrators and Interactive Users
+- Administrators.
+- Administrators and Interactive Users.
Default: This policy isn't defined, and only Administrators have this ability.
@@ -570,6 +592,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -591,7 +614,7 @@ Devices: Prevent users from installing printer drivers when connecting to shared
For a computer to print to a shared printer, the driver for that shared printer must be installed on the local computer. This security setting determines who is allowed to install a printer driver as part of connecting to a shared printer. If this setting is enabled, only Administrators can install a printer driver as part of connecting to a shared printer. If this setting is disabled, any user can install a printer driver as part of connecting to a shared printer.
-Default on servers: Enabled.
+Default on servers: Enabled
Default on workstations: Disabled
>[!NOTE]
@@ -617,6 +640,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -662,6 +686,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -679,10 +704,11 @@ GP Info:
-Interactive Logon: Display user information when the session is locked
+Interactive Logon: Display user information when the session is locked
-
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+This policy supports the following:
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -693,9 +719,9 @@ GP Info:
Valid values:
-- 1 - User display name, domain and user names
-- 2 - User display name only
-- 3 - Don't display user information
+- 1 - User display name, domain and user names.
+- 2 - User display name only.
+- 3 - Don't display user information.
@@ -711,6 +737,7 @@ Valid values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -731,13 +758,16 @@ Valid values:
Interactive logon: Don't display last signed-in
This security setting determines whether the Windows sign-in screen will show the username of the last person who signed in on this PC.
+
If this policy is enabled, the username won't be shown.
If this policy is disabled, the username will be shown.
-Default: Disabled.
+Default: Disabled
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+This policy supports the following:
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -748,8 +778,8 @@ GP Info:
Valid values:
-- 0 - disabled (username will be shown)
-- 1 - enabled (username won't be shown)
+- 0 - disabled (username will be shown).
+- 1 - enabled (username won't be shown).
@@ -765,6 +795,7 @@ Valid values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -790,9 +821,11 @@ If this policy is enabled, the username won't be shown.
If this policy is disabled, the username will be shown.
-Default: Disabled.
+Default: Disabled
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+This policy supports the following:
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -803,8 +836,8 @@ GP Info:
Valid values:
-- 0 - disabled (username will be shown)
-- 1 - enabled (username won't be shown)
+- 0 - disabled (username will be shown).
+- 1 - enabled (username won't be shown).
@@ -820,6 +853,7 @@ Valid values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -845,10 +879,12 @@ If this policy is enabled on a computer, a user isn't required to press CTRL+ALT
If this policy is disabled, any user is required to press CTRL+ALT+DEL before logging on to Windows.
-Default on domain-computers: Enabled: At least Windows 8/Disabled: Windows 7 or earlier.
-Default on stand-alone computers: Enabled.
+Default on domain-computers: Enabled: At least Windows 8 / Disabled: Windows 7 or earlier.
+Default on stand-alone computers: Enabled
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+This policy supports the following:
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -859,8 +895,8 @@ GP Info:
Valid values:
-- 0 - disabled
-- 1 - enabled (a user isn't required to press CTRL+ALT+DEL to sign in)
+- 0 - disabled.
+- 1 - enabled (a user isn't required to press CTRL+ALT+DEL to sign in).
@@ -876,6 +912,7 @@ Valid values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -893,13 +930,15 @@ Valid values:
-Interactive logon: Machine inactivity limit.
+Interactive logon: Machine inactivity limit
Windows notices inactivity of a sign-in session, and if the amount of inactive time exceeds the inactivity limit, then the screen saver will run, locking the session.
-Default: not enforced.
+Default: Not enforced
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+This policy supports the following:
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -925,6 +964,7 @@ Valid values: From 0 to 599940, where the value is the amount of inactivity time
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -946,11 +986,13 @@ Interactive logon: Message text for users attempting to sign in
This security setting specifies a text message that is displayed to users when they sign in.
-This text is often used for legal reasons, for example, to warn users about the ramifications of misusing company information or to warn them that their actions may be audited.
+This text is often used for legal reasons. For example, to warn users about the ramifications of misusing company information or to warn them that their actions may be audited.
-Default: No message.
+Default: No message
-Value type is string. Supported operations are Add, Get, Replace, and Delete.
+This policy supports the following:
+- Supported value type is string.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -972,6 +1014,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -993,9 +1036,11 @@ Interactive logon: Message title for users attempting to sign in
This security setting allows the specification of a title to appear in the title bar of the window that contains the Interactive logon: Message text for users attempting to sign in.
-Default: No message.
+Default: No message
-Value type is string. Supported operations are Add, Get, Replace, and Delete.
+This policy supports the following:
+- Supported value type is string.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -1017,6 +1062,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1040,16 +1086,16 @@ This security setting determines what happens when the smart card for a logged-o
The options are:
- No Action
- Lock Workstation
- Force Logoff
- Disconnect if a Remote Desktop Services session
+- No Action
+- Lock Workstation
+- Force Logoff
+- Disconnect if a Remote Desktop Services session
If you click Lock Workstation in the Properties dialog box for this policy, the workstation is locked when the smart card is removed, allowing users to leave the area, take their smart card with them, and still maintain a protected session.
If you click Force Logoff in the Properties dialog box for this policy, the user is automatically signed off when the smart card is removed.
-If you click Disconnect if a Remote Desktop Services session, removal of the smart card disconnects the session without logging off the user. This policy allows the user to insert the smart card and resume the session later, or at another smart card reader-equipped computer, without having to sign in again. If the session is local, this policy functions identically to Lock Workstation.
+If you click Disconnect on a Remote Desktop Services session, removal of the smart card disconnects the session without logging off the user. This policy allows the user to insert the smart card and resume the session later, or at another smart card reader-equipped computer, without having to sign in again. If the session is local, this policy functions identically to Lock Workstation.
> [!NOTE]
> Remote Desktop Services was called Terminal Services in previous versions of Windows Server.
@@ -1077,6 +1123,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1096,14 +1143,14 @@ GP Info:
Microsoft network client: Digitally sign communications (always)
-This security setting determines whether packet signing is required by the SMB client component. The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether SMB packet signing must be negotiated before further communication with an SMB server is permitted.
+This security setting determines whether packet signing is required by the SMB client component. The server message block (SMB) protocol provides the basis for Microsoft file, print sharing, and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether SMB packet signing must be negotiated before further communication with an SMB server is permitted.
If this setting is enabled, the Microsoft network client won't communicate with a Microsoft network server unless that server agrees to perform SMB packet signing. If this policy is disabled, SMB packet signing is negotiated between the client and server.
-Default: Disabled.
+Default: Disabled
> [!Note]
-> All Windows operating systems support both a client-side SMB component and a server-side SMB component.Enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
+> All Windows operating systems support both a client-side SMB component and a server-side SMB component. Enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
> - Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing.
> - Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
> - Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing.
@@ -1131,6 +1178,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1152,11 +1200,11 @@ Microsoft network client: Digitally sign communications (if server agrees)
This security setting determines whether the SMB client attempts to negotiate SMB packet signing.
-The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether the SMB client component attempts to negotiate SMB packet signing when it connects to an SMB server.
+The server message block (SMB) protocol provides the basis for Microsoft file, print sharing, and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether the SMB client component attempts to negotiate SMB packet signing when it connects to an SMB server.
If this setting is enabled, the Microsoft network client will ask the server to perform SMB packet signing upon session setup. If packet signing has been enabled on the server, packet signing will be negotiated. If this policy is disabled, the SMB client will never negotiate SMB packet signing.
-Default: Enabled.
+Default: Enabled
> [!Note]
> All Windows operating systems support both a client-side SMB component and a server-side SMB component. Enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
@@ -1189,6 +1237,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1212,7 +1261,7 @@ If this security setting is enabled, the Server Message Block (SMB) redirector i
Sending unencrypted passwords is a security risk.
-Default: Disabled.
+Default: Disabled
@@ -1234,6 +1283,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1294,6 +1344,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1315,9 +1366,9 @@ Microsoft network server: Digitally sign communications (always)
This security setting determines whether packet signing is required by the SMB server component.
-The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether SMB packet signing must be negotiated before further communication with an SMB client is permitted.
+The server message block (SMB) protocol provides the basis for Microsoft file, print sharing, and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether SMB packet signing must be negotiated before further communication with an SMB client is permitted.
-If this setting is enabled, the Microsoft network server won't communicate with a Microsoft network client unless that client agrees to perform SMB packet signing. If this setting is disabled, SMB packet signing is negotiated between the client and server.
+If this setting is enabled, the Microsoft network server won't communicate with a Microsoft network client, unless that client agrees to perform SMB packet signing. If this setting is disabled, SMB packet signing is negotiated between the client and server.
Default: Disabled for member servers. Enabled for domain controllers.
@@ -1352,6 +1403,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1373,7 +1425,7 @@ Microsoft network server: Digitally sign communications (if client agrees)
This security setting determines whether the SMB server will negotiate SMB packet signing with clients that request it.
-The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether the SMB server will negotiate SMB packet signing when an SMB client requests it.
+The server message block (SMB) protocol provides the basis for Microsoft file, print sharing, and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether the SMB server will negotiate SMB packet signing when an SMB client requests it.
If this setting is enabled, the Microsoft network server will negotiate SMB packet signing as requested by the client. That is, if packet signing has been enabled on the client, packet signing will be negotiated. If this policy is disabled, the SMB client will never negotiate SMB packet signing.
@@ -1410,6 +1462,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1438,8 +1491,8 @@ This security option allows more restrictions to be placed on anonymous connecti
Enabled: Don't allow enumeration of SAM accounts. This option replaces Everyone with Authenticated Users in the security permissions for resources.
Disabled: No extra restrictions. Rely on default permissions.
-Default on workstations: Enabled.
-Default on server: Enabled.
+Default on workstations: Enabled
+Default on server: Enabled
> [!IMPORTANT]
> This policy has no impact on domain controllers.
@@ -1464,6 +1517,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1487,7 +1541,7 @@ This security setting determines whether anonymous enumeration of SAM accounts a
Windows allows anonymous users to perform certain activities, such as enumerating the names of domain accounts and network shares. This feature is convenient, for example, when an administrator wants to grant access to users in a trusted domain that doesn't maintain a reciprocal trust. If you don't want to allow anonymous enumeration of SAM accounts and shares, then enable this policy.
-Default: Disabled.
+Default: Disabled
@@ -1509,6 +1563,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1530,9 +1585,9 @@ Network access: Restrict anonymous access to Named Pipes and Shares
When enabled, this security setting restricts anonymous access to shares and pipes to the settings for:
-Network access: Named pipes that can be accessed anonymously
-Network access: Shares that can be accessed anonymously
-Default: Enabled.
+- Network access: Named pipes that can be accessed anonymously.
+- Network access: Shares that can be accessed anonymously.
+- Default: Enabled.
@@ -1554,6 +1609,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1599,6 +1655,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1631,8 +1688,8 @@ GP Info:
Valid values:
-- 0 - Disabled
-- 1 - Enabled (Allow Local System to use computer identity for NTLM.)
+- 0 - Disabled.
+- 1 - Enabled (Allow Local System to use computer identity for NTLM).
@@ -1648,6 +1705,7 @@ Valid values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1669,8 +1727,9 @@ Network security: Allow PKU2U authentication requests to this computer to use on
This policy will be turned off by default on domain joined machines. This disablement would prevent online identities from authenticating to the domain joined machine.
-
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+This policy supports the following:
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -1681,8 +1740,8 @@ GP Info:
Valid values:
-- 0 - disabled
-- 1 - enabled (allow PKU2U authentication requests to this computer to use online identities.)
+- 0 - disabled.
+- 1 - enabled (allow PKU2U authentication requests to this computer to use online identities).
@@ -1698,6 +1757,7 @@ Valid values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1719,9 +1779,8 @@ Network security: Don't store LAN Manager hash value on next password change
This security setting determines if, at the next password change, the LAN Manager (LM) hash value for the new password is stored. The LM hash is relatively weak and prone to attack, as compared with the cryptographically stronger Windows NT hash. Since the LM hash is stored on the local computer in the security database, the passwords can be compromised if the security database is attacked.
-
-Default on Windows Vista and above: Enabled
-Default on Windows XP: Disabled.
+- Default on Windows Vista and above: Enabled
+- Default on Windows XP: Disabled
@@ -1743,6 +1802,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1762,27 +1822,27 @@ GP Info:
Network security LAN Manager authentication level
-This security setting determines which challenge/response authentication protocol is used for network logons. This choice affects the level of authentication protocol used by clients, the level of session security negotiated, and the level of authentication accepted by servers as follows:
+This security setting determines which challenge/response authentication protocol is used for network logon. This choice affects the level of authentication protocol used by clients, the level of session security negotiated, and the level of authentication accepted by servers as follows:
-Send LM and NTLM responses: Clients use LM and NTLM authentication and never use NTLMv2 session security; domain controllers accept LM, NTLM, and NTLMv2 authentication.
+- Send LM and NTLM responses: Clients use LM and NTLM authentication and never use NTLMv2 session security; domain controllers accept LM, NTLM, and NTLMv2 authentication.
-Send LM and NTLM - use NTLMv2 session security if negotiated: Clients use LM and NTLM authentication and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication.
+- Send LM and NTLM - use NTLMv2 session security if negotiated: Clients use LM and NTLM authentication and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication.
-Send NTLM response only: Clients use NTLM authentication only and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication.
+- Send NTLM response only: Clients use NTLM authentication only and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication.
-Send NTLMv2 response only: Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication.
+- Send NTLMv2 response only: Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication.
-Send NTLMv2 response only\refuse LM: Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it; domain controllers refuse LM (accept only NTLM and NTLMv2 authentication).
+- Send NTLMv2 response only\refuse LM: Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it; domain controllers refuse LM (accept only NTLM and NTLMv2 authentication).
-Send NTLMv2 response only\refuse LM and NTLM: Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it; domain controllers refuse LM and NTLM (accept only NTLMv2 authentication).
+- Send NTLMv2 response only\refuse LM and NTLM: Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it; domain controllers refuse LM and NTLM (accept only NTLMv2 authentication).
-Default:
+- Default:
-windows XP: send LM and NTLM responses
+- windows XP: send LM and NTLM responses.
-Windows Server 2003: Send NTLM response only
+- Windows Server 2003: Send NTLM response only.
-Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: Send NTLMv2 response only
+Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: Send NTLMv2 response only.
@@ -1804,6 +1864,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1828,11 +1889,11 @@ This security setting allows a client device to require the negotiation of 128-b
- Require NTLMv2 session security: The connection will fail if message integrity isn't negotiated.
- Require 128-bit encryption: The connection will fail if strong encryption (128-bit) isn't negotiated.
-Default:
+- Default:
-Windows XP, Windows Vista, Windows Server 2003, and Windows Server 2008: No requirements.
+- Windows XP, Windows Vista, Windows Server 2003, and Windows Server 2008: No requirements.
-Windows 7 and Windows Server 2008 R2: Require 128-bit encryption.
+- Windows 7 and Windows Server 2008 R2: Require 128-bit encryption.
@@ -1854,6 +1915,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1875,14 +1937,15 @@ Network security: Minimum session security for NTLM SSP based (including secure
This security setting allows a server to require the negotiation of 128-bit encryption and/or NTLMv2 session security. These values are dependent on the LAN Manager Authentication Level security setting value. The options are:
-Require NTLMv2 session security: The connection will fail if message integrity isn't negotiated.
-Require 128-bit encryption. The connection will fail if strong encryption (128-bit) isn't negotiated.
+- Require NTLMv2 session security: The connection will fail if message integrity isn't negotiated.
-Default:
+- Require 128-bit encryption. The connection will fail if strong encryption (128-bit) isn't negotiated.
-Windows XP, Windows Vista, Windows Server 2003, and Windows Server 2008: No requirements.
+- Default:
-Windows 7 and Windows Server 2008 R2: Require 128-bit encryption
+- Windows XP, Windows Vista, Windows Server 2003, and Windows Server 2008: No requirements.
+
+- Windows 7 and Windows Server 2008 R2: Require 128-bit encryption.
@@ -1904,6 +1967,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1923,13 +1987,13 @@ GP Info:
Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication
-This policy setting allows you to create an exception list of remote servers to which clients are allowed to use NTLM authentication if the "Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers" policy setting is configured.
+This policy setting allows you to create an exception list of remote servers to which clients are allowed to use NTLM authentication, if the "Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers" policy setting is configured.
If you configure this policy setting, you can define a list of remote servers to which clients are allowed to use NTLM authentication.
If you don't configure this policy setting, no exceptions will be applied.
-The naming format for servers on this exception list is the fully qualified domain name (FQDN) or NetBIOS server name used by the application, listed one per line. To ensure exceptions the name used by all applications needs to be in the list, and to ensure an exception is accurate, the server name should be listed in both naming formats. A single asterisk (*) can be used anywhere in the string as a wildcard character.
+The naming format for servers on this exception list is the fully qualified domain name (FQDN) or NetBIOS server name used by the application, listed one per line. To ensure exceptions, the name used by all applications needs to be in the list, and to ensure an exception is accurate, the server name should be listed in both naming formats. A single asterisk (*) can be used anywhere in the string as a wildcard character.
@@ -1960,6 +2024,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2021,6 +2086,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2082,6 +2148,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2143,6 +2210,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2168,10 +2236,12 @@ When this policy is enabled, the Shut Down command is available on the Windows l
When this policy is disabled, the option to shut down the computer doesn't appear on the Windows logon screen. In this case, users must be able to sign in to the computer successfully and have the Shut down the system user right before they can perform a system shutdown.
-Default on workstations: Enabled.
-Default on servers: Disabled.
+- Default on workstations: Enabled.
+- Default on servers: Disabled.
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+This policy supports the following:
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -2182,8 +2252,8 @@ GP Info:
Valid values:
-- 0 - disabled
-- 1 - enabled (allow system to be shut down without having to sign in)
+- 0 - disabled.
+- 1 - enabled (allow system to be shut down without having to sign in).
@@ -2199,6 +2269,7 @@ Valid values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2224,7 +2295,7 @@ Virtual memory support uses a system pagefile to swap pages of memory to disk wh
When this policy is enabled, it causes the system pagefile to be cleared upon clean shutdown. If you enable this security option, the hibernation file (hiberfil.sys) is also zeroed out when hibernation is disabled.
-Default: Disabled.
+Default: Disabled
@@ -2246,6 +2317,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2273,7 +2345,9 @@ Disabled: (Default)
The secure desktop can be disabled only by the user of the interactive desktop or by disabling the "User Account Control: Switch to the secure desktop when prompting for elevation" policy setting.
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+This policy supports the following:
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -2284,8 +2358,8 @@ GP Info:
Valid values:
-- 0 - disabled
-- 1 - enabled (allow UIAccess applications to prompt for elevation without using the secure desktop)
+- 0 - disabled.
+- 1 - enabled (allow UIAccess applications to prompt for elevation without using the secure desktop).
@@ -2301,6 +2375,7 @@ Valid values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2340,7 +2415,9 @@ The options are:
- 5 - Prompt for consent for non-Windows binaries: (Default) When an operation for a non-Microsoft application requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+This policy supports the following:
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -2362,6 +2439,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2380,9 +2458,12 @@ GP Info:
User Account Control: Behavior of the elevation prompt for standard users
+
This policy setting controls the behavior of the elevation prompt for standard users.
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+This policy supports the following:
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -2394,9 +2475,9 @@ GP Info:
The following list shows the supported values:
-- 0 - Automatically deny elevation requests: When an operation requires elevation of privilege, a configurable access denied error message is displayed. An enterprise that is running desktops as standard user may choose this setting to reduce help desk calls.
+- 0 - Automatically deny elevation requests: When an operation requires elevation of privilege, a configurable access denied error message is displayed. An enterprise that is running desktops as standard user, may choose this setting to reduce help desk calls.
- 1 - Prompt for credentials on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a different user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
-- 3 (Default) - Prompt for credentials: When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
+- 3 (Default) - Prompt for credentials: When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
@@ -2412,6 +2493,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2435,9 +2517,9 @@ This policy setting controls the behavior of application installation detection
The options are:
-Enabled: (Default) When an application installation package is detected that requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
+- Enabled: (Default) When an application installation package is detected that requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
-Disabled: Application installation packages aren't detected and prompted for elevation. Enterprises that are running standard user desktops and use delegated installation technologies such as Group Policy Software Installation or Systems Management Server (SMS) should disable this policy setting. In this case, installer detection is unnecessary.
+- Disabled: Application installation packages aren't detected and prompted for elevation. Enterprises that are running standard user desktops and use delegated installation technologies such as Group Policy Software Installation or Systems Management Server (SMS) should disable this policy setting. In this case, installer detection is unnecessary.
@@ -2459,6 +2541,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2478,13 +2561,15 @@ GP Info:
User Account Control: Only elevate executable files that are signed and validated
-This policy setting enforces public key infrastructure (PKI) signature checks for any interactive applications that request elevation of privilege. Enterprise administrators can control which applications are allowed to run by adding certificates to the Trusted Publishers certificate store on local computers.
+This policy setting enforces public key infrastructure (PKI) signature checks for any interactive applications that request elevation of privilege. Enterprise administrators can control which applications are allowed to run, by adding certificates to the Trusted Publishers certificate store on local computers.
The options are:
- 0 - Disabled: (Default) Doesn't enforce PKI certification path validation before a given executable file is permitted to run.
- 1 - Enabled: Enforces the PKI certification path validation for a given executable file before it's permitted to run.
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+This policy supports the following:
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -2506,6 +2591,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2525,7 +2611,7 @@ GP Info:
User Account Control: Only elevate UIAccess applications that are installed in secure locations
-This policy setting controls whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure location in the file system. Secure locations are limited to the following locations:
+This policy setting controls, whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure location in the file system. Secure locations are limited to the following locations:
- .\Program Files\, including subfolders
- .\Windows\system32\
@@ -2538,7 +2624,9 @@ The options are:
- 0 - Disabled: An application runs with UIAccess integrity even if it doesn't reside in a secure location in the file system.
- 1 - Enabled: (Default) If an application resides in a secure location in the file system, it runs only with UIAccess integrity.
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+This policy supports the following:
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -2560,6 +2648,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2587,10 +2676,11 @@ The options are:
> [!NOTE]
> If this policy setting is disabled, Windows Security notifies you that the overall security of the operating system has been reduced.
-- 1 - Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy settings must also be set appropriately to allow the built-in Administrator account and all other users who are members of the Administrators group to run in Admin Approval Mode.
+- 1 - Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy settings must also be set appropriately, to allow the built-in Administrator account and all other users who are members of the Administrators group to run in Admin Approval Mode.
-
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+This policy supports the following:
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -2612,6 +2702,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2637,7 +2728,9 @@ The options are:
- 0 - Disabled: All elevation requests go to the interactive user's desktop. Prompt behavior policy settings for administrators and standard users are used.
- 1 - Enabled: (Default) All elevation requests go to the secure desktop regardless of prompt behavior policy settings for administrators and standard users.
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+This policy supports the following:
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -2659,6 +2752,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2706,6 +2800,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2727,7 +2822,9 @@ User Account Control: Virtualize file and registry write failures to per-user lo
This policy setting controls whether application write failures are redirected to defined registry and file system locations. This policy setting mitigates applications that run as administrator and write run-time application data to %ProgramFiles%, %Windir%, %Windir%\system32, or HKLM\Software.
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+This policy supports the following:
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -2746,5 +2843,8 @@ The following list shows the supported values:
-
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-localusersandgroups.md b/windows/client-management/mdm/policy-csp-localusersandgroups.md
index fb1249a953..46d691f702 100644
--- a/windows/client-management/mdm/policy-csp-localusersandgroups.md
+++ b/windows/client-management/mdm/policy-csp-localusersandgroups.md
@@ -25,7 +25,6 @@ manager: dansimp
-
@@ -37,11 +36,11 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
-
@@ -58,7 +57,7 @@ manager: dansimp
This policy setting allows IT admins to add, remove, or replace members of local groups on a managed device.
> [!NOTE]
-> The [RestrictedGroups/ConfigureGroupMembership](./policy-csp-restrictedgroups.md#restrictedgroups-configuregroupmembership) policy setting also allows you to configure members (users or AAD groups) to a Windows 10 local group. However, it allows only for a full replace of the existing groups with the new members and does not allow selective add or remove.
+> The [RestrictedGroups/ConfigureGroupMembership](./policy-csp-restrictedgroups.md#restrictedgroups-configuregroupmembership) policy setting also allows you to configure members (users or Azure Active Directory groups) to a Windows 10 local group. However, it allows only for a full replace of the existing groups with the new members and does not allow selective add or remove.
>
> Starting from Windows 10, version 20H2, it is recommended to use the LocalUsersandGroups policy instead of the RestrictedGroups policy. Applying both the policies to the same device is unsupported and may yield unpredictable results.
@@ -86,7 +85,7 @@ where:
> [!NOTE]
> When specifying member names of the user accounts, you must use following format – AzureAD\userUPN. For example, "AzureAD\user1@contoso.com" or "AzureAD\user2@contoso.co.uk".
For adding Azure AD groups, you need to specify the Azure AD Group SID. Azure AD group names are not supported with this policy.
-for more information, see [LookupAccountNameA function](/windows/win32/api/winbase/nf-winbase-lookupaccountnamea).
+For more information, see [LookupAccountNameA function](/windows/win32/api/winbase/nf-winbase-lookupaccountnamea).
See [Use custom settings for Windows 10 devices in Intune](/mem/intune/configuration/custom-settings-windows-10) for information on how to create custom profiles.
@@ -94,7 +93,7 @@ See [Use custom settings for Windows 10 devices in Intune](/mem/intune/configura
> - `` and `` can use an Azure AD SID or the user's name. For adding or removing Azure AD groups using this policy, you must use the group's SID. Azure AD group SIDs can be obtained using [Graph](/graph/api/resources/group?view=graph-rest-1.0&preserve-view=true#json-representation) API for Groups. The SID is present in the `securityIdentifier` attribute.
> - When specifying a SID in the `` or ``, member SIDs are added without attempting to resolve them. Therefore, be very careful when specifying a SID to ensure it is correct.
> - `` is not valid for the R (Restrict) action and will be ignored if present.
-> - The list in the XML is processed in the given order except for the R actions, which get processed last to ensure they win. It also means that if a group is present multiple times with different add/remove values, all of them will be processed in the order they are present.
+> - The list in the XML is processed in the given order except for the R actions, which get processed last to ensure they win. It also means that, if a group is present multiple times with different add/remove values, all of them will be processed in the order they are present.
@@ -103,9 +102,9 @@ See [Use custom settings for Windows 10 devices in Intune](/mem/intune/configura
**Examples**
-Example 1: AAD focused.
+Example 1: Azure Active Directory focused.
-The following example updates the built-in administrators group with AAD account "bob@contoso.com" and an Azure AD group with the SID **S-1-12-1-111111111-22222222222-3333333333-4444444444** on an AAD-joined machine.
+The following example updates the built-in administrators group with Azure AD account "bob@contoso.com" and an Azure AD group with the SID **S-1-12-1-111111111-22222222222-3333333333-4444444444** on an AAD-joined machine.
```xml
@@ -117,10 +116,10 @@ The following example updates the built-in administrators group with AAD account
```
-Example 2: Replace / Restrict the built-in administrators group with an AAD user account.
+Example 2: Replace / Restrict the built-in administrators group with an Azure AD user account.
> [!NOTE]
-> When using ‘R’ replace option to configure the built-in ‘Administrators’ group, it is required to always specify the administrator as a member + any other custom members. This is because the built-in administrator must always be a member of the administrators group.
+> When using ‘R’ replace option to configure the built-in ‘Administrators’ group. It is required to always specify the administrator as a member + any other custom members. This is because the built-in administrator must always be a member of the administrators group.
Example:
```xml
@@ -132,9 +131,10 @@ Example:
```
+
Example 3: Update action for adding and removing group members on a hybrid joined machine.
-The following example shows how you can update a local group (**Administrators**)—add an AD domain group as a member using its name (**Contoso\ITAdmins**), add a AAD group by its SID (**S-1-12-1-111111111-22222222222-3333333333-4444444444**), and remove a local account (**Guest**) if it exists.
+The following example shows how you can update a local group (**Administrators**)—add an AD domain group as a member using its name (**Contoso\ITAdmins**), add a Azure Active Directory group by its SID (**S-1-12-1-111111111-22222222222-3333333333-4444444444**), and remove a local account (**Guest**) if it exists.
```xml
@@ -147,7 +147,6 @@ The following example shows how you can update a local group (**Administrators**
```
-
@@ -157,7 +156,7 @@ The following example shows how you can update a local group (**Administrators**
> [!NOTE]
>
-> When AAD group SID’s are added to local groups, during AAD account logon privileges are evaluated only for the following well-known groups on a Windows 10 device:
+> When Azure Active Directory group SID’s are added to local groups, Azure AD account logon privileges are evaluated only for the following well-known groups on a Windows 10 device:
>
> - Administrators
> - Users
@@ -296,5 +295,8 @@ To troubleshoot Name/SID lookup APIs:
```
-
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-lockdown.md b/windows/client-management/mdm/policy-csp-lockdown.md
index 90a9dc1bf5..97ea810006 100644
--- a/windows/client-management/mdm/policy-csp-lockdown.md
+++ b/windows/client-management/mdm/policy-csp-lockdown.md
@@ -14,7 +14,6 @@ manager: dansimp
# Policy CSP - LockDown
-
@@ -26,7 +25,6 @@ manager: dansimp
-
@@ -38,6 +36,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -57,7 +56,7 @@ manager: dansimp
Allows the user to invoke any system user interface by swiping in from any screen edge using touch.
-The easiest way to verify the policy is to restart the explorer process or to reboot after the policy is applied. And then try to swipe from the right edge of the screen. The desired result is for Action Center to not be invoked by the swipe. You can also enter tablet mode and attempt to swipe from the top of the screen to rearrange. That will also be disabled.
+The easiest way to verify the policy is to restart the explorer process or to reboot after the policy is applied, and then try to swipe from the right edge of the screen. The desired result is for Action Center to not be invoked by the swipe. You can also enter tablet mode and attempt to swipe from the top of the screen to rearrange, that will also be disabled.
@@ -80,3 +79,6 @@ The following list shows the supported values:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-maps.md b/windows/client-management/mdm/policy-csp-maps.md
index c2cb4d83fd..6ee7e3956d 100644
--- a/windows/client-management/mdm/policy-csp-maps.md
+++ b/windows/client-management/mdm/policy-csp-maps.md
@@ -14,8 +14,6 @@ manager: dansimp
# Policy CSP - Maps
-
-
@@ -30,7 +28,6 @@ manager: dansimp
-
@@ -42,6 +39,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -85,6 +83,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -128,3 +127,6 @@ The following list shows the supported values:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-memorydump.md b/windows/client-management/mdm/policy-csp-memorydump.md
index eea0f98401..92d62d27ee 100644
--- a/windows/client-management/mdm/policy-csp-memorydump.md
+++ b/windows/client-management/mdm/policy-csp-memorydump.md
@@ -14,8 +14,6 @@ manager: dansimp
# Policy CSP - MemoryDump
-
-
@@ -30,7 +28,6 @@ manager: dansimp
-
@@ -42,6 +39,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -82,6 +80,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -115,3 +114,6 @@ The following list shows the supported values:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-messaging.md b/windows/client-management/mdm/policy-csp-messaging.md
index 7c01fe7a99..f002adc108 100644
--- a/windows/client-management/mdm/policy-csp-messaging.md
+++ b/windows/client-management/mdm/policy-csp-messaging.md
@@ -14,8 +14,6 @@ manager: dansimp
# Policy CSP - Messaging
-
-
@@ -27,7 +25,6 @@ manager: dansimp
-
@@ -39,6 +36,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -80,3 +78,6 @@ The following list shows the supported values:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md
index 02d6f53ac3..b0f1607d6b 100644
--- a/windows/client-management/mdm/policy-csp-mixedreality.md
+++ b/windows/client-management/mdm/policy-csp-mixedreality.md
@@ -68,12 +68,12 @@ Steps to use this policy correctly:
1. The URI value should be entered in OMA-URI text box as ./Vendor/MSFT/Policy/Config/MixedReality/AADGroupMembershipCacheValidityInDays
1. The value can be between min / max allowed.
1. Enroll HoloLens devices and verify both configurations get applied to the device.
-1. Let Azure AD user 1 sign-in when internet is available. Once the user signs-in and Azure AD group membership is confirmed successfully, cache will be created.
+1. Let Azure AD user 1 sign-in, when internet is available. Once the user signs-in and Azure AD group membership is confirmed successfully, cache will be created.
1. Now Azure AD user 1 can take HoloLens offline and use it for kiosk mode as long as policy value allows for X number of days.
1. Steps 4 and 5 can be repeated for any other Azure AD user N. The key point is that any Azure AD user must sign-in to device using Internet at least once. Then we can determine that they're a member of Azure AD group to which Kiosk configuration is targeted.
> [!NOTE]
-> Until step 4 is performed for a Azure AD user will experience failure behavior mentioned similar to “disconnected” environments.
+> Until step 4 is performed for a Azure AD, user will experience failure behavior mentioned similar to “disconnected” environments.
@@ -90,14 +90,14 @@ Steps to use this policy correctly:
|HoloLens 2|Yes|
-This new AutoLogonUser policy controls whether a user will be automatically signed in. Some customers want to set up devices that are tied to an identity but don't want any sign-in experience. Imagine picking up a device and using remote assist immediately. Or have a benefit of being able to rapidly distribute HoloLens devices and enable their end users to speed up sign in.
+This new AutoLogonUser policy controls whether a user will be automatically signed in. Some customers want to set up devices that are tied to an identity but don't want any sign-in experience. Imagine picking up a device and using remote assist immediately. Or have a benefit of being able to rapidly distribute HoloLens devices and enable their end users to speed up sign in.
When the policy is set to a non-empty value, it specifies the email address of the auto log-on user. The specified user must sign in to the device at least once to enable autologon.
The OMA-URI of new policy `./Device/Vendor/MSFT/Policy/Config/MixedReality/AutoLogonUser`
-String value
+Supported value is String.
- User with the same email address will have autologon enabled.
@@ -106,7 +106,7 @@ On a device where this policy is configured, the user specified in the policy wi
> [!NOTE]
>
> - Some events such as major OS updates may require the specified user to logon to the device again to resume auto-logon behavior.
-> - Auto-logon is only supported for MSA and AAD users.
+> - Auto-logon is only supported for Microsoft account and Azure Active Directory users.
@@ -121,7 +121,7 @@ On a device where this policy is configured, the user specified in the policy wi
-This policy setting controls for how many days Azure AD group membership cache is allowed to be used for Assigned Access configurations targeting Azure AD groups for signed in user. Once this policy setting is set, only then cache is used, otherwise not. In order for this policy setting to take effect, user must sign out and sign in with Internet available at least once before the cache can be used for subsequent "disconnected" sessions.
+This policy setting controls, for how many days Azure AD group membership cache is allowed to be used for the Assigned Access configurations, targeting Azure AD groups for signed in user. Once this policy setting is set, only then cache is used, otherwise not. In order for this policy setting to take effect, user must sign out and sign in with Internet available at least once before the cache can be used for subsequent "disconnected" sessions.
@@ -129,7 +129,7 @@ This policy setting controls for how many days Azure AD group membership cache i
-- Integer value
+Supported value is Integer.
Supported values are 0-60. The default value is 0 (day) and maximum value is 60 (days).
@@ -169,7 +169,7 @@ This policy setting controls if pressing the brightness button changes the brigh
-- Boolean value
+Supported values is Boolean.
The following list shows the supported values:
@@ -204,7 +204,7 @@ The following list shows the supported values:
-This policy controls the behavior of moving platform feature on Hololens 2, that is, whether it's turned off / on or it can be toggled by a user. It should only be used by customers who intend to use Hololens 2 in moving environments with low dynamic motion. For background information, see [HoloLens 2 Moving Platform Mode | Microsoft Docs](/hololens/hololens2-moving-platform#:~:text=Why%20Moving%20Platform%20Mode%20is%20Necessary%20HoloLens%20needs%2csimilar%20pieces%20of%20information%20from%20two%20separate%20sources:).
+This policy controls the behavior of moving platform feature on Hololens 2, that is, whether it's turned off / on, or it can be toggled by a user. It should only be used by customers who intend to use Hololens 2 in moving environments with low dynamic motion. For background information, see [HoloLens 2 Moving Platform Mode | Microsoft Docs](/hololens/hololens2-moving-platform#:~:text=Why%20Moving%20Platform%20Mode%20is%20Necessary%20HoloLens%20needs%2csimilar%20pieces%20of%20information%20from%20two%20separate%20sources:).
@@ -212,7 +212,7 @@ This policy controls the behavior of moving platform feature on Hololens 2, that
-- Integer value
+Supported value is Integer.
- 0 (Default) - Last set user's preference. Initial state is OFF and after that user's preference is persisted across reboots and is used to initialize the system.
- 1 Force off - Moving platform is disabled and can't be changed by user.
@@ -246,7 +246,7 @@ This policy controls the behavior of moving platform feature on Hololens 2, that
-This policy setting controls when and if diagnostic logs can be collected using specific button combination on HoloLens.
+This policy setting controls, when and if diagnostic logs can be collected using specific button combination on HoloLens.
@@ -254,13 +254,13 @@ This policy setting controls when and if diagnostic logs can be collected using
-- Integer value
+Supporting value is Integer.
The following list shows the supported values:
-- 0 - Disabled
-- 1 - Enabled for device owners
-- 2 - Enabled for all (Default)
+- 0 - Disabled.
+- 1 - Enabled for device owners.
+- 2 - Enabled for all (Default).
@@ -298,12 +298,12 @@ This policy configures behavior of HUP to determine, which algorithm to use for
-- Boolean value
+Supporting value is Boolean.
The following list shows the supported values:
-- 0 - Feature – Default feature based / SLAM-based tracker (Default)
-- 1 - Constellation – LR constellation based tracker
+- 0 - Feature – Default feature based / SLAM-based tracker (Default).
+- 1 - Constellation – LR constellation based tracker.
@@ -341,7 +341,7 @@ This policy setting controls whether microphone on HoloLens 2 is disabled or not
-- Boolean value
+Supporting value is Boolean.
The following list shows the supported values:
@@ -384,7 +384,7 @@ This policy setting controls if pressing the volume button changes the volume or
-- Boolean value
+Supporting value is Boolean.
The following list shows the supported values:
@@ -419,7 +419,7 @@ The following list shows the supported values:
-This policy controls whether a visitor user will be automatically logged in. Visitor users can only be created and logged in if an Assigned Access profile has been created targeting visitor users. A visitor user will only be automatically logged in if no other user has logged in on the device before.
+This policy controls whether a visitor user will be automatically logged in. Visitor users can only be created and logged in, if an Assigned Access profile has been created targeting visitor users. A visitor user will only be automatically logged in, if no other user has logged in on the device before.
@@ -427,7 +427,7 @@ This policy controls whether a visitor user will be automatically logged in. Vis
-- Boolean value
+Supported value is Boolean.
The following list shows the supported values:
@@ -439,3 +439,7 @@ The following list shows the supported values:
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-mssecurityguide.md b/windows/client-management/mdm/policy-csp-mssecurityguide.md
index 812c96e877..c85466d3ee 100644
--- a/windows/client-management/mdm/policy-csp-mssecurityguide.md
+++ b/windows/client-management/mdm/policy-csp-mssecurityguide.md
@@ -15,7 +15,6 @@ manager: dansimp
# Policy CSP - MSSecurityGuide
-
@@ -43,11 +42,11 @@ manager: dansimp
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -60,6 +59,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -99,6 +99,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -139,6 +140,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -179,6 +181,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -219,6 +222,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -258,6 +262,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -287,6 +292,8 @@ ADMX Info:
-
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-msslegacy.md b/windows/client-management/mdm/policy-csp-msslegacy.md
index 6f71a563e4..83db3103f2 100644
--- a/windows/client-management/mdm/policy-csp-msslegacy.md
+++ b/windows/client-management/mdm/policy-csp-msslegacy.md
@@ -14,7 +14,6 @@ manager: dansimp
# Policy CSP - MSSLegacy
-
@@ -36,11 +35,11 @@ manager: dansimp
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -53,6 +52,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -92,6 +92,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -132,6 +133,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -171,6 +173,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -201,6 +204,8 @@ ADMX Info:
-
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-multitasking.md b/windows/client-management/mdm/policy-csp-multitasking.md
index 1bd998b15e..9f93048ae9 100644
--- a/windows/client-management/mdm/policy-csp-multitasking.md
+++ b/windows/client-management/mdm/policy-csp-multitasking.md
@@ -25,7 +25,6 @@ manager: dansimp
-
@@ -37,6 +36,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -66,11 +66,11 @@ This policy only applies to the Alt+Tab switcher. When the policy isn't enabled,
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -96,3 +96,6 @@ The following list shows the supported values:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-networkisolation.md b/windows/client-management/mdm/policy-csp-networkisolation.md
index 9dbb409924..4b81789c59 100644
--- a/windows/client-management/mdm/policy-csp-networkisolation.md
+++ b/windows/client-management/mdm/policy-csp-networkisolation.md
@@ -14,8 +14,6 @@ manager: dansimp
# Policy CSP - NetworkIsolation
-
-
@@ -48,7 +46,6 @@ manager: dansimp
-
@@ -60,6 +57,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -102,6 +100,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -157,6 +156,7 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -174,7 +174,7 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
-Integer value that tells the client to accept the configured list and not to use heuristics to attempt to find other subnets.
+Integer value that tells the client to accept the configured list and not to use heuristics to attempt and find other subnets.
@@ -198,6 +198,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -240,6 +241,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -257,11 +259,10 @@ ADMX Info:
-This list is the list of domains that comprise the boundaries of the enterprise. Data from one of these domains that is sent to a device will be considered enterprise data and protected. These locations will be considered a safe destination for enterprise data to be shared to. This list is a comma-separated list of domains, for example "contoso.sharepoint.com, Fabrikam.com".
+This is a list of domains that comprise the boundaries of the enterprise. Data from one of these domains that is sent to a device will be considered enterprise data and protected. These locations will be considered a safe destination for enterprise data to be shared to. This list is a comma-separated list of domains, for example "contoso.sharepoint.com, Fabrikam.com".
> [!NOTE]
> The client requires domain name to be canonical, otherwise the setting will be rejected by the client.
-
Here are the steps to create canonical domain names:
@@ -283,6 +284,7 @@ Here are the steps to create canonical domain names:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -325,6 +327,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -366,6 +369,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -399,4 +403,8 @@ ADMX Info:
-
\ No newline at end of file
+
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-networklistmanager.md b/windows/client-management/mdm/policy-csp-networklistmanager.md
index 1e7e152515..72328ad669 100644
--- a/windows/client-management/mdm/policy-csp-networklistmanager.md
+++ b/windows/client-management/mdm/policy-csp-networklistmanager.md
@@ -14,7 +14,6 @@ manager: dansimp
# Policy CSP - NetworkListManager
-
@@ -29,7 +28,6 @@ manager: dansimp
-
@@ -41,6 +39,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -84,6 +83,7 @@ When entering a list of TLS endpoints in Microsoft Endpoint Manager, you must fo
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -107,3 +107,6 @@ This policy setting provides the string that is to be used to name a network. Th
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-newsandinterests.md b/windows/client-management/mdm/policy-csp-newsandinterests.md
index cb70df917f..5d8350eed5 100644
--- a/windows/client-management/mdm/policy-csp-newsandinterests.md
+++ b/windows/client-management/mdm/policy-csp-newsandinterests.md
@@ -14,8 +14,6 @@ manager: dansimp
# Policy CSP - NewsAndInterests
-
-
@@ -26,8 +24,6 @@ manager: dansimp
NewsAndInterests/AllowNewsAndInterests
-
-
@@ -39,6 +35,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -65,7 +62,7 @@ This policy specifies whether to allow the entire widgets experience, including
The following are the supported values:
-- 1 - Default - Allowed
+- 1 - Default - Allowed.
- 0 - Not allowed.
@@ -82,5 +79,8 @@ ADMX Info:
+
-
\ No newline at end of file
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-notifications.md b/windows/client-management/mdm/policy-csp-notifications.md
index 20823757ce..3039a6845a 100644
--- a/windows/client-management/mdm/policy-csp-notifications.md
+++ b/windows/client-management/mdm/policy-csp-notifications.md
@@ -14,8 +14,6 @@ manager: dansimp
# Policy CSP - Notifications
-
-
@@ -48,6 +46,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -71,7 +70,7 @@ If you enable this policy setting, applications and system features won't be abl
If you enable this policy setting, notifications can still be raised by applications running on the machine via local API calls from within the application.
-If you disable or don't configure this policy setting, the client computer will connect to WNS at user sign in and applications will be allowed to use periodic (polling) notifications.
+If you disable or don't configure this policy setting, the client computer will connect to WNS at user sign in, and applications will be allowed to use periodic (polling) notifications.
No reboots or service restarts are required for this policy setting to take effect.
@@ -93,9 +92,9 @@ This setting supports a range of values between 0 and 1.
Validation:
-1. Enable policy
-2. Reboot machine
-3. Ensure that you can't receive a notification from Facebook app while FB app isn't running
+1. Enable policy.
+2. Reboot machine.
+3. Ensure that you can't receive a notification from Facebook app while FB app isn't running.
@@ -111,6 +110,7 @@ Validation:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -130,7 +130,7 @@ Validation:
Boolean value that turns off notification mirroring.
-For each user signed in to the device, if you enable this policy (set value to 1) the app and system notifications received by this user on this device won't get mirrored to other devices of the same signed-in user. If you disable or don't configure this policy (set value to 0), the notifications received by this user on this device will be mirrored to other devices of the same signed-in user. This feature can be turned off by apps that don't want to participate in Notification Mirroring. This feature can also be turned off by the user in the Cortana setting page.
+For each user signed in to the device, if you enable this policy (set value to 1), the app and system notifications received by this user on this device won't get mirrored to other devices of the same signed-in user. If you disable or don't configure this policy (set value to 0), the notifications received by this user on this device will be mirrored to other devices of the same signed-in user. This feature can be turned off by apps that don't want to participate in Notification Mirroring. This feature can also be turned off by the user in the Cortana setting page.
No reboot or service restart is required for this policy to take effect.
@@ -163,6 +163,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -203,9 +204,9 @@ This setting supports a range of values between 0 and 1.
Validation:
-1. Enable policy
-2. Reboot machine
-3. Ensure that all tiles are default (no live tile content showing, like no weather forecast on the Weather tile)
+1. Enable policy.
+2. Reboot machine.
+3. Ensure that all tiles are default (no live tile content showing, like no weather forecast on the Weather tile).
@@ -265,7 +266,8 @@ This policy setting determines which Windows Notification Service endpoint will
If you disable or don't configure this setting, the push notifications will connect to the default endpoint of client.wns.windows.com.
-Note: Ensure the proper WNS FQDNs, VIPs, IPs and Ports are also allowlisted from your firewall settings.
+> [!NOTE]
+> Ensure the proper WNS FQDNs, VIPs, IPs and Ports are also allowlisted from your firewall settings.
@@ -285,3 +287,7 @@ If the policy isn't specified, we'll default our connection to client.wns.window
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-power.md b/windows/client-management/mdm/policy-csp-power.md
index 30eb1c679f..ca3d7e34bd 100644
--- a/windows/client-management/mdm/policy-csp-power.md
+++ b/windows/client-management/mdm/policy-csp-power.md
@@ -93,11 +93,11 @@ manager: dansimp
> [!TIP]
-> Some of these are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> Some of these are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -176,6 +176,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -222,6 +223,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -268,6 +270,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -318,6 +321,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -341,7 +345,7 @@ If you enable this policy setting, you must provide a value, in seconds, indicat
If you disable or don't configure this policy setting, users control this setting.
-If the user has configured a slide show to run on the lock screen when the machine is locked, this slide show can prevent the display from turning off. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
+If the user has configured a slide show to run on the lock screen when the machine is locked, this slide show can prevent the display from turning off. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
@@ -366,6 +370,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -422,6 +427,7 @@ Supported values: 0-100. The default is 70.
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -477,6 +483,7 @@ Supported values: 0-100. The default is 70.
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -500,7 +507,7 @@ If you enable this policy setting, you must provide a value, in seconds, indicat
If you disable or don't configure this policy setting, users control this setting.
-If the user has configured a slide show to run on the lock screen when the machine is locked, this slide show can prevent the sleep transition from occurring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
+If the user has configured a slide show to run on the lock screen when the machine is locked, this slide show can prevent the sleep transition from occurring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
@@ -525,6 +532,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -548,11 +556,10 @@ If you enable this policy setting, you must provide a value, in seconds, indicat
If you disable or don't configure this policy setting, users control this setting.
-If the user has configured a slide show to run on the lock screen when the machine is locked, this slide show can prevent the sleep transition from occurring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
+If the user has configured a slide show to run on the lock screen when the machine is locked, this slide show can prevent the sleep transition from occurring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
-
ADMX Info:
- GP Friendly name: *Specify the system hibernate timeout (plugged in)*
@@ -574,6 +581,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -620,6 +628,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -666,6 +675,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -727,6 +737,7 @@ The following are the supported lid close switch actions (on battery):
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -788,6 +799,7 @@ The following are the supported lid close switch actions (plugged in):
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -849,6 +861,7 @@ The following are the supported Power button actions (on battery):
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -910,6 +923,7 @@ The following are the supported Power button actions (plugged in):
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -971,6 +985,7 @@ The following are the supported Sleep button actions (on battery):
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1032,6 +1047,7 @@ The following are the supported Sleep button actions (plugged in):
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1080,6 +1096,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1103,7 +1120,7 @@ If you enable this policy setting, you must provide a value, in seconds, indicat
If you disable or don't configure this policy setting, users control this setting.
-If the user has configured a slide show to run on the lock screen when the machine is locked, this slide show can prevent the sleep transition from occurring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
+If the user has configured a slide show to run on the lock screen when the machine is locked, this slide show can prevent the sleep transition from occurring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
@@ -1128,6 +1145,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1163,8 +1181,8 @@ ADMX Info:
The following are the supported values for Hybrid sleep (on battery):
-- 0 - no hibernation file for sleep (default)
-- 1 - hybrid sleep
+- 0 - no hibernation file for sleep (default).
+- 1 - hybrid sleep.
@@ -1186,6 +1204,7 @@ The following are the supported values for Hybrid sleep (on battery):
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1221,8 +1240,8 @@ ADMX Info:
The following are the supported values for Hybrid sleep (plugged in):
-- 0 - no hibernation file for sleep (default)
-- 1 - hybrid sleep
+- 0 - no hibernation file for sleep (default).
+- 1 - hybrid sleep.
@@ -1244,6 +1263,7 @@ The following are the supported values for Hybrid sleep (plugged in):
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1302,6 +1322,7 @@ Default value for unattended sleep timeout (on battery):
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1353,3 +1374,6 @@ Default value for unattended sleep timeout (plugged in):
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-printers.md b/windows/client-management/mdm/policy-csp-printers.md
index 48b7f7722b..3fe4de393e 100644
--- a/windows/client-management/mdm/policy-csp-printers.md
+++ b/windows/client-management/mdm/policy-csp-printers.md
@@ -15,7 +15,6 @@ manager: dansimp
# Policy CSP - Printers
-
@@ -46,11 +45,11 @@ manager: dansimp
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -105,7 +104,8 @@ manager: dansimp
This policy implements the print portion of the Device Control requirements.
-These requirements include restricting printing to USB connected printers that match a list of approved USB Vid/Pid combinations or to corporate connected printers while either directly connected to the corporate network or when using a VPN connection to the corporate network.
+These requirements include restricting printing to USB connected printers that match a list of approved USB Vid/Pid combinations or to corporate connected printers, while either directly connected to the corporate network or when using a VPN connection to the corporate network.
+
This policy will contain the comma-separated list of approved USB Vid&Pid combinations that the print spooler will allow to print when Device Control is enabled.
The format of this setting is `/[,/]`
@@ -176,7 +176,8 @@ ADMX Info:
This policy implements the print portion of the Device Control requirements.
-These requirements include restricting printing to USB connected printers that match a list of approved USB Vid/Pid combinations or to corporate connected printers while either directly connected to the corporate network or when using a VPN connection to the corporate network.
+These requirements include restricting printing to USB connected printers that match a list of approved USB Vid/Pid combinations or to corporate connected printers, while either directly connected to the corporate network or when using a VPN connection to the corporate network.
+
This policy will contain the comma separated list of approved USB Vid&Pid combinations that the print spooler will allow to print when Device Control is enabled.
The format of this setting is `/[,/]`
@@ -244,7 +245,8 @@ ADMX Info:
This policy implements the print portion of the Device Control requirements.
-These requirements include restricting printing to USB connected printers that match a list of approved USB Vid/Pid combinations or to corporate connected printers while either directly connected to the corporate network or when using a VPN connection to the corporate network.
+These requirements include restricting printing to USB connected printers that match a list of approved USB Vid/Pid combinations or to corporate connected printers, while either directly connected to the corporate network or when using a VPN connection to the corporate network.
+
This policy will control whether the print spooler will attempt to restrict printing as part of Device Control.
The default value of the policy will be Unconfigured.
@@ -253,7 +255,6 @@ If the policy value is either Unconfigured or Disabled, the print spooler won't
If the policy value is Enabled, the print spooler will restrict local printing to USB devices in the Approved Device list.
-
@@ -320,7 +321,8 @@ ADMX Info:
This policy implements the print portion of the Device Control requirements.
-These requirements include restricting printing to USB connected printers that match a list of approved USB Vid/Pid combinations or to corporate connected printers while either directly connected to the corporate network or when using a VPN connection to the corporate network.
+These requirements include restricting printing to USB connected printers that match a list of approved USB Vid/Pid combinations or to corporate connected printers, while either directly connected to the corporate network or when using a VPN connection to the corporate network.
+
This policy will control whether the print spooler will attempt to restrict printing as part of Device Control.
The default value of the policy will be Unconfigured.
@@ -329,7 +331,6 @@ If the policy value is either Unconfigured or Disabled, the print spooler won't
If the policy value is Enabled, the print spooler will restrict local printing to USB devices in the Approved Device list.
-
@@ -353,6 +354,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -382,9 +384,9 @@ If you don't configure this policy setting:
- Windows Vista client computers can point and print to any server.
-- Windows Vista computers will show a warning and an elevated command prompt when users create a printer connection to any server using Point and Print.
+- Windows Vista computers will show a warning and an elevated command prompt, when users create a printer connection to any server using Point and Print.
-- Windows Vista computers will show a warning and an elevated command prompt when an existing printer connection driver needs to be updated.
+- Windows Vista computers will show a warning and an elevated command prompt, when an existing printer connection driver needs to be updated.
- Windows Server 2003 and Windows XP client computers can create a printer connection to any server in their forest using Point and Print.
@@ -392,9 +394,9 @@ If you disable this policy setting:
- Windows Vista client computers can create a printer connection to any server using Point and Print.
-- Windows Vista computers won't show a warning or an elevated command prompt when users create a printer connection to any server using Point and Print.
+- Windows Vista computers won't show a warning or an elevated command prompt, when users create a printer connection to any server using Point and Print.
-- Windows Vista computers won't show a warning or an elevated command prompt when an existing printer connection driver needs to be updated.
+- Windows Vista computers won't show a warning or an elevated command prompt, when an existing printer connection driver needs to be updated.
- Windows Server 2003 and Windows XP client computers can create a printer connection to any server using Point and Print.
@@ -436,6 +438,7 @@ Data type: String Value:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -465,9 +468,9 @@ If you don't configure this policy setting:
- Windows Vista client computers can point and print to any server.
-- Windows Vista computers will show a warning and an elevated command prompt when users create a printer connection to any server using Point and Print.
+- Windows Vista computers will show a warning and an elevated command prompt, when users create a printer connection to any server using Point and Print.
-- Windows Vista computers will show a warning and an elevated command prompt when an existing printer connection driver needs to be updated.
+- Windows Vista computers will show a warning and an elevated command prompt, when an existing printer connection driver needs to be updated.
- Windows Server 2003 and Windows XP client computers can create a printer connection to any server in their forest using Point and Print.
@@ -475,9 +478,9 @@ If you disable this policy setting:
- Windows Vista client computers can create a printer connection to any server using Point and Print.
-- Windows Vista computers won't show a warning or an elevated command prompt when users create a printer connection to any server using Point and Print.
+- Windows Vista computers won't show a warning or an elevated command prompt, when users create a printer connection to any server using Point and Print.
-- Windows Vista computers won't show a warning or an elevated command prompt when an existing printer connection driver needs to be updated.
+- Windows Vista computers won't show a warning or an elevated command prompt, when an existing printer connection driver needs to be updated.
- Windows Server 2003 and Windows XP client computers can create a printer connection to any server using Point and Print.
@@ -505,6 +508,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -524,11 +528,12 @@ ADMX Info:
Determines whether the computer's shared printers can be published in Active Directory.
-If you enable this setting or don't configure it, users can use the "List in directory" option in the Printer's Properties' Sharing tab to publish shared printers in Active Directory.
+If you enable this setting or don't configure it, users can use the "List in directory" option in the Printer's Properties' on the Sharing tab, to publish shared printers in Active Directory.
If you disable this setting, this computer's shared printers can't be published in Active Directory, and the "List in directory" option isn't available.
-Note: This setting takes priority over the setting "Automatically publish new printers in the Active Directory".
+> [!NOTE]
+> This setting takes priority over the setting "Automatically publish new printers in the Active Directory".
@@ -545,3 +550,6 @@ ADMX Info:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md
index 0bcba72d88..6f984cad6c 100644
--- a/windows/client-management/mdm/policy-csp-privacy.md
+++ b/windows/client-management/mdm/policy-csp-privacy.md
@@ -15,7 +15,6 @@ manager: dansimp
# Policy CSP - Privacy
-
@@ -306,6 +305,7 @@ manager: dansimp
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -328,7 +328,6 @@ Allows or disallows the automatic acceptance of the pairing and privacy user con
> [!NOTE]
> There were issues reported with the previous release of this policy and a fix was added in Windows 10, version 1709.
-
Most restricted value is 0.
@@ -352,6 +351,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -402,6 +402,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -419,7 +420,7 @@ The following list shows the supported values:
-Updated in Windows 10, version 1809. This policy specifies whether users on the device have the option to enable online speech recognition. When enabled, users can use their voice for dictation and to talk to Cortana and other apps that use Microsoft cloud-based speech recognition. Microsoft will use voice input to help improve our speech services. If the policy value is set to 0, online speech recognition will be disabled and users cannot enable online speech recognition via settings. If policy value is set to 1 or is not configured, control is deferred to users.
+Updated in Windows 10, version 1809. This policy specifies whether users on the device have the option to enable online speech recognition. When enabled, users can use their voice for dictation, and talk to Cortana and other apps that use Microsoft cloud-based speech recognition. Microsoft will use voice input to help improve our speech services. If the policy value is set to 0, online speech recognition will be disabled and users cannot enable online speech recognition via settings. If policy value is set to 1 or is not configured, control is deferred to users.
Most restricted value is 0.
@@ -452,6 +453,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -503,6 +505,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -523,7 +526,8 @@ The following list shows the supported values:
Enabling this policy prevents the privacy experience from launching during user logon for new and upgraded users.
-Value type is integer.
+Supported value type is integer.
+
- 0 (default) - Allow the "choose privacy settings for your device" screen for a new user during their first logon or when an existing user logs in for the first time after an upgrade.
- 1 - Do not allow the "choose privacy settings for your device" screen when a new user logs in or an existing user logs in for the first time after an upgrade.
@@ -560,6 +564,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -591,7 +596,7 @@ ADMX Info:
The following list shows the supported values:
-- 0 – Disabled. Apps/OS can't publish the activities and roaming is disabled. (not published to the cloud).
+- 0 – Disabled. Apps/OS can't publish the activities and roaming is disabled (not published to the cloud).
- 1 – (default) Enabled. Apps/OS can publish the activities and will be roamed across device graph.
@@ -608,6 +613,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -627,7 +633,6 @@ The following list shows the supported values:
Specifies whether Windows apps can access account information.
-
Most restricted value is 2.
@@ -661,6 +666,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -703,6 +709,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -745,6 +752,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -787,6 +795,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|No|No|
|Education|No|No|
@@ -809,7 +818,7 @@ ADMX Info:
Specifies whether Windows apps can access the movement of the user's head, hands, motion controllers, and other tracked objects, while the apps are running in the background.
-Value type is integer.
+Supported value type is integer.
@@ -842,6 +851,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|No|No|
|Education|No|No|
@@ -864,7 +874,7 @@ The following list shows the supported values:
List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to the user's movements while the apps are running in the background. This setting overrides the default LetAppsAccessBackgroundSpatialPerception policy setting for the specified apps.
-Value type is chr.
+Supported value type is chr.
@@ -892,6 +902,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|No|No|
|Education|No|No|
@@ -914,7 +925,7 @@ ADMX Info:
List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to the user's movements while the apps are running in the background. This setting overrides the default LetAppsAccessBackgroundSpatialPerception policy setting for the specified apps.
-Value type is chr.
+Supported value type is chr.
@@ -942,6 +953,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|No|No|
|Education|No|No|
@@ -965,7 +977,7 @@ ADMX Info:
List of semi-colon delimited Package Family Names of Windows Store Apps.
The user is able to control the user movements privacy setting for the listed apps. This setting overrides the default LetAppsAccessBackgroundSpatialPerception policy setting for the specified apps.
-Value type is chr.
+Supported value type is chr.
@@ -993,6 +1005,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1012,7 +1025,6 @@ ADMX Info:
Specifies whether Windows apps can access the calendar.
-
Most restricted value is 2.
@@ -1046,6 +1058,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1088,6 +1101,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1130,6 +1144,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1172,6 +1187,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1191,7 +1207,6 @@ ADMX Info:
Specifies whether Windows apps can access call history.
-
Most restricted value is 2.
@@ -1225,6 +1240,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1267,6 +1283,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1309,6 +1326,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1351,6 +1369,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1370,7 +1389,6 @@ ADMX Info:
Specifies whether Windows apps can access the camera.
-
Most restricted value is 2.
@@ -1404,6 +1422,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1446,6 +1465,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1488,6 +1508,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1530,6 +1551,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1549,7 +1571,6 @@ ADMX Info:
Specifies whether Windows apps can access contacts.
-
Most restricted value is 2.
@@ -1583,6 +1604,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1625,6 +1647,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1667,6 +1690,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1709,6 +1733,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1728,7 +1753,6 @@ ADMX Info:
Specifies whether Windows apps can access email.
-
Most restricted value is 2.
@@ -1762,6 +1786,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1804,6 +1829,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1846,6 +1872,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1888,6 +1915,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1921,6 +1949,7 @@ This policy setting specifies whether Windows apps can access the eye tracker.
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1954,6 +1983,7 @@ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1987,6 +2017,7 @@ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2020,6 +2051,7 @@ List of semi-colon delimited Package Family Names of Windows Store Apps. The use
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2039,7 +2071,6 @@ List of semi-colon delimited Package Family Names of Windows Store Apps. The use
Specifies whether Windows apps can access location.
-
Most restricted value is 2.
@@ -2073,6 +2104,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2115,6 +2147,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2157,6 +2190,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2199,6 +2233,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2218,7 +2253,6 @@ ADMX Info:
Specifies whether Windows apps can read or send messages (text or MMS).
-
Most restricted value is 2.
@@ -2252,6 +2286,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2294,6 +2329,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2336,6 +2372,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2378,6 +2415,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2397,7 +2435,6 @@ ADMX Info:
Specifies whether Windows apps can access the microphone.
-
Most restricted value is 2.
@@ -2431,6 +2468,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2473,6 +2511,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2515,6 +2554,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2557,6 +2597,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2576,7 +2617,6 @@ ADMX Info:
Specifies whether Windows apps can access motion data.
-
Most restricted value is 2.
@@ -2610,6 +2650,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2652,6 +2693,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2694,6 +2736,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2736,6 +2779,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2755,7 +2799,6 @@ ADMX Info:
Specifies whether Windows apps can access notifications.
-
Most restricted value is 2.
@@ -2789,6 +2832,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2831,6 +2875,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2873,6 +2918,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2915,6 +2961,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2934,7 +2981,6 @@ ADMX Info:
Specifies whether Windows apps can make phone calls.
-
Most restricted value is 2.
@@ -2968,6 +3014,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3010,6 +3057,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3052,6 +3100,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3094,6 +3143,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3113,7 +3163,6 @@ ADMX Info:
Specifies whether Windows apps have access to control radios.
-
Most restricted value is 2.
@@ -3147,6 +3196,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3189,6 +3239,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3231,6 +3282,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3273,6 +3325,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3315,6 +3368,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3357,6 +3411,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3399,6 +3454,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3441,6 +3497,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3460,7 +3517,6 @@ ADMX Info:
Specifies whether Windows apps can access trusted devices.
-
Most restricted value is 2.
@@ -3494,6 +3550,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3536,6 +3593,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3578,6 +3636,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3620,6 +3679,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3670,6 +3730,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3720,6 +3781,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3739,7 +3801,6 @@ The following list shows the supported values:
Force allow, force deny or give user control of apps that can get diagnostic information about other running apps.
-
Most restricted value is 2.
@@ -3773,6 +3834,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3815,6 +3877,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3857,6 +3920,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3899,6 +3963,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3918,8 +3983,8 @@ ADMX Info:
Specifies whether Windows apps can run in the background.
-
Most restricted value is 2.
+
> [!WARNING]
> Be careful when determining which apps should have their background activity disabled. Communication apps normally update tiles and notifications through background processes. Turning off background activity for these types of apps could cause text message, email, and voicemail notifications to not function. This could also cause background email syncing to not function properly.
@@ -3954,6 +4019,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3996,6 +4062,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4013,7 +4080,7 @@ ADMX Info:
-List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied the ability to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied the ability, to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps.
@@ -4038,6 +4105,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4080,6 +4148,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4099,7 +4168,6 @@ ADMX Info:
Specifies whether Windows apps can sync with devices.
-
Most restricted value is 2.
@@ -4133,6 +4201,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4175,6 +4244,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4217,6 +4287,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4259,6 +4330,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4276,7 +4348,7 @@ ADMX Info:
-Allows It Admins to enable publishing of user activities to the activity feed.
+Allows IT Admins to enable publishing of user activities to the activity feed.
@@ -4307,6 +4379,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4340,3 +4413,6 @@ ADMX Info:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-remoteassistance.md b/windows/client-management/mdm/policy-csp-remoteassistance.md
index 64c53af12c..0faafb160a 100644
--- a/windows/client-management/mdm/policy-csp-remoteassistance.md
+++ b/windows/client-management/mdm/policy-csp-remoteassistance.md
@@ -52,6 +52,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -71,9 +72,9 @@ manager: dansimp
This policy setting lets you customize warning messages.
-The "Display warning message before sharing control" policy setting allows you to specify a custom message to display before users share control of their computers.
+The "Display warning message before sharing control" policy setting allows you to specify a custom message, to display before users share control of their computers.
-The "Display warning message before connecting" policy setting allows you to specify a custom message to display before users allow a connection to their computers.
+The "Display warning message before connecting" policy setting allows you to specify a custom message, to display before users allow a connection to their computers.
If you enable this policy setting, the warning message you specify overrides the default message that is seen by the novice.
@@ -104,6 +105,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -152,6 +154,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -181,7 +184,7 @@ If you enable this policy setting, you have two ways to allow helpers to provide
The "Maximum ticket time" policy setting sets a limit on the amount of time that a Remote Assistance invitation created by using email or file transfer can remain open.
-The "Select the method for sending email invitations" setting specifies which email standard to use to send Remote Assistance invitations. Depending on your email program, you can use either the Mailto standard (the invitation recipient connects through an Internet link) or the SMAPI (Simple MAPI) standard (the invitation is attached to your email message). This policy setting isn't available in Windows Vista since SMAPI is the only method supported.
+The "Select the method for sending email invitations" setting specifies which email standard to use, to send Remote Assistance invitations. Depending on your email program, you can use either the Mailto standard (the invitation recipient connects through an Internet link) or the SMAPI (Simple MAPI) standard (the invitation is attached to your email message). This policy setting isn't available in Windows Vista, since SMAPI is the only method supported.
If you enable this policy setting, you should also enable appropriate firewall exceptions to allow Remote Assistance communications.
@@ -208,6 +211,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -246,23 +250,24 @@ If you enable this policy setting, you should also enable firewall exceptions to
Windows Vista and later
Enable the Remote Assistance exception for the domain profile. The exception must contain:
-Port 135:TCP
-%WINDIR%\System32\msra.exe
-%WINDIR%\System32\raserver.exe
+
+- Port 135:TCP
+- %WINDIR%\System32\msra.exe
+- %WINDIR%\System32\raserver.exe
Windows XP with Service Pack 2 (SP2) and Windows XP Professional x64 Edition with Service Pack 1 (SP1)
-Port 135:TCP
-%WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe
-%WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe
-%WINDIR%\System32\Sessmgr.exe
+- Port 135:TCP
+- %WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe
+- %WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe
+- %WINDIR%\System32\Sessmgr.exe
For computers running Windows Server 2003 with Service Pack 1 (SP1)
-Port 135:TCP
-%WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe
-%WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe
-Allow Remote Desktop Exception
+- Port 135:TCP
+- %WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe
+- %WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe
+- Allow Remote Desktop Exception
@@ -278,3 +283,7 @@ ADMX Info:
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-remotedesktop.md b/windows/client-management/mdm/policy-csp-remotedesktop.md
index 7d2559655b..077e297205 100644
--- a/windows/client-management/mdm/policy-csp-remotedesktop.md
+++ b/windows/client-management/mdm/policy-csp-remotedesktop.md
@@ -41,6 +41,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -59,7 +60,7 @@ manager: dansimp
-This policy allows administrators to enable automatic subscription for the Microsoft Remote Desktop client. If you define this policy, the specified URL is used by the client to silently subscribe the logged on user and retrieve the remote resources assigned to them. To automatically subscribe to Azure Virtual Desktop in the Azure Public cloud, set the URL to `https://rdweb.wvd.microsoft.com/api/arm/feeddiscovery`.
+This policy allows administrators to enable automatic subscription for the Microsoft Remote Desktop client. If you define this policy, the specified URL is used by the client to subscribe the logged on user and retrieve the remote resources assigned to them. To automatically subscribe to Azure Virtual Desktop in the Azure Public cloud, set the URL to `https://rdweb.wvd.microsoft.com/api/arm/feeddiscovery`.
@@ -76,6 +77,7 @@ This policy allows administrators to enable automatic subscription for the Micro
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -93,7 +95,7 @@ This policy allows administrators to enable automatic subscription for the Micro
-This policy allows the user to load the DPAPI cred key from their user profile and decrypt any previously encrypted DPAPI data in the user profile or encrypt any new DPAPI data. This policy is needed when using FSLogix user profiles from Azure AD-joined VMs.
+This policy allows the user to load the DPAPI cred key from their user profile, and decrypt any previously encrypted DPAPI data in the user profile or encrypt any new DPAPI data. This policy is needed when using FSLogix user profiles from Azure AD-joined VMs.
@@ -111,3 +113,7 @@ The following list shows the supported values:
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-remotedesktopservices.md b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
index 6519b2d40c..bc4a782639 100644
--- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md
+++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
@@ -14,8 +14,6 @@ manager: dansimp
# Policy CSP - RemoteDesktopServices
-
-
@@ -43,11 +41,11 @@ manager: dansimp
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -60,6 +58,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -85,7 +84,8 @@ If you disable this policy setting, users can't connect remotely to the target c
If you don't configure this policy setting, Remote Desktop Services uses the Remote Desktop setting on the target computer to determine whether the remote connection is allowed. This setting is found on the Remote tab in the System properties sheet. By default, remote connections aren't allowed.
-Note: You can limit which clients are able to connect remotely by using Remote Desktop Services by configuring the policy setting at Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security\Require user authentication for remote connections by using Network Level Authentication.
+> [!NOTE]
+> You can limit which clients are able to connect remotely by using Remote Desktop Services by configuring the policy setting at Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security\Require user authentication for remote connections by using Network Level Authentication.
You can limit the number of users who can connect simultaneously by configuring the policy setting at Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections\Limit number of connections, or by configuring the policy setting Maximum Connections by using the Remote Desktop Session Host WMI Provider.
@@ -112,6 +112,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -129,7 +130,7 @@ ADMX Info:
-Specifies whether to require the use of a specific encryption level to secure communications between client computers and RD Session Host servers during Remote Desktop Protocol (RDP) connections. This policy only applies when you're using native RDP encryption. However, native RDP encryption (as opposed to SSL encryption) isn't recommended. This policy doesn't apply to SSL encryption.
+Specifies whether it require the use of a specific encryption level to secure communications between client computers and RD Session Host servers during Remote Desktop Protocol (RDP) connections. This policy only applies when you're using native RDP encryption. However, native RDP encryption (as opposed to SSL encryption) isn't recommended. This policy doesn't apply to SSL encryption.
If you enable this policy setting, all communications between clients and RD Session Host servers during remote connections must use the encryption method specified in this setting. By default, the encryption level is set to High. The following encryption methods are available:
@@ -141,9 +142,8 @@ If you enable this policy setting, all communications between clients and RD Ses
If you disable or don't configure this setting, the encryption level to be used for remote connections to RD Session Host servers isn't enforced through Group Policy.
-Important
-
-FIPS compliance can be configured through the System cryptography. Use FIPS compliant algorithms for encryption, hashing, and signing settings in Group Policy (under Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options.) The FIPS compliant setting encrypts and decrypts data sent from the client to the server and from the server to the client, with the Federal Information Processing Standard (FIPS) 140 encryption algorithms, by using Microsoft cryptographic modules. Use this encryption level when communications between clients and RD Session Host servers requires the highest level of encryption.
+> [!IMPORTANT]
+> FIPS compliance can be configured through the System cryptography. Use FIPS compliant algorithms for encryption, hashing, and signing settings in Group Policy (under Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options.) The FIPS compliant setting encrypts and decrypts data sent from the client to the server and from the server to the client, with the Federal Information Processing Standard (FIPS) 140 encryption algorithms, by using Microsoft cryptographic modules. Use this encryption level, when communications between clients and RD Session Host servers requires the highest level of encryption.
@@ -168,6 +168,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -218,6 +219,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -264,6 +266,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -316,6 +319,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -343,7 +347,8 @@ If the status is set to Disabled, Remote Desktop Services always requests securi
If the status is set to Not Configured, unsecured communication is allowed.
-Note: The RPC interface is used for administering and configuring Remote Desktop Services.
+> [!NOTE]
+> The RPC interface is used for administering and configuring Remote Desktop Services.
@@ -360,3 +365,6 @@ ADMX Info:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-remotemanagement.md b/windows/client-management/mdm/policy-csp-remotemanagement.md
index a0059027d9..82936149da 100644
--- a/windows/client-management/mdm/policy-csp-remotemanagement.md
+++ b/windows/client-management/mdm/policy-csp-remotemanagement.md
@@ -14,8 +14,6 @@ manager: dansimp
# Policy CSP - RemoteManagement
-
-
@@ -70,11 +68,11 @@ manager: dansimp
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -87,6 +85,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -133,6 +132,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -179,6 +179,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -225,6 +226,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -271,6 +273,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -330,6 +333,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -376,6 +380,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -422,6 +427,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -468,6 +474,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -514,6 +521,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -560,6 +568,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -579,7 +588,7 @@ ADMX Info:
This policy setting allows you to manage whether the Windows Remote Management (WinRM) service won't allow RunAs credentials to be stored for any plug-ins.
-If you enable this policy setting, the WinRM service won't allow the RunAsUser or RunAsPassword configuration values to be set for any plug-ins. If a plug-in has already set the RunAsUser and RunAsPassword configuration values, the RunAsPassword configuration value will be erased from the credential store on this computer.
+If you enable this policy setting, the WinRM service won't allow the RunAsUser or RunAsPassword configuration values to be set for any plug-ins. If a plug-in has already set the RunAsUser and RunAsPassword configuration values, the RunAsPassword configuration value will be erased from the credential store on this computer.
If you disable or don't configure this policy setting, the WinRM service will allow the RunAsUser and RunAsPassword configuration values to be set for plug-ins and the RunAsPassword value will be stored securely.
@@ -608,6 +617,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -660,6 +670,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -677,9 +688,9 @@ ADMX Info:
-This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses the list specified in TrustedHostsList to determine if the destination host is a trusted entity.
+This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses the list specified in TrustedHostsList to determine, if the destination host is a trusted entity.
-If you enable this policy setting, the WinRM client uses the list specified in TrustedHostsList to determine if the destination host is a trusted entity. The WinRM client uses this list when HTTPS or Kerberos is used to authenticate the identity of the host.
+If you enable this policy setting, the WinRM client uses the list specified in TrustedHostsList to determine, if the destination host is a trusted entity. The WinRM client uses this list when HTTPS or Kerberos is used to authenticate the identity of the host.
If you disable or don't configure this policy setting and the WinRM client needs to use the list of trusted hosts, you must configure the list of trusted hosts locally on each computer.
@@ -706,6 +717,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -756,6 +768,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -798,3 +811,6 @@ ADMX Info:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
index c2235cdbb4..29a499d619 100644
--- a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
+++ b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
@@ -14,7 +14,6 @@ manager: dansimp
# Policy CSP - RemoteProcedureCall
-
@@ -30,11 +29,11 @@ manager: dansimp
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -47,6 +46,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -64,15 +64,16 @@ manager: dansimp
-This policy setting controls whether RPC clients authenticate with the Endpoint Mapper Service when the call they're making contains authentication information. The Endpoint Mapper Service on computers running Windows NT4 (all service packs) can't process authentication information supplied in this manner.
+This policy setting controls whether RPC clients authenticate with the Endpoint Mapper Service, when the call they're making contains authentication information. The Endpoint Mapper Service on computers running Windows NT4 (all service packs) can't process authentication information supplied in this manner.
If you disable this policy setting, RPC clients won't authenticate to the Endpoint Mapper Service, but they'll be able to communicate with the Endpoint Mapper Service on Windows NT4 Server.
-If you enable this policy setting, RPC clients will authenticate to the Endpoint Mapper Service for calls that contain authentication information. Clients making such calls won't be able to communicate with the Windows NT4 Server Endpoint Mapper Service.
+If you enable this policy setting, RPC clients will authenticate to the Endpoint Mapper Service for calls that contain authentication information. Clients making such calls won't be able to communicate with the Windows NT4 Server Endpoint Mapper Service.
-If you don't configure this policy setting, it remains disabled. RPC clients won't authenticate to the Endpoint Mapper Service, but they'll be able to communicate with the Windows NT4 Server Endpoint Mapper Service.
+If you don't configure this policy setting, it remains disabled. RPC clients won't authenticate to the Endpoint Mapper Service, but they'll be able to communicate with the Windows NT4 Server Endpoint Mapper Service.
-Note: This policy won't be applied until the system is rebooted.
+> [!NOTE]
+> This policy won't be applied until the system is rebooted.
@@ -97,6 +98,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -114,13 +116,13 @@ ADMX Info:
-This policy setting controls how the RPC server runtime handles unauthenticated RPC clients connecting to RPC servers.
+This policy setting controls, how the RPC server runtime handles unauthenticated RPC clients connecting to RPC servers.
-This policy setting impacts all RPC applications. In a domain environment, this policy setting should be used with caution as it can impact a wide range of functionality including group policy processing itself. Reverting a change to this policy setting can require manual intervention on each affected machine. This policy setting should never be applied to a domain controller.
+This policy setting impacts all RPC applications. In a domain environment, this policy setting should be used with caution as it can impact a wide range of functionality including group policy processing itself. Reverting a change to this policy setting can require manual intervention on each affected machine. This policy setting should never be applied to a domain controller.
If you disable this policy setting, the RPC server runtime uses the value of "Authenticated" on Windows Client, and the value of "None" on Windows Server versions that support this policy setting.
-If you don't configure this policy setting, it remains disabled. The RPC server runtime will behave as though it was enabled with the value of "Authenticated" used for Windows Client and the value of "None" used for Server SKUs that support this policy setting.
+If you don't configure this policy setting, it remains disabled. The RPC server runtime will behave as though it was enabled with the value of "Authenticated" used for Windows Client, and the value of "None" used for Server SKUs that support this policy setting.
If you enable this policy setting, it directs the RPC server runtime to restrict unauthenticated RPC clients connecting to RPC servers running on a machine. A client will be considered an authenticated client if it uses a named pipe to communicate with the server or if it uses RPC Security. RPC Interfaces that have requested to be accessible by unauthenticated clients may be exempt from this restriction, depending on the selected value for this policy setting.
@@ -128,7 +130,7 @@ If you enable this policy setting, it directs the RPC server runtime to restrict
- "Authenticated" allows only authenticated RPC Clients (per the definition above) to connect to RPC Servers running on the machine on which the policy setting is applied. Exemptions are granted to interfaces that have requested them.
-- "Authenticated without exceptions" allows only authenticated RPC Clients (per the definition above) to connect to RPC Servers running on the machine on which the policy setting is applied. No exceptions are allowed.
+- "Authenticated without exceptions" allows only authenticated RPC Clients (per the definition above) to connect to RPC Servers running on the machine on which the policy setting is applied. No exceptions are allowed.
> [!NOTE]
> This policy setting won't be applied until the system is rebooted.
@@ -148,3 +150,6 @@ ADMX Info:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-remoteshell.md b/windows/client-management/mdm/policy-csp-remoteshell.md
index 25abffed2e..9596508d36 100644
--- a/windows/client-management/mdm/policy-csp-remoteshell.md
+++ b/windows/client-management/mdm/policy-csp-remoteshell.md
@@ -14,7 +14,6 @@ manager: dansimp
# Policy CSP - RemoteShell
-
@@ -45,11 +44,11 @@ manager: dansimp
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -62,6 +61,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -108,6 +108,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -127,7 +128,7 @@ ADMX Info:
This policy setting configures the maximum number of users able to concurrently perform remote shell operations on the system.
-The value can be any number from 1 to 100.
+The value can be any number from 1 to 100.
If you enable this policy setting, the new shell connections are rejected if they exceed the specified limit.
@@ -156,6 +157,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -173,7 +175,7 @@ ADMX Info:
-This policy setting configures the maximum time in milliseconds remote shell will stay open without any user activity until it is automatically deleted.
+This policy setting configures the maximum time in milliseconds, and remote shell will stay open without any user activity until it is automatically deleted.
Any value from 0 to 0x7FFFFFFF can be set. A minimum of 60000 milliseconds (1 minute) is used for smaller values.
@@ -204,6 +206,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -252,6 +255,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -273,7 +277,7 @@ This policy setting configures the maximum number of processes a remote shell is
If you enable this policy setting, you can specify any number from 0 to 0x7FFFFFFF to set the maximum number of process per shell. Zero (0) means unlimited number of processes.
-If you disable or do not configure this policy setting, the limit is five processes per shell.
+If you disable or do not configure this policy setting, the limit is five processes per shell.
@@ -298,6 +302,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -315,7 +320,7 @@ ADMX Info:
-This policy setting configures the maximum number of concurrent shells any user can remotely open on the same system.
+This policy setting configures the maximum number of concurrent shells and any user can remotely open on the same system.
Any number from 0 to 0x7FFFFFFF can be set, where 0 means unlimited number of shells.
@@ -346,6 +351,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -380,3 +386,6 @@ ADMX Info:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-restrictedgroups.md b/windows/client-management/mdm/policy-csp-restrictedgroups.md
index 4c77b145dc..74e05f8d7b 100644
--- a/windows/client-management/mdm/policy-csp-restrictedgroups.md
+++ b/windows/client-management/mdm/policy-csp-restrictedgroups.md
@@ -15,7 +15,7 @@ manager: dansimp
# Policy CSP - RestrictedGroups
> [!IMPORTANT]
-> Starting from Windows 10, version 20H2, it is recommended to use the [LocalUsersandGroups](policy-csp-localusersandgroups.md) policy instead of the RestrictedGroups policy to configure members (users or AAD groups) to a Windows 10 local group. Applying both the policies to the same device is unsupported and may yield unpredictable results.
+> Starting from Windows 10, version 20H2, it is recommended to use the [LocalUsersandGroups](policy-csp-localusersandgroups.md) policy instead of the RestrictedGroups policy, to configure members (users or Azure Active Directory groups) to a Windows 10 local group. Applying both the policies to the same device is unsupported and may yield unpredictable results.
@@ -41,6 +41,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -60,7 +61,7 @@ manager: dansimp
This security setting allows an administrator to define the members that are part of a security-sensitive (restricted) group. When a Restricted Groups policy is enforced, any current member of a restricted group that is not on the Members list is removed, except for the built-in administrator in the built-in Administrators group. Any user on the Members list who is not currently a member of the restricted group is added. An empty Members list means that the restricted group has no members. The membership configuration is based on SIDS, therefore renaming these built-in groups does not affect retention of this special membership.
-For example, you can create a Restricted Groups policy to allow only specified users, Alice and John, to be members of the Backup Operators group. When this policy is refreshed, only Alice and John will remain as members of the Backup Operators group and all other members will be removed.
+For example, you can create a Restricted Groups policy to allow only specified users. Alice and John, to be members of the Backup Operators group. When this policy is refreshed, only Alice and John will remain as members of the Backup Operators group, and all other members will be removed.
> [!CAUTION]
> Attempting to remove the built-in administrator from the Administrators group will result in failure with the following error:
@@ -69,7 +70,7 @@ For example, you can create a Restricted Groups policy to allow only specified u
> |----------|----------|----------|----------|
> | 0x55b (Hex) 1371 (Dec) |ERROR_SPECIAL_ACCOUNT|Cannot perform this operation on built-in accounts.| winerror.h |
-Starting in Windows 10, version 1809, you can use this schema for retrieval and application of the RestrictedGroups/ConfigureGroupMembership policy. A minimum occurrence of zero members when applying the policy implies clearing the access group and should be used with caution.
+Starting in Windows 10, version 1809, you can use this schema for retrieval and application of the RestrictedGroups/ConfigureGroupMembership policy. A minimum occurrence of zero members when applying the policy implies clearing the access group, and should be used with caution.
```xml
@@ -152,7 +153,7 @@ The following table describes how this policy setting behaves in different Windo
| ------------------ | --------------- |
|Windows 10, version 1803 | Added this policy setting. XML accepts group and member only by name. Supports configuring the administrators group using the group name. Expects member name to be in the account name format. |
| Windows 10, version 1809 Windows 10, version 1903 Windows 10, version 1909 | Supports configuring any local group. `` accepts only name. `` accepts a name or an SID. This is useful when you want to ensure a certain local group always has a well-known SID as member. |
-| Windows 10, version 2004 | Behaves as described in this topic. Accepts name or SID for group and members and translates as appropriate. |
+| Windows 10, version 2004 | Behaves as described in this topic. Accepts name or SID for group and members and translates as appropriate.|
@@ -160,3 +161,7 @@ The following table describes how this policy setting behaves in different Windo
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md
index b56f078278..6c61c3e748 100644
--- a/windows/client-management/mdm/policy-csp-search.md
+++ b/windows/client-management/mdm/policy-csp-search.md
@@ -80,6 +80,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -97,7 +98,7 @@ manager: dansimp
-Allow search and Cortana to search cloud sources like OneDrive and SharePoint. This policy allows corporate administrators to control whether employees can turn off/on the search of these cloud sources. The default policy value is to allow employees access to the setting that controls search of cloud sources.
+Allow Search and Cortana to search cloud sources like OneDrive and SharePoint. This policy allows corporate administrators to control whether employees can turn off/on the search of these cloud sources. The default policy value is to allow employees access to the setting that controls search of cloud sources.
@@ -129,6 +130,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -160,7 +162,7 @@ ADMX Info:
-This value is a simple boolean value, default false, that can be set by MDM policy to allow the Cortana Page in OOBE when logged in with an AAD account.
+This value is a simple boolean value, default false, that can be set by MDM policy to allow the Cortana Page in OOBE when logged in with an Azure Active Directory account.
@@ -177,6 +179,7 @@ This value is a simple boolean value, default false, that can be set by MDM poli
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -231,6 +234,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -250,9 +254,9 @@ The following list shows the supported values:
Allows or disallows the indexing of items. This switch is for the Windows Search Indexer, which controls whether it will index items that are encrypted, such as the Windows Information Protection (WIP) protected files.
-When the policy is enabled, WIP protected items are indexed and the metadata about them are stored in an unencrypted location. The metadata includes things like file path and date modified.
+When the policy is enabled, WIP protected items are indexed and the metadata about them are stored in an unencrypted location. The metadata includes file path and date modified.
-When the policy is disabled, the WIP protected items aren't indexed and don't show up in the results in Cortana or file explorer. There may also be a performance impact on photos and Groove apps if there are many WIP-protected media files on the device.
+When the policy is disabled, the WIP protected items aren't indexed and don't show up in the results in Cortana or file explorer. There may also be a performance impact on photos and Groove apps, if there are many WIP-protected media files on the device.
Most restricted value is 0.
@@ -285,6 +289,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -335,6 +340,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -357,7 +363,6 @@ This policy controls whether search highlights are shown in the search box or in
- If you enable this policy setting, then this setting turns on search highlights in the search box or in the search home.
- If you disable this policy setting, then this setting turns off search highlights in the search box or in the search home.
-
ADMX Info:
@@ -369,11 +374,13 @@ ADMX Info:
The following list shows the supported values in Windows 10:
-- Not Configured/ Enabled (default) – Enabling or not configuring this setting turns on search highlights in the taskbar search box and in search home.
+
+- Not Configured/ Enabled (default) – Enabling or not configuring this setting turns on search highlights in the taskbar search box and in search home.
- Disabled – Disabling this setting turns off search highlights in the taskbar search box and in search home.
The following list shows the supported values in Windows 11:
+
- Not Configured/ Enabled (default) – Enabling or not configuring this setting turns on search highlights in the start menu search box and in search home.
- Disabled – Disabling this setting turns off search highlights in the start menu search box and in search home.
@@ -403,6 +410,7 @@ This policy has been deprecated.
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -422,7 +430,6 @@ This policy has been deprecated.
Allows the use of diacritics.
-
Most restricted value is 0.
@@ -454,6 +461,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -471,7 +479,7 @@ The following list shows the supported values:
-Allow Windows indexer. Value type is integer.
+Allow Windows indexer. Supported value type is integer.
@@ -487,6 +495,7 @@ Allow Windows indexer. Value type is integer.
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -506,7 +515,6 @@ Allow Windows indexer. Value type is integer.
Specifies whether to always use automatic language detection when indexing content and properties.
-
Most restricted value is 0.
@@ -538,6 +546,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -586,6 +595,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -638,6 +648,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -659,9 +670,9 @@ Don't search the web or display web results in Search, or show search highlights
This policy setting allows you to control whether or not Search can perform queries on the web, if web results are displayed in Search, and if search highlights are shown in the search box and in search home.
-- If you enable this policy setting, queries won't be performed on the web, web results won't be displayed when a user performs a query in Search, and search highlights won't be shown in the search box and in search home.
+- If you enable this policy setting, queries won't be performed on the web. Web results won't be displayed when a user performs a query in Search, and search highlights won't be shown in the search box and in search home.
-- If you disable this policy setting, queries will be performed on the web, web results will be displayed when a user performs a query in Search, and search highlights will be shown in the search box and in search home.
+- If you disable this policy setting, queries will be performed on the web. Web results will be displayed when a user performs a query in Search, and search highlights will be shown in the search box and in search home.
@@ -675,8 +686,8 @@ ADMX Info:
The following list shows the supported values:
-- 0 - Not allowed. Queries won't be performed on the web, web results won't be displayed when a user performs a query in Search, and search highlights won't be shown in the search box and in search home.
-- 1 (default) - Allowed. Queries will be performed on the web, web results will be displayed when a user performs a query in Search, and search highlights will be shown in the search box and in search home.
+- 0 - Not allowed. Queries won't be performed on the web. Web results won't be displayed when a user performs a query in Search, and search highlights won't be shown in the search box and in search home.
+- 1 (default) - Allowed. Queries will be performed on the web. Web results will be displayed when a user performs a query in Search, and search highlights will be shown in the search box and in search home.
@@ -692,6 +703,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -711,7 +723,7 @@ The following list shows the supported values:
Enabling this policy prevents indexing from continuing after less than the specified amount of hard drive space is left on the same drive as the index location. Select between 0 and 1.
-Enable this policy if computers in your environment have limited hard drive space.
+Enable this policy, if computers in your environment have limited hard drive space.
When this policy is disabled or not configured, Windows Desktop Search automatically manages your index size.
@@ -744,6 +756,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -786,3 +799,6 @@ The following list shows the supported values:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-security.md b/windows/client-management/mdm/policy-csp-security.md
index dcf870fbf8..7399515109 100644
--- a/windows/client-management/mdm/policy-csp-security.md
+++ b/windows/client-management/mdm/policy-csp-security.md
@@ -14,7 +14,6 @@ manager: dansimp
# Policy CSP - Security
-
@@ -53,7 +52,6 @@ manager: dansimp
-
@@ -65,6 +63,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -127,6 +126,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -167,6 +167,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|||
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -185,7 +186,7 @@ The following list shows the supported values:
-Admin access is required. The prompt will appear on first admin logon after a reboot when the TPM is in a non-ready state that can be remediated with a TPM Clear. The prompt will have a description of what clearing the TPM does and that it requires a reboot. The user can dismiss it, but it will appear on next admin logon after restart.
+Admin access is required. The prompt will appear on first admin logon after a reboot, when the TPM is in a non-ready state that can be remediated with a TPM Clear. The prompt will have a description of what clearing the TPM does and that it requires a reboot. The user can dismiss it, but it will appear on next admin logon after restart.
@@ -200,7 +201,7 @@ ADMX Info:
The following list shows the supported values:
- 0 (default) – Won't force recovery from a non-ready TPM state.
-- 1 – Will prompt to clear the TPM if the TPM is in a non-ready state (or reduced functionality) which can be remediated with a TPM Clear.
+- 1 – Will prompt to clear the TPM, if the TPM is in a non-ready state (or reduced functionality) which can be remediated with a TPM Clear.
@@ -216,6 +217,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -242,9 +244,9 @@ Configures the use of passwords for Windows features.
The following list shows the supported values:
-- 0 -Disallow passwords (Asymmetric credentials will be promoted to replace passwords on Windows features)
-- 1- Allow passwords (Passwords continue to be allowed to be used for Windows features)
-- 2- Default (Feature defaults as per SKU and device capabilities. Windows 10 S devices will exhibit "Disallow passwords" default, and all other devices will default to "Allow passwords")
+- 0 -Disallow passwords (Asymmetric credentials will be promoted to replace passwords on Windows features).
+- 1- Allow passwords (Passwords continue to be allowed to be used for Windows features).
+- 2- Default (Feature defaults as per SKU and device capabilities. Windows 10 S devices will exhibit "Disallow passwords" default, and all other devices will default to "Allow passwords").
@@ -260,6 +262,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -303,6 +306,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -324,9 +328,10 @@ The following list shows the supported values:
This policy controls the Admin Authentication requirement in RecoveryEnvironment.
Supported values:
-- 0 - Default: Keep using default(current) behavior
-- 1 - RequireAuthentication: Admin Authentication is always required for components in RecoveryEnvironment
-- 2 - NoRequireAuthentication: Admin Authentication isn't required for components in RecoveryEnvironment
+
+- 0 - Default: Keep using default(current) behavior.
+- 1 - RequireAuthentication: Admin Authentication is always required for components in RecoveryEnvironment.
+- 2 - NoRequireAuthentication: Admin Authentication isn't required for components in RecoveryEnvironment.
@@ -374,6 +379,7 @@ If the MDM policy is set to "NoRequireAuthentication" (2)
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -393,7 +399,6 @@ If the MDM policy is set to "NoRequireAuthentication" (2)
Allows enterprise to turn on internal storage encryption.
-
Most restricted value is 1.
> [!IMPORTANT]
@@ -420,6 +425,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -460,6 +466,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -477,8 +484,7 @@ The following list shows the supported values:
-Specifies whether to retrieve and post TCG Boot logs, and get or cache an encrypted or signed Health Attestation Report from the Microsoft Health Attestation Service (HAS) when a device boots or reboots.
-
+Specifies whether to retrieve and post TCG Boot logs, and get or cache an encrypted or signed Health Attestation Report from the Microsoft Health Attestation Service (HAS), when a device boots or reboots.
Setting this policy to 1 (Required):
@@ -488,7 +494,6 @@ Setting this policy to 1 (Required):
> [!NOTE]
> We recommend that this policy is set to Required after MDM enrollment.
-
Most restricted value is 1.
@@ -504,3 +509,7 @@ The following list shows the supported values:
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-servicecontrolmanager.md b/windows/client-management/mdm/policy-csp-servicecontrolmanager.md
index 118dd3a3a7..55e1034d36 100644
--- a/windows/client-management/mdm/policy-csp-servicecontrolmanager.md
+++ b/windows/client-management/mdm/policy-csp-servicecontrolmanager.md
@@ -12,8 +12,6 @@ ms.date: 09/27/2019
# Policy CSP - ServiceControlManager
-
-
@@ -25,7 +23,6 @@ ms.date: 09/27/2019
-
@@ -37,6 +34,7 @@ ms.date: 09/27/2019
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -67,11 +65,11 @@ If you disable or do not configure this policy setting, the stricter security se
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -96,3 +94,7 @@ Supported values:
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-settings.md b/windows/client-management/mdm/policy-csp-settings.md
index 1b0e0f8bc4..1b3303cfb8 100644
--- a/windows/client-management/mdm/policy-csp-settings.md
+++ b/windows/client-management/mdm/policy-csp-settings.md
@@ -64,7 +64,6 @@ manager: dansimp
-
@@ -76,6 +75,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -120,6 +120,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -163,6 +164,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -249,7 +251,7 @@ This policy disables edit device name option on Settings.
-Describes what values are supported in by this policy and meaning of each value, default value.
+Describes what values are supported in/by this policy and meaning of each value, and default value.
@@ -265,6 +267,7 @@ Describes what values are supported in by this policy and meaning of each value,
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -306,6 +309,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -350,6 +354,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -391,6 +396,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -432,6 +438,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -473,6 +480,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -513,6 +521,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -554,6 +563,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -594,6 +604,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -611,7 +622,7 @@ The following list shows the supported values:
-Allows IT Admins to configure the default setting for showing more calendars (besides the default calendar for the locale) in the taskbar clock and calendar flyout. Other supported calendars are: Simplified or Traditional Chinese lunar calendar. Turning on one of these calendars will display Chinese lunar dates below the default calendar for the locale. Select "Don't show additional calendars" to prevent showing other calendars besides the default calendar for the locale.
+Allows IT Admins to configure the default setting for showing more calendars (besides the default calendar for the locale) in the taskbar clock and calendar flyout. Other supported calendars are: Simplified or Traditional Chinese lunar calendar. Turning on one of these calendars will display Chinese lunar dates below the default calendar for the locale. Select "Don't show additional calendars" to prevent showing other calendars besides the default calendar for the locale.
@@ -644,6 +655,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -664,21 +676,21 @@ The following list shows the supported values:
Allows IT Admins to either:
-- Prevent specific pages in the System Settings app from being visible or accessible
+- Prevent specific pages in the System Settings app from being visible or accessible.
OR
-- To do so for all pages except the pages you enter
+- To do so for all pages except the pages you enter.
The mode will be specified by the policy string beginning with either the string `showonly:` or `hide:`. Pages are identified by a shortened version of their already published URIs, which is the URI minus the "ms-settings:" prefix.
-For example, if the URI for a settings page is "ms-settings:bluetooth", the page identifier used in the policy will be just "bluetooth". Multiple page identifiers are separated by semicolons. For more information on the URI reference scheme used for the various pages of the System Settings app, see [ms-settings: URI scheme reference](/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference).
+For example, if the URI for a settings page is "ms-settings:bluetooth", the page identifier used in the policy will be just "bluetooth". Multiple page identifiers are separated by semicolons. For more information on the URI reference scheme used for the various pages of the System Settings app, see [ms-settings: URI scheme reference](/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference).
The following example shows a policy that allows access only to the **about** and **bluetooth** pages, which have URI "ms-settings:about" and "ms-settings:bluetooth" respectively:
`showonly:about;bluetooth`
-If the policy isn't specified, then the behavior is that no pages are affected. If the policy string is formatted incorrectly, then it's ignored (that is, treated as not set). It's ignored to prevent the machine from becoming unserviceable if data corruption occurs. If a page is already hidden for another reason, then it stays hidden, even if the page is in a `showonly:` list.
+If the policy isn't specified, then the behavior is that no pages are affected. If the policy string is formatted incorrectly, then it's ignored (that is, treated as not set). It's ignored to prevent the machine from becoming unserviceable, if data corruption occurs. If a page is already hidden for another reason, then it stays hidden, even if the page is in a `showonly:` list.
The format of the PageVisibilityList value is as follows:
@@ -721,3 +733,6 @@ To validate on Desktop, use the following steps:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-smartscreen.md b/windows/client-management/mdm/policy-csp-smartscreen.md
index 5da64f872e..cb36588175 100644
--- a/windows/client-management/mdm/policy-csp-smartscreen.md
+++ b/windows/client-management/mdm/policy-csp-smartscreen.md
@@ -44,6 +44,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -95,6 +96,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -143,6 +145,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-speech.md b/windows/client-management/mdm/policy-csp-speech.md
index fe81410adf..f46af42add 100644
--- a/windows/client-management/mdm/policy-csp-speech.md
+++ b/windows/client-management/mdm/policy-csp-speech.md
@@ -14,7 +14,6 @@ manager: dansimp
# Policy CSP - Speech
-
@@ -26,7 +25,6 @@ manager: dansimp
-
@@ -38,6 +36,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -79,3 +78,6 @@ The following list shows the supported values:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md
index f760f05bc0..3eacbd485d 100644
--- a/windows/client-management/mdm/policy-csp-start.md
+++ b/windows/client-management/mdm/policy-csp-start.md
@@ -14,7 +14,6 @@ manager: dansimp
# Policy CSP - Start
-
@@ -119,18 +118,19 @@ manager: dansimp
-
**Start/AllowPinnedFolderDocuments**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -156,7 +156,7 @@ The following list shows the supported values:
- 0 – The shortcut is hidden and disables the setting in the Settings app.
- 1 – The shortcut is visible and disables the setting in the Settings app.
-- 65535 (default) - there's no enforced configuration and the setting can be changed by the user.
+- 65535 (default) - There's no enforced configuration, and the setting can be changed by the user.
@@ -167,11 +167,13 @@ The following list shows the supported values:
**Start/AllowPinnedFolderDownloads**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -197,7 +199,7 @@ The following list shows the supported values:
- 0 – The shortcut is hidden and disables the setting in the Settings app.
- 1 – The shortcut is visible and disables the setting in the Settings app.
-- 65535 (default) - there's no enforced configuration and the setting can be changed by the user.
+- 65535 (default) - There's no enforced configuration, and the setting can be changed by the user.
@@ -208,11 +210,13 @@ The following list shows the supported values:
**Start/AllowPinnedFolderFileExplorer**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -238,7 +242,7 @@ The following list shows the supported values:
- 0 – The shortcut is hidden and disables the setting in the Settings app.
- 1 – The shortcut is visible and disables the setting in the Settings app.
-- 65535 (default) - there's no enforced configuration and the setting can be changed by the user.
+- 65535 (default) - There's no enforced configuration, and the setting can be changed by the user.
@@ -249,11 +253,13 @@ The following list shows the supported values:
**Start/AllowPinnedFolderHomeGroup**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -279,7 +285,7 @@ The following list shows the supported values:
- 0 – The shortcut is hidden and disables the setting in the Settings app.
- 1 – The shortcut is visible and disables the setting in the Settings app.
-- 65535 (default) - there's no enforced configuration and the setting can be changed by the user.
+- 65535 (default) - There's no enforced configuration, and the setting can be changed by the user.
@@ -290,11 +296,13 @@ The following list shows the supported values:
**Start/AllowPinnedFolderMusic**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -320,7 +328,7 @@ The following list shows the supported values:
- 0 – The shortcut is hidden and disables the setting in the Settings app.
- 1 – The shortcut is visible and disables the setting in the Settings app.
-- 65535 (default) - there's no enforced configuration and the setting can be changed by the user.
+- 65535 (default) - There's no enforced configuration, and the setting can be changed by the user.
@@ -331,11 +339,13 @@ The following list shows the supported values:
**Start/AllowPinnedFolderNetwork**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -361,7 +371,7 @@ The following list shows the supported values:
- 0 – The shortcut is hidden and disables the setting in the Settings app.
- 1 – The shortcut is visible and disables the setting in the Settings app.
-- 65535 (default) - there's no enforced configuration and the setting can be changed by the user.
+- 65535 (default) - There's no enforced configuration, and the setting can be changed by the user.
@@ -372,11 +382,13 @@ The following list shows the supported values:
**Start/AllowPinnedFolderPersonalFolder**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -402,7 +414,7 @@ The following list shows the supported values:
- 0 – The shortcut is hidden and disables the setting in the Settings app.
- 1 – The shortcut is visible and disables the setting in the Settings app.
-- 65535 (default) - there's no enforced configuration and the setting can be changed by the user.
+- 65535 (default) - There's no enforced configuration, and the setting can be changed by the user.
@@ -413,11 +425,13 @@ The following list shows the supported values:
**Start/AllowPinnedFolderPictures**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -443,7 +457,7 @@ The following list shows the supported values:
- 0 – The shortcut is hidden and disables the setting in the Settings app.
- 1 – The shortcut is visible and disables the setting in the Settings app.
-- 65535 (default) - there's no enforced configuration and the setting can be changed by the user.
+- 65535 (default) - There's no enforced configuration, and the setting can be changed by the user.
@@ -454,11 +468,13 @@ The following list shows the supported values:
**Start/AllowPinnedFolderSettings**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -484,7 +500,7 @@ The following list shows the supported values:
- 0 – The shortcut is hidden and disables the setting in the Settings app.
- 1 – The shortcut is visible and disables the setting in the Settings app.
-- 65535 (default) - there's no enforced configuration and the setting can be changed by the user.
+- 65535 (default) - There's no enforced configuration, and the setting can be changed by the user.
@@ -495,11 +511,13 @@ The following list shows the supported values:
**Start/AllowPinnedFolderVideos**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -525,7 +543,7 @@ The following list shows the supported values:
- 0 – The shortcut is hidden and disables the setting in the Settings app.
- 1 – The shortcut is visible and disables the setting in the Settings app.
-- 65535 (default) - there's no enforced configuration and the setting can be changed by the user.
+- 65535 (default) - There's no enforced configuration, and the setting can be changed by the user.
@@ -597,11 +615,13 @@ This string policy will take a JSON file (expected name LayoutModification.json)
**Start/DisableContextMenus**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -652,11 +672,13 @@ The following list shows the supported values:
**Start/ForceStartSize**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -678,7 +700,6 @@ The following list shows the supported values:
Forces the start screen size.
-
If there's policy configuration conflict, the latest configuration request is applied to the device.
@@ -698,11 +719,13 @@ The following list shows the supported values:
**Start/HideAppList**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -729,10 +752,9 @@ Allows IT Admins to configure Start by collapsing or removing the all apps list.
> [!Note]
> There were issues reported with the previous release of this policy and a fix was added in Windows 10, version 1709.
-
To validate on Desktop, do the following steps:
-- 1 - Enable policy and restart explorer.exe
+- 1 - Enable policy and restart explorer.exe.
- 2a - If set to '1': Verify that the all apps list is collapsed, and that the Settings toggle isn't grayed out.
- 2b - If set to '2': Verify that the all apps list is collapsed, and that the Settings toggle is grayed out.
- 2c - If set to '3': Verify that there's no way of opening the all apps list from Start, and that the Settings toggle is grayed out.
@@ -755,11 +777,13 @@ The following list shows the supported values:
**Start/HideChangeAccountSettings**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -802,11 +826,13 @@ To validate on Desktop, do the following steps:
**Start/HideFrequentlyUsedApps**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -844,8 +870,8 @@ To validate on Desktop, do the following steps:
1. Enable "Show most used apps" in the Settings app.
2. Use some apps to get them into the most used group in Start.
3. Enable policy.
-4. Restart explorer.exe
-5. Check that "Show most used apps" Settings toggle is grayed out.
+4. Restart explorer.exe.
+5. Check that "Show most used apps" Settings toggle is grayed out.
6. Check that most used apps don't appear in Start.
@@ -857,11 +883,13 @@ To validate on Desktop, do the following steps:
**Start/HideHibernate**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -881,7 +909,6 @@ To validate on Desktop, do the following steps:
Allows IT Admins to configure Start by hiding "Hibernate" from appearing in the Power button.
-
> [!NOTE]
> This policy can only be verified on laptops as "Hibernate" doesn't appear on regular PC's.
@@ -908,11 +935,13 @@ To validate on Laptop, do the following steps:
**Start/HideLock**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -955,11 +984,13 @@ To validate on Desktop, do the following steps:
**Start/HidePeopleBar**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -979,7 +1010,7 @@ To validate on Desktop, do the following steps:
Enabling this policy removes the people icon from the taskbar and the corresponding settings toggle. It also prevents users from pinning people to the taskbar.
-Value type is integer.
+Supported value type is integer.
@@ -1005,11 +1036,13 @@ The following list shows the supported values:
**Start/HidePowerButton**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1055,11 +1088,13 @@ To validate on Desktop, do the following steps:
**Start/HideRecentJumplists**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1098,7 +1133,7 @@ To validate on Desktop, do the following steps:
3. Right click the pinned photos app and verify that a jump list of recently opened items pops up.
4. Toggle "Show recently opened items in Jump Lists on Start of the taskbar" in Settings to clear jump lists.
5. Enable policy.
-6. Restart explorer.exe
+6. Restart explorer.exe.
7. Check that Settings toggle is grayed out.
8. Repeat Step 2.
9. Right Click pinned photos app and verify that there's no jump list of recent items.
@@ -1112,11 +1147,13 @@ To validate on Desktop, do the following steps:
**Start/HideRecentlyAddedApps**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1162,7 +1199,7 @@ To validate on Desktop, do the following steps:
1. Enable "Show recently added apps" in the Settings app.
2. Check if there are recently added apps in Start (if not, install some).
3. Enable policy.
-4. Restart explorer.exe
+4. Restart explorer.exe.
5. Check that "Show recently added apps" Settings toggle is grayed out.
6. Check that recently added apps don't appear in Start.
@@ -1175,11 +1212,13 @@ To validate on Desktop, do the following steps:
**Start/HideRestart**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1222,11 +1261,13 @@ To validate on Desktop, do the following steps:
**Start/HideShutDown**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1269,11 +1310,13 @@ To validate on Desktop, do the following steps:
**Start/HideSignOut**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1316,11 +1359,13 @@ To validate on Desktop, do the following steps:
**Start/HideSleep**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1363,11 +1408,13 @@ To validate on Desktop, do the following steps:
**Start/HideSwitchAccount**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1410,11 +1457,13 @@ To validate on Desktop, do the following steps:
**Start/HideUserTile**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1461,11 +1510,13 @@ To validate on Desktop, do the following steps:
**Start/ImportEdgeAssets**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1497,16 +1548,16 @@ Here's more SKU support information:
This policy imports Edge assets (for example, .png/.jpg files) for secondary tiles into its local app data path, which allows the StartLayout policy to pin Edge secondary tiles as weblink that ties to the image asset files.
> [!IMPORTANT]
-> Please note that the import happens only when StartLayout policy is changed. So it is better to always change ImportEdgeAssets policy at the same time as StartLayout policy whenever there are Edge secondary tiles to be pinned from StartLayout policy.
+> Please note that the import happens only when StartLayout policy is changed. So it is better to always change ImportEdgeAssets policy at the same time as StartLayout policy, whenever there are Edge secondary tiles to be pinned from StartLayout policy.
-The value set for this policy is an XML string containing Edge assets. For an example XML string, see [Add image for secondary Microsoft Edge tiles](/windows/configuration/start-secondary-tiles).
+The value set for this policy is an XML string containing Edge assets. For an example XML string, see [Add image for secondary Microsoft Edge tiles](/windows/configuration/start-secondary-tiles).
To validate on Desktop, do the following steps:
1. Set policy with an XML for Edge assets.
-2. Set StartLayout policy to anything so that it would trigger the Edge assets import.
+2. Set StartLayout policy to anything so that would trigger the Edge assets import.
3. Sign out/in.
4. Verify that all Edge assets defined in XML show up in %LOCALAPPDATA%\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState path.
@@ -1519,11 +1570,13 @@ To validate on Desktop, do the following steps:
**Start/NoPinningToTaskbar**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1541,7 +1594,7 @@ To validate on Desktop, do the following steps:
-Allows IT Admins to configure the taskbar by disabling pinning and unpinning apps on the taskbar.
+Allows IT Admins to configure the taskbar by disabling, pinning, and unpinning apps on the taskbar.
@@ -1565,7 +1618,6 @@ To validate on Desktop, do the following steps:
-
**Start/ShowOrHideMostUsedApps**
@@ -1622,9 +1674,9 @@ To validate on Desktop, do the following steps:
The following list shows the supported values:
-- 1 - Force showing of Most Used Apps in Start Menu, user can't change in Settings
-- 0 - Force hiding of Most Used Apps in Start Menu, user can't change in Settings
-- Not set - User can use Settings to hide or show Most Used Apps in Start Menu
+- 1 - Force showing of Most Used Apps in Start Menu, user can't change in Settings.
+- 0 - Force hiding of Most Used Apps in Start Menu, user can't change in Settings.
+- Not set - User can use Settings to hide or show Most Used Apps in Start Menu.
On clean install, the user setting defaults to "hide".
@@ -1638,11 +1690,13 @@ On clean install, the user setting defaults to "hide".
**Start/StartLayout**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -1672,7 +1726,7 @@ Here's more SKU support information:
|Windows 10, version 1607 and later |Enterprise, Education, Business |
|Windows 10, version 1709 and later |Enterprise, Education, Business, Pro, ProEducation, S, ProWorkstation |
-Allows you to override the default Start layout and prevents the user from changing it. If both user and device policies are set, the user policy will be used. Apps pinned to the taskbar can also be changed with this policy
+Allows you to override the default Start layout and prevents the user from changing it. If both user and device policies are set, the user policy will be used. Apps pinned to the taskbar can also be changed with this policy.
For more information on how to customize the Start layout, see [Customize and export Start layout](/windows/configuration/customize-and-export-start-layout) and [Configure Windows 10 taskbar](/windows/configuration/configure-windows-10-taskbar).
@@ -1689,3 +1743,7 @@ ADMX Info:
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-storage.md b/windows/client-management/mdm/policy-csp-storage.md
index 383f6aedfb..a9e43b4855 100644
--- a/windows/client-management/mdm/policy-csp-storage.md
+++ b/windows/client-management/mdm/policy-csp-storage.md
@@ -14,7 +14,6 @@ manager: dansimp
# Policy CSP - Storage
-
@@ -65,18 +64,19 @@ manager: dansimp
-
**Storage/AllowDiskHealthModelUpdates**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -96,7 +96,7 @@ manager: dansimp
Allows disk health model updates.
-Value type is integer.
+Supported value type is integer.
@@ -122,16 +122,19 @@ The following list shows the supported values:
**Storage/AllowStorageSenseGlobal**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|||
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
-Note: Versions prior to version 1903 don't support group policy.
+> [!NOTE]
+> Versions prior to version 1903 don't support group policy.
@@ -146,7 +149,7 @@ Note: Versions prior to version 1903 don't support group policy.
-Storage Sense can automatically clean some of the user’s files to free up disk space. By default, Storage Sense is automatically turned on when the machine runs into low disk space and is set to run whenever the machine runs into storage pressure. This cadence can be changed in Storage settings or set with the Storage/ConfigStorageSenseGlobalCadence group policy.
+Storage Sense can automatically clean some of the user’s files to free up disk space. By default, Storage Sense is automatically turned on when the machine runs into low disk space, and it is set to run whenever the machine runs into storage pressure. This cadence can be changed in Storage settings or set with the Storage/ConfigStorageSenseGlobalCadence group policy.
If you enable this policy setting without setting a cadence, Storage Sense is turned on for the machine with the default cadence of "during low free disk space." Users can't disable Storage Sense, but they can adjust the cadence (unless you also configure the Storage/ConfigStorageSenseGlobalCadence group policy).
@@ -179,16 +182,19 @@ ADMX Info:
**Storage/AllowStorageSenseTemporaryFilesCleanup**
+Versions prior to version 1903 don't support group policy.
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|||
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
-Note: Versions prior to version 1903 don't support group policy.
+> [!NOTE]
+> Versions prior to version 1903 don't support group policy.
@@ -239,16 +245,19 @@ ADMX Info:
**Storage/ConfigStorageSenseCloudContentDehydrationThreshold**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|||
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
-Note: Versions prior to version 1903 don't support group policy.
+> [!NOTE]
+> Versions prior to version 1903 don't support group policy.
@@ -299,16 +308,19 @@ ADMX Info:
**Storage/ConfigStorageSenseDownloadsCleanupThreshold**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|||
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
-Note: Versions prior to version 1903 don't support group policy.
+> [!NOTE]
+> Versions prior to version 1903 don't support group policy.
@@ -359,16 +371,19 @@ ADMX Info:
**Storage/ConfigStorageSenseGlobalCadence**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|||
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
-Note: Versions prior to version 1903 don't support group policy.
+> [!NOTE]
+> Versions prior to version 1903 don't support group policy.
@@ -425,16 +440,19 @@ ADMX Info:
**Storage/ConfigStorageSenseRecycleBinCleanupThreshold**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|||
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
-Note: Versions prior to version 1903 don't support group policy.
+> [!NOTE]
+> Versions prior to version 1903 don't support group policy.
@@ -485,11 +503,13 @@ ADMX Info:
**Storage/EnhancedStorageDevices**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -509,17 +529,17 @@ ADMX Info:
This policy setting configures whether or not Windows will activate an Enhanced Storage device.
-If you enable this policy setting, Windows won't activate unactivated Enhanced Storage devices.
+If you enable this policy setting, Windows won't activate un-activated Enhanced Storage devices.
-If you disable or don't configure this policy setting, Windows will activate unactivated Enhanced Storage devices.
+If you disable or don't configure this policy setting, Windows will activate un-activated Enhanced Storage devices.
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -537,11 +557,13 @@ ADMX Info:
**Storage/RemovableDiskDenyWriteAccess**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -564,7 +586,7 @@ If you enable this policy setting, write access is denied to this removable stor
> [!Note]
> To require that users write data to BitLocker-protected storage, enable the policy setting "Deny write access to drives not protected by BitLocker," which is located in "Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives."
-Supported values:
+Supported values for this policy are:
- 0 - Disable
- 1 - Enable
@@ -597,11 +619,13 @@ See [Use custom settings for Windows 10 devices in Intune](/intune/custom-settin
**Storage/WPDDevicesDenyReadAccessPerDevice**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -621,16 +645,16 @@ See [Use custom settings for Windows 10 devices in Intune](/intune/custom-settin
This policy will do the enforcement over the following protocols that are used by most portable devices, for example, mobile/IOS/Android:
-- Picture Transfer Protocol (PTP) over USB, IP, and Bluetooth
-- Media Transfer Protocol (MTP) over USB, IP, and Bluetooth
-- Mass Storage Class (MSC) over USB
+- Picture Transfer Protocol (PTP) over USB, IP, and Bluetooth.
+- Media Transfer Protocol (MTP) over USB, IP, and Bluetooth.
+- Mass Storage Class (MSC) over USB.
To enable this policy, the minimum OS requirement is Windows 10, version 1809 and [KB5003217 (OS Build 17763.1971)](https://support.microsoft.com/en-us/topic/may-20-2021-kb5003217-os-build-17763-1971-preview-08687c95-0740-421b-a205-54aa2c716b46).
If enabled, this policy will block end-user from Read access on any Windows Portal devices, for example, mobile/iOS/Android.
>[!NOTE]
-> WPD policy is not a reliable policy for removable storage - admin can not use WPD policy to block removable storage, for example, if an end-user is using an USB thumb drive under a WPD policy, the policy may block PTP/MTP/etc, but end-user can still browser the USB via explorer.
+> WPD policy is not a reliable policy for removable storage - admin can not use WPD policy to block removable storage. For example, if an end-user is using an USB thumb drive under a WPD policy, the policy may block PTP/MTP/etc, but end-user can still browse the USB via explorer.
Supported values for this policy are:
- Not configured
@@ -659,11 +683,13 @@ ADMX Info:
**Storage/WPDDevicesDenyReadAccessPerUser**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -683,16 +709,16 @@ ADMX Info:
This policy will do the enforcement over the following protocols that are used by most portable devices, for example, mobile/IOS/Android:
-- Picture Transfer Protocol (PTP) over USB, IP, and Bluetooth
-- Media Transfer Protocol (MTP) over USB, IP, and Bluetooth
-- Mass Storage Class (MSC) over USB
+- Picture Transfer Protocol (PTP) over USB, IP, and Bluetooth.
+- Media Transfer Protocol (MTP) over USB, IP, and Bluetooth.
+- Mass Storage Class (MSC) over USB.
To enable this policy, the minimum OS requirement is Windows 10, version 1809 and [KB5003217 (OS Build 17763.1971)](https://support.microsoft.com/en-us/topic/may-20-2021-kb5003217-os-build-17763-1971-preview-08687c95-0740-421b-a205-54aa2c716b46).
If enabled, this policy will block end-user from Read access on any Windows Portal devices, for example, mobile/iOS/Android.
>[!NOTE]
-> WPD policy is not a reliable policy for removable storage - admin can not use WPD policy to block removable storage, e.g. if an end-user is using an USB thumb drive under a WPD policy, the policy may block PTP/MTP/etc, but end-user can still browser the USB via explorer.
+> WPD policy is not a reliable policy for removable storage - admin can not use WPD policy to block removable storage. For example, if an end-user is using an USB thumb drive under a WPD policy, the policy may block PTP/MTP/etc, but end-user can still browse the USB via explorer.
Supported values for this policy are:
- Not configured
@@ -721,11 +747,13 @@ ADMX Info:
**Storage/WPDDevicesDenyWriteAccessPerDevice**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -745,16 +773,16 @@ ADMX Info:
This policy will do the enforcement over the following protocols that are used by most portable devices, for example, mobile/IOS/Android:
-- Picture Transfer Protocol (PTP) over USB, IP, and Bluetooth
-- Media Transfer Protocol (MTP) over USB, IP, and Bluetooth
-- Mass Storage Class (MSC) over USB
+- Picture Transfer Protocol (PTP) over USB, IP, and Bluetooth.
+- Media Transfer Protocol (MTP) over USB, IP, and Bluetooth.
+- Mass Storage Class (MSC) over USB.
To enable this policy, the minimum OS requirement is Windows 10, version 1809 and [KB5003217 (OS Build 17763.1971)](https://support.microsoft.com/en-us/topic/may-20-2021-kb5003217-os-build-17763-1971-preview-08687c95-0740-421b-a205-54aa2c716b46).
If enabled, this policy will block end-user from Write access on any Windows Portal devices, for example, mobile/iOS/Android.
>[!NOTE]
-> WPD policy is not a reliable policy for removable storage - admin can not use WPD policy to block removable storage, e.g. if an end-user is using an USB thumb drive under a WPD policy, the policy may block PTP/MTP/etc, but end-user can still browser the USB via explorer.
+> WPD policy is not a reliable policy for removable storage - admin can not use WPD policy to block removable storage. For example, if an end-user is using an USB thumb drive under a WPD policy, the policy may block PTP/MTP/etc, but end-user can still browse the USB via explorer.
Supported values for this policy are:
- Not configured
@@ -783,11 +811,13 @@ ADMX Info:
**Storage/WPDDevicesDenyWriteAccessPerUser**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -807,16 +837,16 @@ ADMX Info:
This policy will do the enforcement over the following protocols that are used by most portable devices, for example, mobile/IOS/Android:
-- Picture Transfer Protocol (PTP) over USB, IP, and Bluetooth
-- Media Transfer Protocol (MTP) over USB, IP, and Bluetooth
-- Mass Storage Class (MSC) over USB
+- Picture Transfer Protocol (PTP) over USB, IP, and Bluetooth.
+- Media Transfer Protocol (MTP) over USB, IP, and Bluetooth.
+- Mass Storage Class (MSC) over USB.
To enable this policy, the minimum OS requirement is Windows 10, version 1809 and [KB5003217 (OS Build 17763.1971)](https://support.microsoft.com/en-us/topic/may-20-2021-kb5003217-os-build-17763-1971-preview-08687c95-0740-421b-a205-54aa2c716b46).
If enabled, this policy will block end-user from Write access on any Windows Portal devices, for example, mobile/iOS/Android.
>[!NOTE]
-> WPD policy is not a reliable policy for removable storage - admin can not use WPD policy to block removable storage, e.g. if an end-user is using an USB thumb drive under a WPD policy, the policy may block PTP/MTP/etc, but end-user can still browser the USB via explorer.
+> WPD policy is not a reliable policy for removable storage - admin can not use WPD policy to block removable storage. For example, if an end-user is using an USB thumb drive under a WPD policy, the policy may block PTP/MTP/etc, but end-user can still browse the USB via explorer.
Supported values for this policy are:
- Not configured
@@ -846,16 +876,19 @@ ADMX Info:
**StorageHealthMonitor/DisableStorageHealthMonitor**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
-Note: Versions prior to 21H2 will not support this policy
+> [!NOTE]
+> Versions prior to 21H2 will not support this policy
@@ -872,15 +905,15 @@ Note: Versions prior to 21H2 will not support this policy
Allows disable of Storage Health Monitor.
-Value type is integer.
+Supported value type is integer.
The following list shows the supported values:
-- 0 - Storage Health Monitor is Enabled
-- 1 - Storage Health Monitor is Disabled
+- 0 - Storage Health Monitor is Enabled.
+- 1 - Storage Health Monitor is Disabled.
@@ -889,3 +922,7 @@ The following list shows the supported values:
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index a2830db2e2..b44458dd98 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -14,8 +14,6 @@ manager: dansimp
# Policy CSP - System
-
-
@@ -118,11 +116,13 @@ manager: dansimp
**System/AllowBuildPreview**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -171,11 +171,13 @@ The following list shows the supported values:
**System/AllowCommercialDataPipeline**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -192,12 +194,12 @@ The following list shows the supported values:
-This policy setting configures an Azure Active Directory joined device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the [Product Terms](https://www.microsoft.com/licensing/terms/productoffering).
+This policy setting configures an Azure Active Directory-joined device, so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the [Product Terms](https://www.microsoft.com/licensing/terms/productoffering).
To enable this behavior, you must complete two steps:
- 1. Enable this policy setting
- 2. Join an Azure Active Directory account to the device
+ 1. Enable this policy setting.
+ 2. Join an Azure Active Directory account to the device.
Windows diagnostic data is collected when the Allow Telemetry policy setting is set to 1 – **Required (Basic)** or above.
@@ -244,11 +246,11 @@ This policy setting, in combination with the Allow Telemetry and Configure the C
To enable this behavior, you must complete three steps:
- 1. Enable this policy setting
- 2. Set **AllowTelemetry** to 1 – **Required (Basic)** or above
- 3. Set the Configure the Commercial ID setting for your Desktop Analytics workspace
+ 1. Enable this policy setting.
+ 2. Set **AllowTelemetry** to 1 – **Required (Basic)** or above.
+ 3. Set the Configure the Commercial ID setting for your Desktop Analytics workspace.
-This setting has no effect on devices unless they're properly enrolled in Desktop Analytics.
+This setting has no effect on devices, unless they're properly enrolled in Desktop Analytics.
When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments.
@@ -268,11 +270,13 @@ The following list shows the supported values:
**System/AllowDeviceNameInDiagnosticData**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -289,7 +293,7 @@ The following list shows the supported values:
-This policy allows the device name to be sent to Microsoft as part of Windows diagnostic data. If you disable or don't configure this policy setting, then device name won't be sent to Microsoft as part of Windows diagnostic data.
+This policy allows the device name to be sent to Microsoft as part of Windows diagnostic data. If you disable or don't configure this policy setting, then device name won't be sent to Microsoft as part of Windows diagnostic data.
@@ -322,11 +326,13 @@ The following list shows the supported values:
**System/AllowEmbeddedMode**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -363,11 +369,13 @@ The following list shows the supported values:
**System/AllowExperimentation**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -389,7 +397,6 @@ The following list shows the supported values:
This policy setting determines the level that Microsoft can experiment with the product to study user preferences or device behavior.
-
Most restricted value is 0.
@@ -409,11 +416,13 @@ The following list shows the supported values:
**System/AllowFontProviders**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -451,8 +460,8 @@ ADMX Info:
The following list shows the supported values:
-- 0 - false - No traffic to fs.microsoft.com and only locally installed fonts are available.
-- 1 - true (default) - There may be network traffic to fs.microsoft.com and downloadable fonts are available to apps that support them.
+- 0 - false - No traffic to fs.microsoft.com, and only locally installed fonts are available.
+- 1 - true (default) - There may be network traffic to fs.microsoft.com, and downloadable fonts are available to apps that support them.
@@ -469,11 +478,13 @@ To verify if System/AllowFontProviders is set to true:
**System/AllowLocation**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -492,7 +503,6 @@ To verify if System/AllowFontProviders is set to true:
Specifies whether to allow app access to the Location service.
-
Most restricted value is 0.
While the policy is set to 0 (Force Location Off) or 2 (Force Location On), any Location service call from an app would trigger the value set by this policy.
@@ -527,11 +537,11 @@ The following list shows the supported values:
-This policy setting configures an Azure Active Directory joined device so that Microsoft is the processor of the Windows diagnostic data.
+This policy setting configures an Azure Active Directory-joined device so that Microsoft is the processor of the Windows diagnostic data.
For customers who enroll into the Microsoft Managed Desktop service, this policy will be enabled by default to allow Microsoft to process data for operational and analytic needs. For more information, see [Privacy and personal data](/microsoft-365/managed-desktop/service-description/privacy-personal-data).
-This setting has no effect on devices unless they're properly enrolled in Microsoft Managed Desktop.
+This setting has no effect on devices, unless they're properly enrolled in Microsoft Managed Desktop.
When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments.
@@ -546,11 +556,13 @@ If you disable this policy setting, devices may not appear in Microsoft Managed
**System/AllowStorageCard**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -575,7 +587,7 @@ Most restricted value is 0.
The following list shows the supported values:
-- 0 – SD card use isn't allowed and USB drives are disabled. This setting doesn't prevent programmatic access to the storage card.
+- 0 – SD card use isn't allowed, and USB drives are disabled. This setting doesn't prevent programmatic access to the storage card.
- 1 (default) – Allow a storage card.
@@ -587,11 +599,13 @@ The following list shows the supported values:
**System/AllowTelemetry**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -618,7 +632,6 @@ The following list shows the supported values for Windows 8.1:
- 1 – Allowed, except for Secondary Data Requests.
- 2 (default) – Allowed.
-
In Windows 10, you can configure this policy setting to decide what level of diagnostic data to send to Microsoft.
The following list shows the supported values for Windows 10 version 1809 and older, choose the value that is applicable to your OS version (older OS values are displayed in the brackets):
@@ -657,11 +670,13 @@ ADMX Info:
**System/AllowUpdateComplianceProcessing**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -683,9 +698,9 @@ This policy setting, in combination with the Allow Telemetry and Configure the C
To enable this behavior, you must complete three steps:
- 1. Enable this policy setting
- 2. Set **AllowTelemetry** to 1 – **Required (Basic)** or above
- 3. Set the Configure the Commercial ID setting for your Update Compliance workspace
+ 1. Enable this policy setting.
+ 2. Set **AllowTelemetry** to 1 – **Required (Basic)** or above.
+ 3. Set the Configure the Commercial ID setting for your Update Compliance workspace.
When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments.
@@ -716,11 +731,13 @@ The following list shows the supported values:
**System/AllowUserToResetPhone**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -761,13 +778,13 @@ The following list shows the supported values:
-This policy setting configures an Azure Active Directory joined device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the [Product Terms](https://www.microsoft.com/licensing/terms/productoffering).
+This policy setting configures an Azure Active Directory-joined device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the [Product Terms](https://www.microsoft.com/licensing/terms/productoffering).
To enable this behavior, you must complete three steps:
- 1. Enable this policy setting
- 2. Set **AllowTelemetry** to 1 – **Required (Basic)** or above
- 3. Join an Azure Active Directory account to the device
+ 1. Enable this policy setting.
+ 2. Set **AllowTelemetry** to 1 – **Required (Basic)** or above.
+ 3. Join an Azure Active Directory account to the device.
When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments.
@@ -788,11 +805,13 @@ The following list shows the supported values:
**System/BootStartDriverInitialization**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -815,19 +834,19 @@ This policy setting allows you to specify which boot-start drivers are initializ
- Bad, but required for boot: The driver has been identified as malware, but the computer can't successfully boot without loading this driver.
- Unknown: This driver hasn't been attested to by your malware detection application and hasn't been classified by the Early Launch Antimalware boot-start driver.
-If you enable this policy setting, you'll be able to choose which boot-start drivers to initialize the next time the computer is started.
+If you enable this policy setting, you'll be able to choose which boot-start drivers to initialize next time the computer is started.
-If you disable or don't configure this policy setting, the boot start drivers determined to be Good, Unknown or Bad but Boot Critical are initialized and the initialization of drivers determined to be Bad is skipped.
+If you disable or don't configure this policy setting, the boot start drivers determined to be Good, Unknown, or Bad, but Boot Critical are initialized and the initialization of drivers determined to be Bad is skipped.
If your malware detection application doesn't include an Early Launch Antimalware boot-start driver or if your Early Launch Antimalware boot-start driver has been disabled, this setting has no effect and all boot-start drivers are initialized.
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -845,11 +864,13 @@ ADMX Info:
**System/ConfigureMicrosoft365UploadEndpoint**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -872,7 +893,7 @@ If your organization is participating in the program and has been instructed to
The value for this setting will be provided by Microsoft as part of the onboarding process for the program.
-Value type is string.
+Supported value type is string.
ADMX Info:
@@ -900,11 +921,13 @@ ADMX Info:
**System/ConfigureTelemetryOptInChangeNotification**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -922,8 +945,9 @@ ADMX Info:
This policy setting determines whether a device shows notifications about telemetry levels to people on first sign in or when changes occur in Settings.
-If you set this policy setting to "Disable telemetry change notifications", telemetry level notifications stop appearing.
-If you set this policy setting to "Enable telemetry change notifications" or don't configure this policy setting, telemetry notifications appear at first sign in and when changes occur in Settings.
+
+- If you set this policy setting to "Disable telemetry change notifications", telemetry level notifications stop appearing.
+- If you set this policy setting to "Enable telemetry change notifications" or don't configure this policy setting, telemetry notifications appear at first sign in and when changes occur in Settings.
@@ -948,11 +972,13 @@ The following list shows the supported values:
**System/ConfigureTelemetryOptInSettingsUx**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1001,11 +1027,13 @@ The following list shows the supported values:
**System/DisableDeviceDelete**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1023,8 +1051,9 @@ The following list shows the supported values:
This policy setting controls whether the Delete diagnostic data button is enabled in Diagnostic & Feedback Settings page.
-If you enable this policy setting, the Delete diagnostic data button will be disabled in Settings page, preventing the deletion of diagnostic data collected by Microsoft from the device.
-If you disable or don't configure this policy setting, the Delete diagnostic data button will be enabled in Settings page, which allows people to erase all diagnostic data collected by Microsoft from that device.
+
+- If you enable this policy setting, the Delete diagnostic data button will be disabled in Settings page, preventing the deletion of diagnostic data collected by Microsoft from the device.
+- If you disable or don't configure this policy setting, the Delete diagnostic data button will be enabled in Settings page, which allows people to erase all diagnostic data collected by Microsoft from that device.
@@ -1053,11 +1082,13 @@ ADMX Info:
**System/DisableDiagnosticDataViewer**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1075,8 +1106,9 @@ ADMX Info:
This policy setting controls whether users can enable and launch the Diagnostic Data Viewer from the Diagnostic & Feedback Settings page.
-If you enable this policy setting, the Diagnostic Data Viewer won't be enabled in Settings page, and it will prevent the viewer from showing diagnostic data collected by Microsoft from the device.
-If you disable or don't configure this policy setting, the Diagnostic Data Viewer will be enabled in Settings page.
+
+- If you enable this policy setting, the Diagnostic Data Viewer won't be enabled in Settings page, and it will prevent the viewer from showing diagnostic data collected by Microsoft from the device.
+- If you disable or don't configure this policy setting, the Diagnostic Data Viewer will be enabled in Settings page.
@@ -1105,11 +1137,13 @@ ADMX Info:
**System/DisableEnterpriseAuthProxy**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1126,7 +1160,7 @@ ADMX Info:
-This policy setting blocks the Connected User Experience and Telemetry service from automatically using an authenticated proxy to send data back to Microsoft on Windows 10. If you disable or don't configure this policy setting, the Connected User Experience and Telemetry service will automatically use an authenticated proxy to send data back to Microsoft. Enabling this policy will block the Connected User Experience and Telemetry service from automatically using an authenticated proxy.
+This policy setting blocks the Connected User Experience and Telemetry service from automatically using an authenticated proxy, to send data back to Microsoft on Windows 10. If you disable or don't configure this policy setting, the Connected User Experience and Telemetry service will automatically use an authenticated proxy, to send data back to Microsoft. Enabling this policy will block the Connected User Experience and Telemetry service from automatically using an authenticated proxy.
@@ -1146,11 +1180,13 @@ ADMX Info:
**System/DisableOneDriveFileSync**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1209,11 +1245,13 @@ To validate on Desktop, do the following steps:
**System/DisableSystemRestore**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1236,19 +1274,19 @@ This policy setting allows you to turn off System Restore.
System Restore enables users, in case of a problem, to restore their computers to a previous state without losing personal data files. By default, System Restore is turned on for the boot volume.
-If you enable this policy setting, System Restore is turned off, and the System Restore Wizard can't be accessed. The option to configure System Restore or create a restore point through System Protection is also disabled.
+If you enable this policy setting, System Restore is turned off, then System Restore Wizard can't be accessed. The option to configure System Restore or create a restore point through System Protection is also disabled.
-If you disable or don't configure this policy setting, users can perform System Restore and configure System Restore settings through System Protection.
+If you disable or don't configure this policy setting, users can perform System Restore, and configure System Restore settings through System Protection.
Also, see the "Turn off System Restore configuration" policy setting. If the "Turn off System Restore" policy setting is disabled or not configured, the "Turn off System Restore configuration" policy setting is used to determine whether the option to configure System Restore is available.
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1266,11 +1304,13 @@ ADMX Info:
**System/FeedbackHubAlwaysSaveDiagnosticsLocally**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1305,11 +1345,13 @@ The following list shows the supported values:
**System/LimitDiagnosticLogCollection**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1326,7 +1368,7 @@ The following list shows the supported values:
-This policy setting specifies whether diagnostic log data can be collected when more information is needed to troubleshoot a problem. It's sent only if we have permission to collect optional diagnostic data, and only if the device meets the criteria for more data collection.
+This policy setting specifies whether diagnostic log data can be collected when more information is needed to troubleshoot a problem. It's sent only if we have permission to collect optional diagnostic data, and only if the device meets the criteria for more data collection.
If you disable or don't configure this policy setting, we may occasionally collect advanced diagnostic data if the user has opted to send optional diagnostic data.
@@ -1354,11 +1396,13 @@ The following list shows the supported values:
**System/LimitDumpCollection**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1375,7 +1419,7 @@ The following list shows the supported values:
-This policy setting limits the type of dumps that can be collected when more information is needed to troubleshoot a problem. These dumps aren't sent unless we have permission to collect optional diagnostic data.
+This policy setting limits the type of dumps that can be collected when more information is needed to troubleshoot a problem. These dumps aren't sent unless we have permission to collect optional diagnostic data.
With this policy setting being enabled, Windows Error Reporting is limited to sending kernel mini dumps and user mode triage dumps only.
@@ -1404,11 +1448,13 @@ The following list shows the supported values:
**System/LimitEnhancedDiagnosticDataWindowsAnalytics**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1438,9 +1484,8 @@ To enable this behavior, you must complete two steps:
> [!NOTE]
> **Enhanced** is no longer an option for Windows Holographic, version 21H1.
- - For Windows 10 version 19H1 and later: set **AllowTelemetry** to Optional (Full)
+ - For Windows 10 version 19H1 and later: set **AllowTelemetry** to Optional (Full).
-
When you configure these policy settings, a basic level of diagnostic data plus other events that are required for Windows Analytics are sent to Microsoft. These events are documented here: Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics.
Enabling enhanced diagnostic data in the Allow Telemetry policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus enhanced level telemetry data. This setting has no effect on computers configured to send Required (Basic) or Optional (Full) diagnostic data to Microsoft.
@@ -1465,11 +1510,13 @@ ADMX Info:
**System/TelemetryProxy**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1508,11 +1555,13 @@ ADMX Info:
**System/TurnOffFileHistory**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1560,3 +1609,7 @@ The following list shows the supported values:
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-systemservices.md b/windows/client-management/mdm/policy-csp-systemservices.md
index c979583ff0..7ecb2141a8 100644
--- a/windows/client-management/mdm/policy-csp-systemservices.md
+++ b/windows/client-management/mdm/policy-csp-systemservices.md
@@ -14,8 +14,6 @@ manager: dansimp
# Policy CSP - SystemServices
-
-
@@ -49,11 +47,13 @@ manager: dansimp
**SystemServices/ConfigureHomeGroupListenerServiceStartupMode**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -71,7 +71,9 @@ manager: dansimp
-This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
+This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4).
+
+Default: Manual.
@@ -88,11 +90,13 @@ GP Info:
**SystemServices/ConfigureHomeGroupProviderServiceStartupMode**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -110,7 +114,9 @@ GP Info:
-This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
+This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4).
+
+Default: Manual.
@@ -127,11 +133,13 @@ GP Info:
**SystemServices/ConfigureXboxAccessoryManagementServiceStartupMode**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -149,7 +157,9 @@ GP Info:
-This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
+This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4).
+
+Default: Manual.
@@ -166,11 +176,13 @@ GP Info:
**SystemServices/ConfigureXboxLiveAuthManagerServiceStartupMode**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -188,7 +200,9 @@ GP Info:
-This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
+This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4).
+
+Default: Manual.
@@ -205,11 +219,13 @@ GP Info:
**SystemServices/ConfigureXboxLiveGameSaveServiceStartupMode**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -227,7 +243,9 @@ GP Info:
-This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
+This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4).
+
+Default: Manual.
@@ -244,11 +262,13 @@ GP Info:
**SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -266,7 +286,9 @@ GP Info:
-This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
+This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4).
+
+Default: Manual.
@@ -281,3 +303,6 @@ GP Info:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-taskmanager.md b/windows/client-management/mdm/policy-csp-taskmanager.md
index 1cae440c6c..123b672f38 100644
--- a/windows/client-management/mdm/policy-csp-taskmanager.md
+++ b/windows/client-management/mdm/policy-csp-taskmanager.md
@@ -14,7 +14,6 @@ manager: dansimp
# Policy CSP - TaskManager
-
@@ -26,18 +25,19 @@ manager: dansimp
-
**TaskManager/AllowEndTask**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -57,9 +57,11 @@ manager: dansimp
This setting determines whether non-administrators can use Task Manager to end tasks.
-Value type is integer. Supported values:
+Supported value type is integer.
+
+Supported values:
- 0 - Disabled. EndTask functionality is blocked in TaskManager.
-- 1 - Enabled (default). Users can perform EndTask in TaskManager.
+- 1 - Enabled (default). Users can perform EndTask in TaskManager.
@@ -70,13 +72,15 @@ Value type is integer. Supported values:
**Validation procedure:**
-When this policy is set to 1 - users CAN execute 'End task' on processes in TaskManager
-When the policy is set to 0 - users CANNOT execute 'End task' on processes in TaskManager
+- When this policy is set to 1 - users CAN execute 'End task' on processes in TaskManager.
+- When the policy is set to 0 - users CANNOT execute 'End task' on processes in TaskManager.
-
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-taskscheduler.md b/windows/client-management/mdm/policy-csp-taskscheduler.md
index 983bd29762..841d5e8f3e 100644
--- a/windows/client-management/mdm/policy-csp-taskscheduler.md
+++ b/windows/client-management/mdm/policy-csp-taskscheduler.md
@@ -14,8 +14,6 @@ manager: dansimp
# Policy CSP - TaskScheduler
-
-
@@ -34,11 +32,13 @@ manager: dansimp
**TaskScheduler/EnableXboxGameSaveTask**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -64,3 +64,6 @@ This setting determines whether the specific task is enabled (1) or disabled (0)
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md
index f65160e893..0d6692ed2c 100644
--- a/windows/client-management/mdm/policy-csp-textinput.md
+++ b/windows/client-management/mdm/policy-csp-textinput.md
@@ -14,8 +14,6 @@ manager: dansimp
# Policy CSP - TextInput
-
-
@@ -137,11 +135,13 @@ Placeholder only. Do not use in production environment.
**TextInput/AllowIMELogging**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -162,8 +162,7 @@ Placeholder only. Do not use in production environment.
> [!NOTE]
> The policy is only enforced in Windows 10 for desktop.
-
-Allows the user to turn on and off the logging for incorrect conversion and saving auto-tuning result to a file and history-based predictive input.
+Allows the user to turn on and off the logging for incorrect conversion, and saving auto-tuning result to a file and history-based predictive input.
Most restricted value is 0.
@@ -171,8 +170,8 @@ Most restricted value is 0.
The following list shows the supported values:
-- 0 – Not allowed.
-- 1 (default) – Allowed.
+- 0 – Not allowed.
+- 1 (default) – Allowed.
@@ -183,11 +182,13 @@ The following list shows the supported values:
**TextInput/AllowIMENetworkAccess**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -227,11 +228,13 @@ The following list shows the supported values:
**TextInput/AllowInputPanel**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -252,7 +255,6 @@ The following list shows the supported values:
> [!NOTE]
> The policy is only enforced in Windows 10 for desktop.
-
Allows the IT admin to disable the touch/handwriting keyboard on Windows.
Most restricted value is 0.
@@ -273,11 +275,13 @@ The following list shows the supported values:
**TextInput/AllowJapaneseIMESurrogatePairCharacters**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -298,10 +302,8 @@ The following list shows the supported values:
> [!NOTE]
> The policy is only enforced in Windows 10 for desktop.
-
Allows the Japanese IME surrogate pair characters.
-
Most restricted value is 0.
@@ -320,11 +322,13 @@ The following list shows the supported values:
**TextInput/AllowJapaneseIVSCharacters**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -345,7 +349,6 @@ The following list shows the supported values:
> [!NOTE]
> The policy is only enforced in Windows 10 for desktop.
-
Allows Japanese Ideographic Variation Sequence (IVS) characters.
Most restricted value is 0.
@@ -366,11 +369,13 @@ The following list shows the supported values:
**TextInput/AllowJapaneseNonPublishingStandardGlyph**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -391,7 +396,6 @@ The following list shows the supported values:
> [!NOTE]
> The policy is only enforced in Windows 10 for desktop.
-
Allows the Japanese non-publishing standard glyph.
Most restricted value is 0.
@@ -412,11 +416,13 @@ The following list shows the supported values:
**TextInput/AllowJapaneseUserDictionary**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -437,7 +443,6 @@ The following list shows the supported values:
> [!NOTE]
> The policy is only enforced in Windows 10 for desktop.
-
Allows the Japanese user dictionary.
Most restricted value is 0.
@@ -458,11 +463,13 @@ The following list shows the supported values:
**TextInput/AllowKeyboardTextSuggestions**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -524,11 +531,13 @@ This policy has been deprecated.
**TextInput/AllowLanguageFeaturesUninstall**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -549,8 +558,7 @@ This policy has been deprecated.
> [!NOTE]
> The policy is only enforced in Windows 10 for desktop.
-
-Allows the uninstall of language features, such as spell checkers, on a device.
+Allows the uninstall of language features, such as spell checkers on a device.
Most restricted value is 0.
@@ -578,11 +586,13 @@ The following list shows the supported values:
**TextInput/AllowLinguisticDataCollection**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -623,11 +633,13 @@ This setting supports a range of values between 0 and 1.
**TextInput/AllowTextInputSuggestionUpdate**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -668,11 +680,13 @@ The following list shows the supported values:
**TextInput/ConfigureJapaneseIMEVersion**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -713,11 +727,13 @@ The following list shows the supported values:
**TextInput/ConfigureSimplifiedChineseIMEVersion**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -758,11 +774,13 @@ The following list shows the supported values:
**TextInput/ConfigureTraditionalChineseIMEVersion**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -783,6 +801,7 @@ The following list shows the supported values:
> [!NOTE]
> - This policy is enforced only in Windows 10 for desktop.
> - This policy requires reboot to take effect.
+
Allows IT admins to configure Microsoft Traditional Chinese IME version in the desktop.
@@ -802,11 +821,13 @@ The following list shows the supported values:
**TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -848,11 +869,13 @@ The following list shows the supported values:
**TextInput/ExcludeJapaneseIMEExceptJIS0208**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -873,7 +896,6 @@ The following list shows the supported values:
> [!NOTE]
> The policy is only enforced in Windows 10 for desktop.
-
Allows the users to restrict character code range of conversion by setting the character filter.
@@ -892,11 +914,13 @@ The following list shows the supported values:
**TextInput/ExcludeJapaneseIMEExceptJIS0208andEUDC**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -917,7 +941,6 @@ The following list shows the supported values:
> [!NOTE]
> The policy is only enforced in Windows 10 for desktop.
-
Allows the users to restrict character code range of conversion by setting the character filter.
@@ -936,11 +959,13 @@ The following list shows the supported values:
**TextInput/ExcludeJapaneseIMEExceptShiftJIS**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -961,7 +986,6 @@ The following list shows the supported values:
> [!NOTE]
> The policy is only enforced in Windows 10 for desktop.
-
Allows the users to restrict character code range of conversion by setting the character filter.
@@ -980,11 +1004,13 @@ The following list shows the supported values:
**TextInput/ForceTouchKeyboardDockedState**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1021,11 +1047,13 @@ The following list shows the supported values:
**TextInput/TouchKeyboardDictationButtonAvailability**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1062,11 +1090,13 @@ The following list shows the supported values:
**TextInput/TouchKeyboardEmojiButtonAvailability**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1103,11 +1133,13 @@ The following list shows the supported values:
**TextInput/TouchKeyboardFullModeAvailability**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1131,7 +1163,7 @@ Specifies whether the full keyboard mode is enabled or disabled for the touch ke
The following list shows the supported values:
-- 0 (default) - The OS determines when it's most appropriate to be available.
+- 0 (default) - The OS determines, when it's most appropriate to be available.
- 1 - Full keyboard is always available.
- 2 - Full keyboard is always disabled.
@@ -1144,11 +1176,13 @@ The following list shows the supported values:
**TextInput/TouchKeyboardHandwritingModeAvailability**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1172,7 +1206,7 @@ Specifies whether the handwriting input panel is enabled or disabled. When this
The following list shows the supported values:
-- 0 (default) - The OS determines when it's most appropriate to be available.
+- 0 (default) - The OS determines, when it's most appropriate to be available.
- 1 - Handwriting input panel is always available.
- 2 - Handwriting input panel is always disabled.
@@ -1185,11 +1219,13 @@ The following list shows the supported values:
**TextInput/TouchKeyboardNarrowModeAvailability**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1213,7 +1249,7 @@ Specifies whether the narrow keyboard mode is enabled or disabled for the touch
The following list shows the supported values:
-- 0 (default) - The OS determines when it's most appropriate to be available.
+- 0 (default) - The OS determines, when it's most appropriate to be available.
- 1 - Narrow keyboard is always available.
- 2 - Narrow keyboard is always disabled.
@@ -1226,11 +1262,13 @@ The following list shows the supported values:
**TextInput/TouchKeyboardSplitModeAvailability**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1254,7 +1292,7 @@ Specifies whether the split keyboard mode is enabled or disabled for the touch k
The following list shows the supported values:
-- 0 (default) - The OS determines when it's most appropriate to be available.
+- 0 (default) - The OS determines, when it's most appropriate to be available.
- 1 - Split keyboard is always available.
- 2 - Split keyboard is always disabled.
@@ -1267,11 +1305,13 @@ The following list shows the supported values:
**TextInput/TouchKeyboardWideModeAvailability**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1295,7 +1335,7 @@ Specifies whether the wide keyboard mode is enabled or disabled for the touch ke
The following list shows the supported values:
-- 0 (default) - The OS determines when it's most appropriate to be available.
+- 0 (default) - The OS determines, when it's most appropriate to be available.
- 1 - Wide keyboard is always available.
- 2 - Wide keyboard is always disabled.
@@ -1305,3 +1345,6 @@ The following list shows the supported values:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-timelanguagesettings.md b/windows/client-management/mdm/policy-csp-timelanguagesettings.md
index 09a8420d64..a580e736f3 100644
--- a/windows/client-management/mdm/policy-csp-timelanguagesettings.md
+++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md
@@ -14,8 +14,6 @@ manager: dansimp
# Policy CSP - TimeLanguageSettings
-
-
@@ -43,11 +41,13 @@ manager: dansimp
**TimeLanguageSettings/BlockCleanupOfUnusedPreinstalledLangPacks**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -97,11 +97,13 @@ ADMX Info:
**TimeLanguageSettings/ConfigureTimeZone**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -141,11 +143,13 @@ Specifies the time zone to be applied to the device. This policy name is the sta
**TimeLanguageSettings/MachineUILanguageOverwrite**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -195,11 +199,13 @@ ADMX Info:
**TimeLanguageSettings/RestrictLanguagePacksAndFeaturesInstall**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -237,3 +243,6 @@ If you disable or don't configure this policy setting, there's no language featu
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-troubleshooting.md b/windows/client-management/mdm/policy-csp-troubleshooting.md
index b19352d765..d588058db0 100644
--- a/windows/client-management/mdm/policy-csp-troubleshooting.md
+++ b/windows/client-management/mdm/policy-csp-troubleshooting.md
@@ -12,8 +12,6 @@ ms.date: 09/27/2019
# Policy CSP - Troubleshooting
-
-
@@ -32,11 +30,13 @@ ms.date: 09/27/2019
**Troubleshooting/AllowRecommendations**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -54,7 +54,7 @@ ms.date: 09/27/2019
-This policy setting allows IT admins to configure how to apply recommended troubleshooting for known problems on the devices in their domains or IT environments.
+This policy setting allows IT admins to configure, how to apply recommended troubleshooting for known problems on the devices in their domains or IT environments.
@@ -98,3 +98,6 @@ By default, this policy isn't configured and the SKU based defaults are used for
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index fbc41ad17a..4c9d94d790 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -241,11 +241,13 @@ ms.collection: highpri
**Update/ActiveHoursEnd**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -263,10 +265,10 @@ ms.collection: highpri
-Allows the IT admin (when used with **Update/ActiveHoursStart**) to manage a range of active hours where update reboots aren't scheduled. This value sets the end time. there's a 12-hour maximum from start time.
+Allows the IT admin (when used with **Update/ActiveHoursStart**) to manage a range of active hours where update reboots aren't scheduled. This value sets the end time. There's a 12-hour maximum from start time.
> [!NOTE]
-> The default maximum difference from start time has been increased to 18 in Windows 10, version 1703. In this version of Windows 10, the maximum range of active hours can now be configured. See **Update/ActiveHoursMaxRange** below for more information.
+> The default maximum difference from start time has been increased to 18 in Windows 10, version 1703. In this version of Windows 10, the maximum range of active hours can now be configured. See **Update/ActiveHoursMaxRange** below for more information.
Supported values are 0-23, where 0 is 12 AM, 1 is 1 AM, etc.
@@ -290,11 +292,13 @@ ADMX Info:
**Update/ActiveHoursMaxRange**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -336,11 +340,13 @@ ADMX Info:
**Update/ActiveHoursStart**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -361,7 +367,7 @@ ADMX Info:
Allows the IT admin (when used with **Update/ActiveHoursEnd**) to manage a range of hours where update reboots aren't scheduled. This value sets the start time. There's a 12-hour maximum from end time.
> [!NOTE]
-> The default maximum difference from end time has been increased to 18 in Windows 10, version 1703. In this version of Windows 10, the maximum range of active hours can now be configured. See **Update/ActiveHoursMaxRange** above for more information.
+> The default maximum difference from end time has been increased to 18 in Windows 10, version 1703. In this version of Windows 10, the maximum range of active hours can now be configured. See **Update/ActiveHoursMaxRange** above for more information.
Supported values are 0-23, where 0 is 12 AM, 1 is 1 AM, etc.
@@ -385,11 +391,13 @@ ADMX Info:
**Update/AllowAutoUpdate**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -411,7 +419,7 @@ Enables the IT admin to manage automatic update behavior to scan, download, and
Supported operations are Get and Replace.
-If the policy isn't configured, end-users get the default behavior (Auto install and restart).
+If the policy isn't configured, end-users get the default behavior (Auto download and install).
@@ -426,18 +434,17 @@ ADMX Info:
The following list shows the supported values:
-- 0 - Notify the user before downloading the update. This policy is used by the enterprise who wants to enable the end users to manage data usage. With these option users are notified when there are updates that apply to the device and are ready for download. Users can download and install the updates from the Windows Update control panel.
-- 1 - Auto install the update and then notify the user to schedule a device restart. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device isn't in use and isn't running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates immediately. If the installation requires a restart, the end user is prompted to schedule the restart time. The end user has up to seven days to schedule the restart and after that, a restart of the device is forced. Enabling the end user to control the start time reduces the risk of accidental data loss caused by applications that don't shut down properly on restart. For more information, see [Automatic maintenance](/windows/win32/taskschd/task-maintenence).
-- 2 (default) - Auto install and restart. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device isn't in use and isn't running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device isn't actively being used. Automatic restarting when a device isn't being used is the default behavior for unmanaged devices. Devices are updated quickly, but it increases the risk of accidental data loss caused by an application that doesn't shut down properly on restart. For more information, see [Automatic maintenance](/windows/win32/taskschd/task-maintenence).
-- 3 - Auto install and restart at a specified time. The IT specifies the installation day and time. If no day and time are specified, the default is 3 AM daily. Automatic installation happens at this time and device restart happens after a 15-minute countdown. If the user is logged in when Windows is ready to restart, the user can interrupt the 15-minute countdown to delay the restart.
-- 4 - Auto install and restart without end-user control. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device isn't in use and isn't running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device isn't actively being used. This setting option also sets the end-user control panel to read-only.
-- 5 - Turn off automatic updates.
-
+- 0: Notify the user before downloading the update. This policy is used by the enterprise who wants to enable the end users to manage data usage. With this option, users are notified when there are updates that apply to the device and are ready for download. Users can download and install the updates from the Windows Update control panel.
+- 1: Auto install the update and then notify the user to schedule a device restart. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device isn't in use and isn't running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates immediately. If the installation requires a restart, the end user is prompted to schedule the restart. The end user has up to seven days to schedule the restart and after that, a restart of the device is forced. Enabling the end user to control the start time reduces the risk of accidental data loss caused by applications that don't shut down properly on restart. For more information, see [Automatic maintenance](/windows/win32/taskschd/task-maintenence).
+- 2: Auto install and restart. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device isn't in use and isn't running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update installs updates right away. If a restart is required, then the device is automatically restarted when the device isn't actively being used. This behavior is the default for unmanaged devices. Devices are updated quickly, but it increases the risk of accidental data loss caused by an application that doesn't shut down properly on restart. For more information, see [Automatic maintenance](/windows/win32/taskschd/task-maintenence).
+- 3: Auto install and restart at a specified time. You specify the installation day and time. If no day and time is specified, the default is 3 AM daily. Automatic installation happens at this time and device restart happens after a 15-minute countdown. If the user is signed in when Windows is ready to restart, the user can interrupt the 15-minute countdown to delay the restart.
+- 4: Auto install and restart at a specified time. You specify the installation day and time. If no day and time is specified, the default is 3 AM daily. Automatic installation happens at this time and device restart happens after a 15-minute countdown. If the user is signed in when Windows is ready to restart, the user can interrupt the 15-minute countdown to delay the restart. This option is the same as `3`, but restricts end user controls on the settings page.
+- 5: Turn off automatic updates.
+- 6 (default): Updates automatically download and install at an optimal time determined by the device. Restart occurs outside of active hours until the deadline is reached, if configured.
> [!IMPORTANT]
> This option should be used only for systems under regulatory compliance, as you won't get security updates as well.
-
@@ -447,11 +454,13 @@ The following list shows the supported values:
**Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -469,7 +478,7 @@ The following list shows the supported values:
-Option to download updates automatically over metered connections (off by default). Value type is integer.
+Option to download updates automatically over metered connections (off by default). The supported value type is integer.
A significant number of devices primarily use cellular data and don't have Wi-Fi access, which leads to a lower number of devices getting updates. Since a large number of devices have large data plans or unlimited data, this policy can unblock devices from getting updates.
@@ -499,11 +508,13 @@ The following list shows the supported values:
**Update/AllowMUUpdateService**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -556,11 +567,13 @@ $MUSM.RemoveService("7971f918-a847-4430-9279-4a52d1efe18d")
**Update/AllowNonMicrosoftSignedUpdate**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -582,7 +595,7 @@ Allows the IT admin to manage whether Automatic Updates accepts updates signed b
Supported operations are Get and Replace.
-This policy is specific to desktop and local publishing via WSUS for third-party updates (binaries and updates not hosted on Microsoft Update) and allows IT to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found on an intranet Microsoft update service location.
+This policy is specific to desktop and local publishing via WSUS for third-party updates (binaries and updates not hosted on Microsoft Update). This policy allows IT to manage whether Automatic Updates accepts updates signed by entities other than Microsoft, when the update is found on an intranet Microsoft update service location.
@@ -600,11 +613,13 @@ The following list shows the supported values:
**Update/AllowUpdateService**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -624,7 +639,7 @@ The following list shows the supported values:
Specifies whether the device could use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft Store.
-Even when Windows Update is configured to receive updates from an intranet update service, it will periodically retrieve information from the public Windows Update service to enable future connections to Windows Update, and other services like Microsoft Update or the Microsoft Store
+Even when Windows Update is configured to receive updates from an intranet update service. It will periodically retrieve information from the public Windows Update service to enable future connections to Windows Update, and other services like Microsoft Update or the Microsoft Store.
Enabling this policy will disable that functionality, and may cause connection to public services such as the Microsoft Store to stop working.
@@ -655,11 +670,13 @@ The following list shows the supported values:
**Update/AutoRestartDeadlinePeriodInDays**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -679,9 +696,9 @@ The following list shows the supported values:
For Quality Updates, this policy specifies the deadline in days before automatically executing a scheduled restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart is scheduled.
-The system will reboot on or after the specified deadline. The reboot is prioritized over any configured Active Hours and any existing system and user busy checks.
+The system will reboot on or after the specified deadline. The reboot is prioritized over any configured Active Hours and any existing system, and user busy checks.
-Value type is integer. Default is seven days.
+Supported value type is integer. Default is seven days.
Supported values range: 2-30.
@@ -692,7 +709,8 @@ If you enable this policy, a restart will automatically occur the specified numb
If you disable or don't configure this policy, the PC will restart according to the default schedule.
If any of the following two policies are enabled, this policy has no effect:
-1. No autorestart with signed-in users for scheduled automatic updates installations.
+
+1. No autorestart with signed-in users for the scheduled automatic updates installations.
2. Always automatically restart at scheduled time.
@@ -713,11 +731,13 @@ ADMX Info:
**Update/AutoRestartDeadlinePeriodInDaysForFeatureUpdates**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -737,9 +757,9 @@ ADMX Info:
For Feature Updates, this policy specifies the deadline in days before automatically executing a scheduled restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart is scheduled.
-The system will reboot on or after the specified deadline. The reboot is prioritized over any configured Active Hours and any existing system and user busy checks.
+The system will reboot on or after the specified deadline. The reboot is prioritized over any configured Active Hours and any existing system, and user busy checks.
-Value type is integer. Default is 7 days.
+Supported value type is integer. Default is 7 days.
Supported values range: 2-30.
@@ -750,7 +770,8 @@ If you enable this policy, a restart will automatically occur the specified numb
If you disable or don't configure this policy, the PC will restart according to the default schedule.
If any of the following two policies are enabled, this policy has no effect:
-1. No autorestart with logged on users for scheduled automatic updates installations.
+
+1. No autorestart with logged on users for the scheduled automatic updates installations.
2. Always automatically restart at scheduled time.
@@ -771,11 +792,13 @@ ADMX Info:
**Update/AutoRestartNotificationSchedule**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -819,11 +842,13 @@ Supported values are 15, 30, 60, 120, and 240 (minutes).
**Update/AutoRestartRequiredNotificationDismissal**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -868,11 +893,13 @@ The following list shows the supported values:
**Update/AutomaticMaintenanceWakeUp**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -898,6 +925,7 @@ This policy setting allows you to configure if Automatic Maintenance should make
If you enable this policy setting, Automatic Maintenance attempts to set OS wake policy and make a wake request for the daily scheduled time, if necessary.
If you disable or don't configure this policy setting, the wake setting as specified in Security and Maintenance/Automatic Maintenance Control Panel applies.
+
ADMX Info:
@@ -926,11 +954,13 @@ Supported values:
**Update/BranchReadinessLevel**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -966,7 +996,7 @@ The following list shows the supported values:
- 2 {0x2} - Windows Insider build - Fast (added in Windows 10, version 1709)
- 4 {0x4} - Windows Insider build - Slow (added in Windows 10, version 1709)
- 8 {0x8} - Release Windows Insider build (added in Windows 10, version 1709)
-- 16 {0x10} - (default) General Availability Channel (Targeted). Device gets all applicable feature updates from General Availability Channel (Targeted).
+- 16 {0x10} - (default) General Availability Channel (Targeted). Device gets all applicable feature updates from General Availability Channel (Targeted)
- 32 {0x20} - General Availability Channel. Device gets feature updates from General Availability Channel. (*Only applicable to releases prior to 1903, for all releases 1903 and after the General Availability Channel and General Availability Channel (Targeted) into a single General Availability Channel with a value of 16)
@@ -978,11 +1008,13 @@ The following list shows the supported values:
**Update/ConfigureDeadlineForFeatureUpdates**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1030,11 +1062,13 @@ Default value is 7.
**Update/ConfigureDeadlineForQualityUpdates**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1082,11 +1116,13 @@ Default value is 7.
**Update/ConfigureDeadlineGracePeriod**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1104,7 +1140,7 @@ Default value is 7.
-When used with [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates),allows the admin to specify a minimum number of days until restarts occur automatically for quality updates. Setting the grace period might extend the effective deadline set by the deadline policy. If [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates) is configured but this policy isn't, then the default value of 2 will be used.
+When used with [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates) allows the admin to specify a minimum number of days until restarts occur automatically for quality updates. Setting the grace period might extend the effective deadline set by the deadline policy. If [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates) is configured but this policy isn't, then the default value of 2 will be used.
@@ -1117,7 +1153,7 @@ ADMX Info:
-Supports a numeric value from 0-7, which indicates the minimum number of days a device will wait before it restarts automatically after installing a required quality update.
+Supports a numeric value from 0-7, which indicates the minimum number of days a device will wait before it restarts automatically, after installing a required quality update.
Default value is 2.
@@ -1135,11 +1171,13 @@ Default value is 2.
**Update/ConfigureDeadlineGracePeriodForFeatureUpdates**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1158,7 +1196,7 @@ Default value is 2.
-When used with [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates), allows the admin to specify a minimum number of days until restarts occur automatically for feature updates. Setting the grace period may extend the effective deadline set by the deadline policy. If [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates) is configured but this policy isn't, then the value from [Update/ConfigureDeadlineGracePeriod](#update-configuredeadlinegraceperiod) will be used; if that policy is also not configured, then the default value of 2 will be used.
+When used with [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates) allows the admin to specify a minimum number of days until restarts occur automatically for feature updates. Setting the grace period may extend the effective deadline set by the deadline policy. If [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates) is configured but this policy isn't, then the value from [Update/ConfigureDeadlineGracePeriod](#update-configuredeadlinegraceperiod) will be used; if that policy is also not configured, then the default value of 2 will be used.
@@ -1171,7 +1209,7 @@ ADMX Info:
-Supports a numeric value from 0-7, which indicates the minimum number of days a device will wait before it restarts automatically after installing a required feature update.
+Supports a numeric value from 0-7, which indicates the minimum number of days a device will wait before it restarts automatically, after installing a required feature update.
Default value is 2.
@@ -1189,11 +1227,13 @@ Default value is 2.
**Update/ConfigureDeadlineNoAutoReboot**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1245,11 +1285,13 @@ Supported values:
**Update/ConfigureFeatureUpdateUninstallPeriod**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1267,7 +1309,11 @@ Supported values:
-Enable IT admin to configure feature update uninstall period. Values range 2 - 60 days. Default is 10 days.
+Enable IT admin to configure feature update uninstall period.
+
+Values range 2 - 60 days.
+
+Default is 10 days.
@@ -1278,11 +1324,13 @@ Enable IT admin to configure feature update uninstall period. Values range 2 - 6
**Update/DeferFeatureUpdatesPeriodInDays**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1326,11 +1374,13 @@ ADMX Info:
**Update/DeferQualityUpdatesPeriodInDays**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1370,11 +1420,13 @@ ADMX Info:
**Update/DeferUpdatePeriod**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1395,7 +1447,6 @@ ADMX Info:
> [!NOTE]
> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use DeferUpdatePeriod for Windows 10, version 1511 devices.
-
Allows IT Admins to specify update delays for up to four weeks.
Supported values are 0-4, which refers to the number of weeks to defer updates.
@@ -1448,11 +1499,13 @@ ADMX Info:
**Update/DeferUpgradePeriod**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1473,7 +1526,6 @@ ADMX Info:
> [!NOTE]
> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use DeferUpgradePeriod for Windows 10, version 1511 devices.
-
Allows IT Admins to specify other upgrade delays for up to eight months.
Supported values are 0-8, which refers to the number of months to defer upgrades.
@@ -1498,11 +1550,13 @@ ADMX Info:
**Update/DetectionFrequency**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1540,11 +1594,13 @@ ADMX Info:
**Update/DisableDualScan**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1562,13 +1618,14 @@ ADMX Info:
-Don't allow update deferral policies to cause scans against Windows Update. If this policy isn't enabled, then configuring deferral policies will result in the client unexpectedly scanning Windows update. With the policy enabled, those scans are prevented, and users can configure deferral policies as much as they like.
+Don't allow update deferral policies to cause scans against Windows Update. If this policy isn't enabled, then configuring deferral policies will result in the client unexpectedly scanning Windows update. With the policy enabled, those scans are prevented, and users can configure deferral policies as much as they like.
For more information about dual scan, see [Demystifying "Dual Scan"](/archive/blogs/wsus/demystifying-dual-scan) and [Improving Dual Scan on 1607](/archive/blogs/wsus/improving-dual-scan-on-1607).
This setting is the same as the Group Policy in **Windows Components** > **Windows Update**: "Do not allow update deferral policies to cause scans against Windows Update."
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -1594,11 +1651,13 @@ The following list shows the supported values:
**Update/DisableWUfBSafeguards**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1629,7 +1688,7 @@ IT admins can, if necessary, opt devices out of safeguard protections using this
>
> The disable safeguards policy will revert to "Not Configured" on a device after moving to a new Windows 10 version, even if previously enabled. This ensures the admin is consciously disabling Microsoft's default protection from known issues for each new feature update.
>
-> Disabling safeguards doesn't guarantee your device will be able to successfully update. The update may still fail on the device and will likely result in a bad experience post upgrade as you're bypassing the protection given by Microsoft pertaining to known issues.
+> Disabling safeguards doesn't guarantee your device will be able to successfully update. The update may still fail on the device and will likely result in a bad experience post upgrade, as you're bypassing the protection given by Microsoft pertaining to known issues.
@@ -1655,11 +1714,13 @@ The following list shows the supported values:
**Update/DoNotEnforceEnterpriseTLSCertPinningForUpdateDetection**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1693,8 +1754,8 @@ ADMX Info:
The following list shows the supported values:
-- 0 (default) - Enforce certificate pinning
-- 1 - Don't enforce certificate pinning
+- 0 (default) - Enforce certificate pinning.
+- 1 - Don't enforce certificate pinning.
@@ -1705,11 +1766,13 @@ The following list shows the supported values:
**Update/EngagedRestartDeadline**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1729,23 +1792,25 @@ The following list shows the supported values:
For Quality Updates, this policy specifies the deadline in days before automatically scheduling and executing a pending restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Autorestart to Engaged restart (pending user schedule) to be executed automatically, within the specified period.
-The system will reboot on or after the specified deadline. The reboot is prioritized over any configured Active Hours and any existing system and user busy checks.
+The system will reboot on or after the specified deadline. The reboot is prioritized over any configured Active Hours and any existing system, and user busy checks.
> [!NOTE]
> If Update/EngagedDeadline is the only policy set (Update/EngagedRestartTransitionSchedule and Update/EngagedRestartSnoozeSchedule aren't set), the behavior goes from reboot required -> engaged behavior -> forced reboot after deadline is reached with a 3-day snooze period.
-Value type is integer. Default is 14.
+Supporting value type is integer.
+
+Default is 14.
Supported value range: 2 - 30.
-If no deadline is specified or deadline is set to 0, the restart won't be automatically executed and will remain Engaged restart (for example, pending user scheduling).
+If no deadline is specified or deadline is set to 0, the restart won't be automatically executed, and will remain Engaged restart (for example, pending user scheduling).
If you disable or don't configure this policy, the default behaviors will be used.
If any of the following policies are configured, this policy has no effect:
-1. No autorestart with logged on users for scheduled automatic updates installations
-2. Always automatically restart at scheduled time
-3. Specify deadline before autorestart for update installation
+1. No autorestart with logged on users for scheduled automatic updates installations.
+2. Always automatically restart at scheduled time.
+3. Specify deadline before autorestart for update installation.
@@ -1765,11 +1830,13 @@ ADMX Info:
**Update/EngagedRestartDeadlineForFeatureUpdates**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1789,7 +1856,9 @@ ADMX Info:
For Feature Updates, this policy specifies the deadline in days before automatically scheduling and executing a pending restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to be executed automatically, within the specified period.
-Value type is integer. Default is 14.
+Supported value type is integer.
+
+Default is 14.
Supported value range: 2-30.
@@ -1798,9 +1867,9 @@ If no deadline is specified or deadline is set to 0, the restart won't be automa
If you disable or don't configure this policy, the default behaviors will be used.
If any of the following policies are configured, this policy has no effect:
-1. No autorestart with logged on users for scheduled automatic updates installations
-2. Always automatically restart at scheduled time
-3. Specify deadline before autorestart for update installation
+1. No autorestart with logged on users for scheduled automatic updates installations.
+2. Always automatically restart at scheduled time.
+3. Specify deadline before autorestart for update installation.
@@ -1820,11 +1889,13 @@ ADMX Info:
**Update/EngagedRestartSnoozeSchedule**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1844,16 +1915,18 @@ ADMX Info:
For Quality Updates, this policy specifies the number of days a user can snooze Engaged restart reminder notifications. The snooze period can be set between 1-3 days.
-Value type is integer. Default is three days.
+Supported value type is integer.
+
+Default is three days.
Supported value range: 1-3.
If you disable or don't configure this policy, the default behaviors will be used.
If any of the following policies are configured, this policy has no effect:
-1. No autorestart with logged on users for scheduled automatic updates installations
-2. Always automatically restart at scheduled time
-3. Specify deadline before autorestart for update installation
+1. No autorestart with logged on users for scheduled automatic updates installations.
+2. Always automatically restart at scheduled time.
+3. Specify deadline before autorestart for update installation.
@@ -1873,11 +1946,13 @@ ADMX Info:
**Update/EngagedRestartSnoozeScheduleForFeatureUpdates**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1897,16 +1972,18 @@ ADMX Info:
For Feature Updates, this policy specifies the number of days a user can snooze Engaged restart reminder notifications. The snooze period can be set between 1-3 days.
-Value type is integer. Default is three days.
+Supported value type is integer.
+
+Default is three days.
Supported value range: 1-3.
If you disable or don't configure this policy, the default behaviors will be used.
If any of the following policies are configured, this policy has no effect:
-1. No autorestart with logged on users for scheduled automatic updates installations
-2. Always automatically restart at scheduled time
-3. Specify deadline before autorestart for update installation
+1. No autorestart with logged on users for scheduled automatic updates installations.
+2. Always automatically restart at scheduled time.
+3. Specify deadline before autorestart for update installation.
@@ -1926,11 +2003,13 @@ ADMX Info:
**Update/EngagedRestartTransitionSchedule**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1950,16 +2029,18 @@ ADMX Info:
For Quality Updates, this policy specifies the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. The period can be set between 2 and 30 days from the time the restart becomes pending.
-Value type is integer. Default value is 7 days.
+Supported value type is integer.
+
+Default value is 7 days.
Supported value range: 2 - 30.
If you disable or don't configure this policy, the default behaviors will be used.
If any of the following policies are configured, this policy has no effect:
-1. No autorestart with logged on users for scheduled automatic updates installations
-2. Always automatically restart at scheduled time
-3. Specify deadline before autorestart for update installation
+1. No autorestart with logged on users for scheduled automatic updates installations.
+2. Always automatically restart at scheduled time.
+3. Specify deadline before autorestart for update installation.
@@ -1979,11 +2060,13 @@ ADMX Info:
**Update/EngagedRestartTransitionScheduleForFeatureUpdates**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2003,16 +2086,18 @@ ADMX Info:
For Feature Updates, this policy specifies the timing before transitioning from Auto restarts scheduled_outside of active hours to Engaged restart, which requires the user to schedule. The period can be set between 2 and 30 days from the time the restart becomes pending.
-Value type is integer. Default value is seven days.
+Supported value type is integer.
+
+Default value is seven days.
Supported value range: 2-30.
If you disable or don't configure this policy, the default behaviors will be used.
If any of the following policies are configured, this policy has no effect:
-1. No autorestart with logged on users for scheduled automatic updates installations
-2. Always automatically restart at scheduled time
-3. Specify deadline before autorestart for update installation
+1. No autorestart with logged on users for scheduled automatic updates installations.
+2. Always automatically restart at scheduled time.
+3. Specify deadline before autorestart for update installation.
@@ -2032,11 +2117,13 @@ ADMX Info:
**Update/ExcludeWUDriversInQualityUpdate**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2081,11 +2168,13 @@ The following list shows the supported values:
**Update/FillEmptyContentUrls**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2103,10 +2192,10 @@ The following list shows the supported values:
-Allows Windows Update Agent to determine the download URL when it's missing from the metadata. This scenario will occur when intranet update service stores the metadata files but the download contents are stored in the ISV file cache (specified as the alternate download URL).
+Allows Windows Update Agent to determine the download URL when it's missing from the metadata. This scenario will occur when intranet update service stores the metadata files but the download contents are stored in the ISV file cache (specified as the alternate download URL).
> [!NOTE]
-> This setting should only be used in combination with an alternate download URL and configured to use ISV file cache. This setting is used when the intranet update service doesn't provide download URLs in the update metadata for files which are available on the alternate download server.
+> This setting should only be used in combination with an alternate download URL and configured to use ISV file cache. This setting is used when the intranet update service doesn't provide download URLs in the update metadata for files which are available on the alternate download server.
@@ -2133,11 +2222,13 @@ The following list shows the supported values:
**Update/IgnoreMOAppDownloadLimit**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2186,11 +2277,13 @@ To validate this policy:
**Update/IgnoreMOUpdateDownloadLimit**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2239,11 +2332,13 @@ To validate this policy:
**Update/ManagePreviewBuilds**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2261,7 +2356,9 @@ To validate this policy:
-Used to manage Windows 10 Insider Preview builds. Value type is integer.
+Used to manage Windows 10 Insider Preview builds.
+
+Supported value type is integer.
@@ -2276,9 +2373,9 @@ ADMX Info:
The following list shows the supported values:
-- 0 - Disable Preview builds
-- 1 - Disable Preview builds once the next release is public
-- 2 - Enable Preview builds
+- 0 - Disable Preview builds.
+- 1 - Disable Preview builds once the next release is public.
+- 2 - Enable Preview builds.
@@ -2289,11 +2386,13 @@ The following list shows the supported values:
**Update/PauseDeferrals**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2314,10 +2413,8 @@ The following list shows the supported values:
> [!NOTE]
> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use PauseDeferrals for Windows 10, version 1511 devices.
-
Allows IT Admins to pause updates and upgrades for up to five weeks. Paused deferrals will be reset after five weeks.
-
If the "Specify intranet Microsoft update service location" policy is enabled, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
If the "Allow Telemetry" policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
@@ -2345,11 +2442,13 @@ The following list shows the supported values:
**Update/PauseFeatureUpdates**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2368,7 +2467,7 @@ The following list shows the supported values:
-Allows IT Admins to pause feature updates for up to 35 days. We recomment that you use the *Update/PauseFeatureUpdatesStartTime* policy if you're running Windows 10, version 1703 or later.
+Allows IT Admins to pause feature updates for up to 35 days. We recommend that you use the *Update/PauseFeatureUpdatesStartTime* policy, if you're running Windows 10, version 1703 or later.
@@ -2395,11 +2494,13 @@ The following list shows the supported values:
**Update/PauseFeatureUpdatesStartTime**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2419,7 +2520,8 @@ The following list shows the supported values:
Specifies the date and time when the IT admin wants to start pausing the Feature Updates. When this policy is configured, Feature Updates will be paused for 35 days from the specified start date.
-Value type is string (yyyy-mm-dd, ex. 2018-10-28). Supported operations are Add, Get, Delete, and Replace.
+- Supported value type is string (yyyy-mm-dd, ex. 2018-10-28).
+- Supported operations are Add, Get, Delete, and Replace.
@@ -2439,11 +2541,13 @@ ADMX Info:
**Update/PauseQualityUpdates**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2488,11 +2592,13 @@ The following list shows the supported values:
**Update/PauseQualityUpdatesStartTime**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2512,7 +2618,8 @@ The following list shows the supported values:
Specifies the date and time when the IT admin wants to start pausing the Quality Updates. When this policy is configured, Quality Updates will be paused for 35 days from the specified start date.
-Value type is string (yyyy-mm-dd, ex. 2018-10-28). Supported operations are Add, Get, Delete, and Replace.
+- Supported value type is string (yyyy-mm-dd, ex. 2018-10-28).
+- Supported operations are Add, Get, Delete, and Replace.
@@ -2543,11 +2650,13 @@ This policy is deprecated. Use [Update/RequireUpdateApproval](#update-requireupd
**Update/ProductVersion**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2580,7 +2689,7 @@ ADMX Info:
-Value type is a string containing a Windows product, for example, "Windows 11" or "11" or "Windows 10".
+Supported value type is a string containing a Windows product. For example, "Windows 11" or "11" or "Windows 10".
@@ -2593,7 +2702,7 @@ By using this Windows Update for Business policy to upgrade devices to a new pro
1. The applicable Windows license was purchased through volume licensing, or
-2. That you're authorized to bind your organization and are accepting on its behalf the relevant Microsoft Software License Terms to be found here: (https://www.microsoft.com/Useterms).
+2. You're authorized to bind your organization and are accepting on its behalf the relevant Microsoft Software License Terms to be found here: (https://www.microsoft.com/Useterms).
@@ -2601,11 +2710,13 @@ By using this Windows Update for Business policy to upgrade devices to a new pro
**Update/RequireDeferUpgrade**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -2626,7 +2737,6 @@ By using this Windows Update for Business policy to upgrade devices to a new pro
> [!NOTE]
> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use RequireDeferUpgrade for Windows 10, version 1511 devices.
-
Allows the IT admin to set a device to General Availability Channel train.
@@ -2652,11 +2762,13 @@ The following list shows the supported values:
**Update/RequireUpdateApproval**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -2677,7 +2789,6 @@ The following list shows the supported values:
> [!NOTE]
> If you previously used the **Update/PhoneUpdateRestrictions** policy in previous versions of Windows, it has been deprecated. Please use this policy instead.
-
Allows the IT admin to restrict the updates that are installed on a device to only those on an update approval list. It enables IT to accept the End User License Agreement (EULA) associated with the approved update on behalf of the end user. EULAs are approved once an update is approved.
Supported operations are Get and Replace.
@@ -2698,11 +2809,13 @@ The following list shows the supported values:
**Update/ScheduleImminentRestartWarning**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2746,11 +2859,13 @@ Supported values are 15, 30, or 60 (minutes).
**Update/ScheduleRestartWarning**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2769,8 +2884,7 @@ Supported values are 15, 30, or 60 (minutes).
> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education
-
+> This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education.
Allows the IT Admin to specify the period for autorestart warning reminder notifications.
@@ -2798,11 +2912,13 @@ Supported values are 2, 4, 8, 12, or 24 (hours).
**Update/ScheduledInstallDay**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2822,7 +2938,7 @@ Supported values are 2, 4, 8, 12, or 24 (hours).
Enables the IT admin to schedule the day of the update installation.
-The data type is an integer.
+Supported data type is an integer.
Supported operations are Add, Delete, Get, and Replace.
@@ -2857,11 +2973,13 @@ The following list shows the supported values:
**Update/ScheduledInstallEveryWeek**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2879,11 +2997,14 @@ The following list shows the supported values:
-Enables the IT admin to schedule the update installation on every week. Value type is integer. Supported values:
-
-
0 - no update in the schedule
-
1 - update is scheduled every week
-
+Enables the IT admin to schedule the update installation on every week.
+
+Supported Value type is integer.
+
+Supported values:
+- 0 - no update in the schedule.
+- 1 - update is scheduled every week.
+
@@ -2903,11 +3024,13 @@ ADMX Info:
**Update/ScheduledInstallFirstWeek**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2925,11 +3048,14 @@ ADMX Info:
-Enables the IT admin to schedule the update installation on the first week of the month. Value type is integer. Supported values:
-
-
0 - no update in the schedule
-
1 - update is scheduled every first week of the month
-
+Enables the IT admin to schedule the update installation on the first week of the month.
+
+Supported value type is integer.
+
+Supported values:
+- 0 - no update in the schedule.
+- 1 - update is scheduled every first week of the month.
+
@@ -2949,11 +3075,13 @@ ADMX Info:
**Update/ScheduledInstallFourthWeek**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2971,11 +3099,14 @@ ADMX Info:
-Enables the IT admin to schedule the update installation on the fourth week of the month. Value type is integer. Supported values:
-
-
0 - no update in the schedule
-
1 - update is scheduled every fourth week of the month
-
+Enables the IT admin to schedule the update installation on the fourth week of the month.
+
+Supported value type is integer.
+
+Supported values:
+- 0 - no update in the schedule.
+- 1 - update is scheduled every fourth week of the month.
+
@@ -2995,11 +3126,13 @@ ADMX Info:
**Update/ScheduledInstallSecondWeek**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3017,11 +3150,15 @@ ADMX Info:
-Enables the IT admin to schedule the update installation on the second week of the month. Value type is integer. Supported values:
-
-
0 - no update in the schedule
-
1 - update is scheduled every second week of the month
-
+Enables the IT admin to schedule the update installation on the second week of the month.
+
+Supported vlue type is integer.
+
+Supported values:
+
+- 0 - no update in the schedule.
+- 1 - update is scheduled every second week of the month.
+
@@ -3041,11 +3178,13 @@ ADMX Info:
**Update/ScheduledInstallThirdWeek**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3063,11 +3202,14 @@ ADMX Info:
-Enables the IT admin to schedule the update installation on the third week of the month. Value type is integer. Supported values:
-
-
0 - no update in the schedule
-
1 - update is scheduled every third week of the month
-
+Enables the IT admin to schedule the update installation on the third week of the month.
+
+Supported value type is integer.
+
+Supported values:
+- 0 - no update in the schedule.
+- 1 - update is scheduled every third week of the month.
+
@@ -3087,11 +3229,13 @@ ADMX Info:
**Update/ScheduledInstallTime**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3110,12 +3254,11 @@ ADMX Info:
> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education
-
+> This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education.
Enables the IT admin to schedule the time of the update installation.
-The data type is an integer.
+The supported data type is an integer.
Supported operations are Add, Delete, Get, and Replace.
@@ -3141,11 +3284,13 @@ ADMX Info:
**Update/SetAutoRestartNotificationDisable**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3190,11 +3335,13 @@ The following list shows the supported values:
**Update/SetDisablePauseUXAccess**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3214,7 +3361,11 @@ The following list shows the supported values:
This policy allows the IT admin to disable the "Pause Updates" feature. When this policy is enabled, the user can't access the "Pause updates" feature.
-Value type is integer. Default is 0. Supported values 0, 1.
+Supported value type is integer.
+
+Default is 0.
+
+Supported values 0, 1.
@@ -3231,11 +3382,13 @@ ADMX Info:
**Update/SetDisableUXWUAccess**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3255,7 +3408,11 @@ ADMX Info:
This policy allows the IT admin to remove access to scan Windows Update. When this policy is enabled, the user can't access the Windows Update scan, download, and install features.
-Value type is integer. Default is 0. Supported values 0, 1.
+Supported value type is integer.
+
+Default is 0.
+
+Supported values 0, 1.
@@ -3272,11 +3429,13 @@ ADMX Info:
**Update/SetEDURestart**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3296,7 +3455,7 @@ ADMX Info:
For devices in a cart, this policy skips all restart checks to ensure that the reboot will happen at ScheduledInstallTime.
-When you set this policy along with Update/ActiveHoursStart, Update/ActiveHoursEnd, and ShareCartPC, it will defer all the update processes (scan, download, install, and reboot) to a time after Active Hours. After a buffer period after ActiveHoursEnd, the device will wake up several times to complete the processes. All processes are blocked before ActiveHoursStart.
+When you set this policy along with Update/ActiveHoursStart, Update/ActiveHoursEnd, and ShareCartPC, it will defer all the update processes (scan, download, install, and reboot) to a time after Active Hours. After a buffer period, after ActiveHoursEnd, the device will wake up several times to complete the processes. All processes are blocked before ActiveHoursStart.
@@ -3322,11 +3481,13 @@ The following list shows the supported values:
**Update/SetPolicyDrivenUpdateSourceForDriver**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3352,7 +3513,7 @@ If you configure this policy, also configure the scan source policies for other
- SetPolicyDrivenUpdateSourceForOther
>[!NOTE]
->If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect.
+>If you have not properly configured Update/UpdateServiceUrl correctly to point your WSUS server, this policy will have no effect.
@@ -3366,8 +3527,8 @@ ADMX Info:
The following list shows the supported values:
-- 0: (Default) Detect, download, and deploy Driver from Windows Update
-- 1: Enabled, Detect, download, and deploy Driver from Windows Server Update Server (WSUS)
+- 0: (Default) Detect, download, and deploy Driver from Windows Update.
+- 1: Enabled, Detect, download, and deploy Driver from Windows Server Update Server (WSUS).
@@ -3378,11 +3539,13 @@ The following list shows the supported values:
**Update/SetPolicyDrivenUpdateSourceForFeature**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3408,7 +3571,7 @@ If you configure this policy, also configure the scan source policies for other
- SetPolicyDrivenUpdateSourceForOther
>[!NOTE]
->If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect.
+>If you have not properly configured Update/UpdateServiceUrl correctly to point your WSUS server, this policy will have no effect.
@@ -3422,8 +3585,8 @@ ADMX Info:
The following list shows the supported values:
-- 0: (Default) Detect, download, and deploy Feature from Windows Update
-- 1: Enabled, Detect, download, and deploy Feature from Windows Server Update Server (WSUS)
+- 0: (Default) Detect, download, and deploy Feature from Windows Update.
+- 1: Enabled, Detect, download, and deploy Feature from Windows Server Update Server (WSUS).
@@ -3434,11 +3597,13 @@ The following list shows the supported values:
**Update/SetPolicyDrivenUpdateSourceForOther**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3464,7 +3629,7 @@ If you configure this policy, also configure the scan source policies for other
- SetPolicyDrivenUpdateSourceForDriver
>[!NOTE]
->If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect.
+>If you have not properly configured Update/UpdateServiceUrl correctly to point your WSUS server, this policy will have no effect.
@@ -3478,8 +3643,8 @@ ADMX Info:
The following list shows the supported values:
-- 0: (Default) Detect, download, and deploy Other from Windows Update
-- 1: Enabled, Detect, download, and deploy Other from Windows Server Update Server (WSUS)
+- 0: (Default) Detect, download, and deploy Other from Windows Update.
+- 1: Enabled, Detect, download, and deploy Other from Windows Server Update Server (WSUS).
@@ -3490,11 +3655,13 @@ The following list shows the supported values:
**Update/SetPolicyDrivenUpdateSourceForQuality**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3520,7 +3687,7 @@ If you configure this policy, also configure the scan source policies for other
- SetPolicyDrivenUpdateSourceForOther
>[!NOTE]
->If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect.
+>If you have not properly configured Update/UpdateServiceUrl correctly to point your WSUS server, this policy will have no effect.
@@ -3534,8 +3701,8 @@ ADMX Info:
The following list shows the supported values:
-- 0: (Default) Detect, download, and deploy Quality from Windows Update
-- 1: Enabled, Detect, download, and deploy Quality from Windows Server Update Server (WSUS)
+- 0: (Default) Detect, download, and deploy Quality from Windows Update.
+- 1: Enabled, Detect, download, and deploy Quality from Windows Server Update Server (WSUS).
@@ -3546,11 +3713,13 @@ The following list shows the supported values:
**Update/SetProxyBehaviorForUpdateDetection**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3587,6 +3756,7 @@ The following list shows the supported values:
- 0 (default) - Allow system proxy only for HTTP scans.
- 1 - Allow user proxy to be used as a fallback if detection using system proxy fails.
+
> [!NOTE]
> Configuring this policy setting to 1 exposes your environment to potential security risk and makes scans unsecure.
@@ -3599,11 +3769,13 @@ The following list shows the supported values:
**Update/TargetReleaseVersion**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3622,6 +3794,7 @@ The following list shows the supported values:
Available in Windows 10, version 1803 and later. Enables IT administrators to specify which version they would like their device(s) to move to and/or stay on until they reach end of service or reconfigure the policy. For details about different Windows 10 versions, see [Windows 10 release information](/windows/release-health/release-information/).
+
ADMX Info:
@@ -3633,7 +3806,7 @@ ADMX Info:
-Value type is a string containing Windows 10 version number. For example, 1809, 1903.
+Supported value type is a string containing Windows 10 version number. For example, 1809, 1903.
@@ -3649,11 +3822,13 @@ Value type is a string containing Windows 10 version number. For example, 1809,
**Update/UpdateNotificationLevel**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3675,9 +3850,9 @@ Display options for update notifications. This policy allows you to define what
Options:
-- 0 (default) - Use the default Windows Update notifications
-- 1 - Turn off all notifications, excluding restart warnings
-- 2 - Turn off all notifications, including restart warnings
+- 0 (default) - Use the default Windows Update notifications.
+- 1 - Turn off all notifications, excluding restart warnings.
+- 2 - Turn off all notifications, including restart warnings.
> [!IMPORTANT]
> If you choose not to get update notifications and also define other Group policies so that devices aren't automatically getting updates, neither you nor device users will be aware of critical security, quality, or feature updates, and your devices may be at risk.
@@ -3708,11 +3883,13 @@ ADMX Info:
**Update/UpdateServiceUrl**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3782,11 +3959,13 @@ Example
**Update/UpdateServiceUrlAlternate**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3808,9 +3987,9 @@ Specifies an alternate intranet server to host updates from Microsoft Update. Yo
This setting lets you specify a server on your network to function as an internal update service. The Automatic Updates client will search this service for updates that apply to the computers on your network.
-To use this setting, you must set two server name values: the server from which the Automatic Updates client detects and downloads updates, and the server to which updated workstations upload statistics. You can set both values to be the same server. An optional server name value can be specified to configure Windows Update agent, and download updates from an alternate download server instead of WSUS Server.
+To use this setting, you must set two server name values: the server from which the Automatic Updates client detects and downloads updates, and the server to which updated workstations upload statistics. You can set both values to be the same server. An optional server name value can be specified to configure Windows Update agent, and download updates from an alternate download server instead of WSUS Server.
-Value type is string and the default value is an empty string, "". If the setting isn't configured, and if Automatic Updates isn't disabled by policy or user preference, the Automatic Updates client connects directly to the Windows Update site on the Internet.
+Supported value type is string and the default value is an empty string, "". If the setting isn't configured, and if Automatic Updates isn't disabled by policy or user preference, the Automatic Updates client connects directly to the Windows Update site on the Internet.
> [!NOTE]
> If the "Configure Automatic Updates" Group Policy is disabled, then this policy has no effect.
@@ -3831,3 +4010,7 @@ ADMX Info:
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md
index 3d13322718..9d126f072e 100644
--- a/windows/client-management/mdm/policy-csp-userrights.md
+++ b/windows/client-management/mdm/policy-csp-userrights.md
@@ -14,7 +14,6 @@ manager: dansimp
# Policy CSP - UserRights
-
User rights are assigned for user accounts or groups. The name of the policy defines the user right in question, and the values are always users or groups. Values can be represented as SIDs or strings. For reference, see [Well-Known SID Structures](/openspecs/windows_protocols/ms-dtyp/81d92bba-d22b-4a8c-908a-554ab29148ab).
@@ -77,7 +76,7 @@ Here are examples of data fields. The encoded 0xF000 is the standard delimiter/s
> [!NOTE]
> `` is the entity encoding of 0xF000.
-For example, the following syntax grants user rights to Authenticated Users and Replicator user groups:
+For example, the following syntax grants user rights to Authenticated Users and Replicator user groups.:
```xml
@@ -197,11 +196,13 @@ For example, the following syntax grants user rights to a specific user or group
**UserRights/AccessCredentialManagerAsTrustedCaller**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -236,11 +237,13 @@ GP Info:
**UserRights/AccessFromNetwork**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -259,6 +262,7 @@ GP Info:
This user right determines which users and groups are allowed to connect to the computer over the network. Remote Desktop Services isn't affected by this user right.
+
> [!NOTE]
> Remote Desktop Services was called Terminal Services in previous versions of Windows Server.
@@ -277,11 +281,13 @@ GP Info:
**UserRights/ActAsPartOfTheOperatingSystem**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -300,6 +306,7 @@ GP Info:
This user right allows a process to impersonate any user without authentication. The process can therefore gain access to the same local resources as that user. Processes that require this privilege should use the LocalSystem account, which already includes this privilege, rather than using a separate user account with this privilege specially assigned.
+
> [!CAUTION]
> Assigning this user right can be a security risk. Assign this user right to trusted users only.
@@ -318,11 +325,13 @@ GP Info:
**UserRights/AllowLocalLogOn**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -341,6 +350,7 @@ GP Info:
This user right determines which users can sign in to the computer.
+
> [!NOTE]
> Modifying this setting might affect compatibility with clients, services, and applications. For compatibility information about this setting, see [Allow log on locally](https://go.microsoft.com/fwlink/?LinkId=24268 ) at the Microsoft website.
@@ -359,11 +369,13 @@ GP Info:
**UserRights/BackupFilesAndDirectories**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -382,6 +394,7 @@ GP Info:
This user right determines which users can bypass file, directory, registry, and other persistent objects permissions when backing up files and directories. Specifically, this user right is similar to granting the following permissions to the user or group in question on all files and folders on the system: Traverse Folder/Execute File, Read.
+
> [!CAUTION]
> Assigning this user right can be a security risk. Since users with this user right can read any registry settings and files, assign this user right to trusted users only.
@@ -400,11 +413,13 @@ GP Info:
**UserRights/ChangeSystemTime**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -423,8 +438,9 @@ GP Info:
This user right determines which users and groups can change the time and date on the internal clock of the computer. Users that are assigned this user right can affect the appearance of event logs. If the system time is changed, events that are logged will reflect this new time, not the actual time that the events occurred.
+
> [!CAUTION]
-> Configuring user rights replaces existing users or groups previously assigned those user rights. The system requires that Local Service account (SID S-1-5-19) always has the ChangeSystemTime right. Therefore, Local Service must always be specified in addition to any other accounts being configured in this policy.
+> Configuring user rights replaces existing users or groups previously assigned to those user rights. The system requires that Local Service account (SID S-1-5-19) always has the ChangeSystemTime right. Therefore, Local Service must always be specified in addition to any other accounts being configured in this policy.
>
> Not including the Local Service account will result in failure with the following error:
>
@@ -447,11 +463,13 @@ GP Info:
**UserRights/CreateGlobalObjects**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -470,6 +488,7 @@ GP Info:
This security setting determines whether users can create global objects that are available to all sessions. Users can still create objects that are specific to their own session if they don't have this user right. Users who can create global objects could affect processes that run under other users' sessions, which could lead to application failure or data corruption.
+
> [!CAUTION]
> Assigning this user right can be a security risk. Assign this user right to trusted users only.
@@ -488,11 +507,13 @@ GP Info:
**UserRights/CreatePageFile**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -527,11 +548,13 @@ GP Info:
**UserRights/CreatePermanentSharedObjects**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -566,11 +589,13 @@ GP Info:
**UserRights/CreateSymbolicLinks**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -589,8 +614,10 @@ GP Info:
This user right determines if the user can create a symbolic link from the computer they're signed in to.
+
> [!CAUTION]
> This privilege should be given to trusted users only. Symbolic links can expose security vulnerabilities in applications that aren't designed to handle them.
+
> [!NOTE]
> This setting can be used in conjunction with a symlink filesystem setting that can be manipulated with the command line utility to control the kinds of symlinks that are allowed on the machine. Type 'fsutil behavior set symlinkevaluation /?' at the command line to get more information about fsutil and symbolic links.
@@ -609,11 +636,13 @@ GP Info:
**UserRights/CreateToken**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -632,6 +661,7 @@ GP Info:
This user right determines which accounts can be used by processes to create a token that can then be used to get access to any local resources when the process uses an internal application programming interface (API) to create an access token. This user right is used internally by the operating system. Unless it's necessary, don't assign this user right to a user, group, or process other than Local System.
+
> [!CAUTION]
> Assigning this user right can be a security risk. Don't assign this user right to any user, group, or process that you don't want to take over the system.
@@ -650,11 +680,13 @@ GP Info:
**UserRights/DebugPrograms**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -673,6 +705,7 @@ GP Info:
This user right determines which users can attach a debugger to any process or to the kernel. Developers who are debugging their own applications don't need to be assigned this user right. Developers who are debugging new system components will need this user right to be able to do so. This user right provides complete access to sensitive and critical operating system components.
+
> [!CAUTION]
> Assigning this user right can be a security risk. Assign this user right to trusted users only.
@@ -691,11 +724,13 @@ GP Info:
**UserRights/DenyAccessFromNetwork**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -713,7 +748,7 @@ GP Info:
-This user right determines which users are prevented from accessing a computer over the network. This policy setting supersedes the Access this computer from the network policy setting if a user account is subject to both policies.
+This user right determines which users are prevented from accessing a computer over the network. This policy setting supersedes the Access to this computer from the network policy setting if a user account is subject to both policies.
@@ -730,11 +765,13 @@ GP Info:
**UserRights/DenyLocalLogOn**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -772,11 +809,13 @@ GP Info:
**UserRights/DenyRemoteDesktopServicesLogOn**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -811,11 +850,13 @@ GP Info:
**UserRights/EnableDelegation**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -834,6 +875,7 @@ GP Info:
This user right determines which users can set the Trusted for Delegation setting on a user or computer object. The user or object that is granted this privilege must have write access to the account control flags on the user or computer object. A server process running on a computer (or under a user context) that is trusted for delegation can access resources on another computer using delegated credentials of a client, as long as the client account doesn't have the Account can't be delegated account control flag set.
+
> [!CAUTION]
> Misuse of this user right, or of the Trusted for Delegation setting, could make the network vulnerable to sophisticated attacks using Trojan horse programs that impersonate incoming clients and use their credentials to gain access to network resources.
@@ -852,11 +894,13 @@ GP Info:
**UserRights/GenerateSecurityAudits**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -891,11 +935,13 @@ GP Info:
**UserRights/ImpersonateClient**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -914,14 +960,19 @@ GP Info:
Assigning this user right to a user allows programs running on behalf of that user to impersonate a client. Requiring this user right for this kind of impersonation prevents an unauthorized user from convincing a client to connect (for example, by remote procedure call (RPC) or named pipes) to a service that they have created and then impersonating that client, which can elevate the unauthorized user's permissions to administrative or system levels.
+
> [!CAUTION]
> Assigning this user right can be a security risk. Assign this user right to trusted users only.
+
> [!NOTE]
> By default, services that are started by the Service Control Manager have the built-in Service group added to their access tokens. Component Object Model (COM) servers that are started by the COM infrastructure and that are configured to run under a specific account also have the Service group added to their access tokens. As a result, these services get this user right when they are started. In addition, a user can also impersonate an access token if any of the following conditions exist.
-1) The access token that is being impersonated is for this user.
-2) The user, in this sign-in session, created the access token by signing in to the network with explicit credentials.
-3) The requested level is less than Impersonate, such as Anonymous or Identify.
+
+1. The access token that is being impersonated is for this user.
+1. The user, in this sign-in session, created the access token by signing in to the network with explicit credentials.
+1. The requested level is less than Impersonate, such as Anonymous or Identify.
+
Because of these factors, users don't usually need this user right.
+
> [!WARNING]
> If you enable this setting, programs that previously had the Impersonate privilege might lose it, and they might not run.
@@ -940,11 +991,13 @@ GP Info:
**UserRights/IncreaseSchedulingPriority**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -984,11 +1037,13 @@ GP Info:
**UserRights/LoadUnloadDeviceDrivers**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1007,6 +1062,7 @@ GP Info:
This user right determines which users can dynamically load and unload device drivers or other code in to kernel mode. This user right doesn't apply to Plug and Play device drivers. It's recommended that you don't assign this privilege to other users.
+
> [!CAUTION]
> Assigning this user right can be a security risk. Don't assign this user right to any user, group, or process that you don't want to take over the system.
@@ -1025,11 +1081,13 @@ GP Info:
**UserRights/LockMemory**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1064,11 +1122,13 @@ GP Info:
**UserRights/ManageAuditingAndSecurityLog**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1103,11 +1163,13 @@ GP Info:
**UserRights/ManageVolume**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1125,7 +1187,7 @@ GP Info:
-This user right determines which users and groups can run maintenance tasks on a volume, such as remote defragmentation. Use caution when assigning this user right. Users with this user right can explore disks and extend files in to memory that contains other data. When the extended files are opened, the user might be able to read and modify the acquired data.
+This user right determines which users and groups can run maintenance tasks on a volume, such as remote de-fragmentation. Use caution when assigning this user right. Users with this user right can explore disks and extend files in to memory that contains other data. When the extended files are opened, the user might be able to read and modify the acquired data.
@@ -1142,11 +1204,13 @@ GP Info:
**UserRights/ModifyFirmwareEnvironment**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1165,6 +1229,7 @@ GP Info:
This user right determines who can modify firmware environment values. Firmware environment variables are settings stored in the nonvolatile RAM of non-x86-based computers. The effect of the setting depends on the processor. On x86-based computers, the only firmware environment value that can be modified by assigning this user right is the Last Known Good Configuration setting, which should be modified only by the system. On Itanium-based computers, boot information is stored in nonvolatile RAM. Users must be assigned this user right to run bootcfg.exe and to change the Default Operating System setting on Startup and Recovery in System Properties. On all computers, this user right is required to install or upgrade Windows.
+
> [!NOTE]
> This security setting doesn't affect who can modify the system environment variables and user environment variables that are displayed on the Advanced tab of System Properties.
@@ -1183,11 +1248,13 @@ GP Info:
**UserRights/ModifyObjectLabel**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1222,11 +1289,13 @@ GP Info:
**UserRights/ProfileSingleProcess**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1261,11 +1330,13 @@ GP Info:
**UserRights/RemoteShutdown**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1300,11 +1371,13 @@ GP Info:
**UserRights/RestoreFilesAndDirectories**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1323,6 +1396,7 @@ GP Info:
This user right determines which users can bypass file, directory, registry, and other persistent objects permissions when restoring backed up files and directories, and it determines which users can set any valid security principal as the owner of an object. Specifically, this user right is similar to granting the following permissions to the user or group in question on all files and folders on the system: Traverse Folder/Execute File, Write.
+
> [!CAUTION]
> Assigning this user right can be a security risk. Since users with this user right can overwrite registry settings, hide data, and gain ownership of system objects, assign this user right to trusted users only.
@@ -1341,11 +1415,13 @@ GP Info:
**UserRights/TakeOwnership**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1364,6 +1440,7 @@ GP Info:
This user right determines which users can take ownership of any securable object in the system, including Active Directory objects, files and folders, printers, registry keys, processes, and threads.
+
> [!CAUTION]
> Assigning this user right can be a security risk. Since owners of objects have full control of them, assign this user right to trusted users only.
@@ -1378,3 +1455,7 @@ GP Info:
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md b/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md
index 2ca5d714a9..4d39b65348 100644
--- a/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md
+++ b/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md
@@ -28,18 +28,19 @@ manager: dansimp
-
**VirtualizationBasedTechnology/HypervisorEnforcedCodeIntegrity**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -57,7 +58,7 @@ manager: dansimp
-Allows the IT admin to control the state of Hypervisor-protected Code Integrity (HVCI) on devices. HVCI is a feature within Virtualization Based Security, and is frequently referred to as Memory integrity. Learn more [here](/windows-hardware/design/device-experiences/oem-vbs).
+Allows the IT admin to control the state of Hypervisor-Protected Code Integrity (HVCI) on devices. HVCI is a feature within Virtualization Based Security, and is frequently referred to as Memory integrity. Learn more [here](/windows-hardware/design/device-experiences/oem-vbs).
>[!NOTE]
>After the policy is pushed, a system reboot will be required to change the state of HVCI.
@@ -66,9 +67,9 @@ Allows the IT admin to control the state of Hypervisor-protected Code Integrity
The following are the supported values:
-- 0: (Disabled) Turns off Hypervisor-Protected Code Integrity remotely if configured previously without UEFI Lock
-- 1: (Enabled with UEFI lock) Turns on Hypervisor-Protected Code Integrity with UEFI lock
-- 2: (Enabled without lock) Turns on Hypervisor-Protected Code Integrity without UEFI lock
+- 0: (Disabled) Turns off Hypervisor-Protected Code Integrity remotely if configured previously without UEFI Lock.
+- 1: (Enabled with UEFI lock) Turns on Hypervisor-Protected Code Integrity with UEFI lock.
+- 2: (Enabled without lock) Turns on Hypervisor-Protected Code Integrity without UEFI lock.
@@ -84,11 +85,13 @@ The following are the supported values:
**VirtualizationBasedTechnology/RequireUEFIMemoryAttributesTable**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -106,7 +109,7 @@ The following are the supported values:
-Allows the IT admin to control the state of Hypervisor-protected Code Integrity (HVCI) on devices. HVCI is a feature within Virtualization Based Security, and is frequently referred to as Memory integrity. Learn more [here](/windows-hardware/design/device-experiences/oem-vbs).
+Allows the IT admin to control the state of Hypervisor-Protected Code Integrity (HVCI) on devices. HVCI is a feature within Virtualization Based Security, and is frequently referred to as Memory integrity. Learn more [here](/windows-hardware/design/device-experiences/oem-vbs).
>[!NOTE]
>After the policy is pushed, a system reboot will be required to change the state of HVCI.
@@ -116,8 +119,8 @@ Allows the IT admin to control the state of Hypervisor-protected Code Integrity
The following are the supported values:
-- 0: (Disabled) Do not require UEFI Memory Attributes Table
-- 1: (Enabled) Require UEFI Memory Attributes Table
+- 0: (Disabled) Do not require UEFI Memory Attributes Table.
+- 1: (Enabled) Require UEFI Memory Attributes Table.
@@ -131,3 +134,6 @@ The following are the supported values:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-wifi.md b/windows/client-management/mdm/policy-csp-wifi.md
index 0f2a4df17d..5306104d5c 100644
--- a/windows/client-management/mdm/policy-csp-wifi.md
+++ b/windows/client-management/mdm/policy-csp-wifi.md
@@ -69,6 +69,7 @@ This policy has been deprecated.
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -119,6 +120,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -169,6 +171,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -214,6 +217,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -256,6 +260,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -296,6 +301,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-windowsautopilot.md b/windows/client-management/mdm/policy-csp-windowsautopilot.md
index 1dc3fde74d..5f934b05bd 100644
--- a/windows/client-management/mdm/policy-csp-windowsautopilot.md
+++ b/windows/client-management/mdm/policy-csp-windowsautopilot.md
@@ -39,6 +39,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -72,3 +73,6 @@ This policy enables Windows Autopilot to be kept up-to-date during the out-of-bo
+
+## Related topics
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md
index dd72a9ae8b..efce371108 100644
--- a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md
+++ b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md
@@ -14,8 +14,6 @@ manager: dansimp
# Policy CSP - WindowsConnectionManager
-
-
@@ -34,11 +32,13 @@ manager: dansimp
**WindowsConnectionManager/ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -60,23 +60,25 @@ This policy setting prevents computers from connecting to both a domain-based ne
If this policy setting is enabled, the computer responds to automatic and manual network connection attempts based on the following circumstances:
-Automatic connection attempts
+Automatic connection attempts:
+
- When the computer is already connected to a domain-based network, all automatic connection attempts to non-domain networks are blocked.
- When the computer is already connected to a non-domain-based network, automatic connection attempts to domain-based networks are blocked.
-Manual connection attempts
-- When the computer is already connected to either a non-domain-based network or a domain-based network over media other than Ethernet, and a user attempts to create a manual connection to another network in violation of this policy setting, the existing network connection is disconnected and the manual connection is allowed.
-- When the computer is already connected to either a non-domain-based network or a domain-based network over Ethernet, and a user attempts to create a manual connection to another network in violation of this policy setting, the existing Ethernet connection is maintained and the manual connection attempt is blocked.
+Manual connection attempts:
+
+- When the computer is already connected to either a non-domain-based network or a domain-based network over media other than Ethernet, and a user attempts to create a manual connection to another network in violation of this policy setting, then an existing network connection is disconnected and the manual connection is allowed.
+- When the computer is already connected to either a non-domain-based network or a domain-based network over Ethernet, and a user attempts to create a manual connection to another network in violation of this policy setting, then an existing Ethernet connection is maintained and the manual connection attempt is blocked.
If this policy setting isn't configured or is disabled, computers are allowed to connect simultaneously to both domain and non-domain networks.
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -89,6 +91,8 @@ ADMX Info:
-
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
index f7a519d956..665a0824e5 100644
--- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
+++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
@@ -14,10 +14,10 @@ manager: dansimp
# Policy CSP - WindowsDefenderSecurityCenter
-
+
## WindowsDefenderSecurityCenter policies
@@ -89,18 +89,19 @@ manager: dansimp
-
**WindowsDefenderSecurityCenter/CompanyName**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -120,10 +121,12 @@ manager: dansimp
The company name that is displayed to the users. CompanyName is required for both EnableCustomizedToasts and EnableInAppCustomization. If you disable or don't configure this setting, or don't have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices won't display the contact options.
-Value type is string. Supported operations are Add, Get, Replace and Delete.
+- Supported value type is string.
+- Supported operations are Add, Get, Replace and Delete.
+
ADMX Info:
- GP Friendly name: *Specify contact company name*
- GP name: *EnterpriseCustomization_CompanyName*
@@ -140,11 +143,13 @@ ADMX Info:
**WindowsDefenderSecurityCenter/DisableAccountProtectionUI**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -188,11 +193,13 @@ Valid values:
**WindowsDefenderSecurityCenter/DisableAppBrowserUI**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -212,7 +219,8 @@ Valid values:
Use this policy setting if you want to disable the display of the app and browser protection area in Windows Defender Security Center. If you disable or don't configure this setting, Windows Defender Security Center will display this area.
-Value type is integer. Supported operations are Add, Get, Replace and Delete.
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace and Delete.
@@ -238,11 +246,13 @@ The following list shows the supported values:
**WindowsDefenderSecurityCenter/DisableClearTpmButton**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -262,14 +272,9 @@ The following list shows the supported values:
Disable the Clear TPM button in Windows Security.
-Enabled:
-The Clear TPM button will be unavailable for use.
-
-Disabled:
-The Clear TPM button will be available for use on supported systems.
-
-Not configured:
-Same as Disabled.
+- Enabled: The Clear TPM button will be unavailable for use.
+- Disabled: The Clear TPM button will be available for use on supported systems.
+- Not configured: Same as Disabled.
Supported values:
@@ -302,11 +307,13 @@ ADMX Info:
**WindowsDefenderSecurityCenter/DisableDeviceSecurityUI**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -350,11 +357,13 @@ Valid values:
**WindowsDefenderSecurityCenter/DisableEnhancedNotifications**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -377,7 +386,8 @@ Use this policy if you want Windows Defender Security Center to only display not
> [!NOTE]
> If Suppress notification is enabled then users won't see critical or non-critical messages.
-Value type is integer. Supported operations are Add, Get, Replace and Delete.
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace and Delete.
@@ -403,11 +413,13 @@ The following list shows the supported values:
**WindowsDefenderSecurityCenter/DisableFamilyUI**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -427,7 +439,8 @@ The following list shows the supported values:
Use this policy setting if you want to disable the display of the family options area in Windows Defender Security Center. If you disable or don't configure this setting, Windows Defender Security Center will display this area.
-Value type is integer. Supported operations are Add, Get, Replace and Delete.
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace and Delete.
@@ -453,11 +466,13 @@ The following list shows the supported values:
**WindowsDefenderSecurityCenter/DisableHealthUI**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -477,7 +492,8 @@ The following list shows the supported values:
Use this policy setting if you want to disable the display of the device performance and health area in Windows Defender Security Center. If you disable or don't configure this setting, Windows Defender Security Center will display this area.
-Value type is integer. Supported operations are Add, Get, Replace and Delete.
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace and Delete.
@@ -503,11 +519,13 @@ The following list shows the supported values:
**WindowsDefenderSecurityCenter/DisableNetworkUI**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -527,7 +545,8 @@ The following list shows the supported values:
Use this policy setting if you want to disable the display of the firewall and network protection area in Windows Defender Security Center. If you disable or don't configure this setting, Windows Defender Security Center will display this area.
-Value type is integer. Supported operations are Add, Get, Replace and Delete.
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace and Delete.
@@ -553,11 +572,13 @@ The following list shows the supported values:
**WindowsDefenderSecurityCenter/DisableNotifications**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -577,7 +598,8 @@ The following list shows the supported values:
Use this policy setting if you want to disable the display of Windows Defender Security Center notifications. If you disable or don't configure this setting, Windows Defender Security Center notifications will display on devices.
-Value type is integer. Supported operations are Add, Get, Replace and Delete.
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace and Delete.
@@ -603,11 +625,13 @@ The following list shows the supported values:
**WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -627,14 +651,9 @@ The following list shows the supported values:
Hide the recommendation to update TPM Firmware when a vulnerable firmware is detected.
-Enabled:
-Users won't be shown a recommendation to update their TPM Firmware.
-
-Disabled:
-Users will see a recommendation to update their TPM Firmware if Windows Security detects the system contains a TPM with vulnerable firmware.
-
-Not configured:
-Same as Disabled.
+- Enabled: Users won't be shown a recommendation to update their TPM Firmware.
+- Disabled: Users will see a recommendation to update their TPM Firmware if Windows Security detects the system contains a TPM with vulnerable firmware.
+- Not configured: Same as Disabled.
Supported values:
@@ -667,11 +686,13 @@ ADMX Info:
**WindowsDefenderSecurityCenter/DisableVirusUI**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -691,7 +712,8 @@ ADMX Info:
Use this policy setting if you want to disable the display of the virus and threat protection area in Windows Defender Security Center. If you disable or don't configure this setting, Windows Defender Security Center will display this area.
-Value type is integer. Supported operations are Add, Get, Replace and Delete.
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace and Delete.
@@ -717,11 +739,13 @@ The following list shows the supported values:
**WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -741,7 +765,8 @@ The following list shows the supported values:
Prevent users from making changes to the exploit protection settings area in the Windows Defender Security Center. If you disable or don't configure this setting, local users can make changes in the exploit protection settings area.
-Value type is integer. Supported operations are Add, Get, Replace and Delete.
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace and Delete.
@@ -767,11 +792,13 @@ The following list shows the supported values:
**WindowsDefenderSecurityCenter/Email**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -789,9 +816,10 @@ The following list shows the supported values:
-The email address that is displayed to users. The default mail application is used to initiate email actions. If you disable or don't configure this setting, or don't have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices won't display contact options.
+The email address that is displayed to users. The default mail application is used to initiate email actions. If you disable or don't configure this setting, or don't have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices won't display contact options.
-Value type is string. Supported operations are Add, Get, Replace and Delete.
+- Supported value type is string.
+- Supported operations are Add, Get, Replace and Delete.
@@ -811,11 +839,13 @@ ADMX Info:
**WindowsDefenderSecurityCenter/EnableCustomizedToasts**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -835,7 +865,8 @@ ADMX Info:
Enable this policy to display your company name and contact options in the notifications. If you disable or don't configure this setting, or don't provide CompanyName and a minimum of one contact method (Phone using Skype, Email, Help portal URL) Windows Defender Security Center will display a default notification text.
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -861,11 +892,13 @@ The following list shows the supported values:
**WindowsDefenderSecurityCenter/EnableInAppCustomization**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -885,7 +918,8 @@ The following list shows the supported values:
Enable this policy to have your company name and contact options displayed in a contact card fly out in Windows Defender Security Center. If you disable or don't configure this setting, or don't provide CompanyName and a minimum of one contact method (Phone using Skype, Email, Help portal URL) Windows Defender Security Center won't display the contact card fly out notification.
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+- Support value type is integer.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -911,11 +945,13 @@ The following list shows the supported values:
**WindowsDefenderSecurityCenter/HideRansomwareDataRecovery**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -959,11 +995,13 @@ Valid values:
**WindowsDefenderSecurityCenter/HideSecureBoot**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1007,11 +1045,13 @@ Valid values:
**WindowsDefenderSecurityCenter/HideTPMTroubleshooting**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1055,11 +1095,13 @@ Valid values:
**WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1081,14 +1123,9 @@ This policy setting hides the Windows Security notification area control.
The user needs to either sign out and sign in or reboot the computer for this setting to take effect.
-Enabled:
-Windows Security notification area control will be hidden.
-
-Disabled:
-Windows Security notification area control will be shown.
-
-Not configured:
-Same as Disabled.
+- Enabled: Windows Security notification area control will be hidden.
+- Disabled: Windows Security notification area control will be shown.
+- Not configured: Same as Disabled.
Supported values:
@@ -1121,11 +1158,13 @@ ADMX Info:
**WindowsDefenderSecurityCenter/Phone**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1143,9 +1182,10 @@ ADMX Info:
-The phone number or Skype ID that is displayed to users. Skype is used to initiate the call. If you disable or don't configure this setting, or don't have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices won't display contact options.
+The phone number or Skype ID that is displayed to users. Skype is used to initiate the call. If you disable or don't configure this setting, or don't have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices won't display contact options.
-Value type is string. Supported operations are Add, Get, Replace, and Delete.
+- Supported value type is string.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -1165,11 +1205,13 @@ ADMX Info:
**WindowsDefenderSecurityCenter/URL**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1189,7 +1231,8 @@ ADMX Info:
The help portal URL that is displayed to users. The default browser is used to initiate this action. If you disable or don't configure this setting, or don't have EnableCustomizedToasts or EnableInAppCustomization enabled, then the device won't display contact options.
-Value type is string. Supported operations are Add, Get, Replace, and Delete.
+- Supported value type is string.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -1205,3 +1248,7 @@ ADMX Info:
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
index 6daf010d04..b6cd4ac1ab 100644
--- a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
+++ b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
@@ -14,7 +14,6 @@ manager: dansimp
# Policy CSP - WindowsInkWorkspace
-
@@ -29,18 +28,19 @@ manager: dansimp
-
**WindowsInkWorkspace/AllowSuggestedAppsInWindowsInkWorkspace**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -84,11 +84,13 @@ The following list shows the supported values:
**WindowsInkWorkspace/AllowWindowsInkWorkspace**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -119,7 +121,7 @@ ADMX Info:
-Value type is int. The following list shows the supported values:
+Supported value type is int. The following list shows the supported values:
- 0 - access to ink workspace is disabled. The feature is turned off.
- 1 - ink workspace is enabled (feature is turned on), but the user cannot access it above the lock screen.
@@ -131,3 +133,6 @@ Value type is int. The following list shows the supported values:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md
index 4998d7eaf9..4951a14248 100644
--- a/windows/client-management/mdm/policy-csp-windowslogon.md
+++ b/windows/client-management/mdm/policy-csp-windowslogon.md
@@ -14,8 +14,6 @@ manager: dansimp
# Policy CSP - WindowsLogon
-
-
@@ -52,18 +50,19 @@ manager: dansimp
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
**WindowsLogon/AllowAutomaticRestartSignOn**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -120,11 +119,13 @@ ADMX Info:
**WindowsLogon/ConfigAutomaticRestartSignOn**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -181,11 +182,13 @@ ADMX Info:
**WindowsLogon/DisableLockScreenAppNotifications**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -227,11 +230,13 @@ ADMX Info:
**WindowsLogon/DontDisplayNetworkSelectionUI**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -298,11 +303,13 @@ ADMX Info:
**WindowsLogon/EnableFirstLogonAnimation**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -359,11 +366,13 @@ Supported values:
**WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -405,11 +414,13 @@ ADMX Info:
**WindowsLogon/HideFastUserSwitching**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -457,3 +468,6 @@ To validate on Desktop, do the following steps:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-windowspowershell.md b/windows/client-management/mdm/policy-csp-windowspowershell.md
index 13e24a3f5d..2aa49f3cfb 100644
--- a/windows/client-management/mdm/policy-csp-windowspowershell.md
+++ b/windows/client-management/mdm/policy-csp-windowspowershell.md
@@ -14,8 +14,6 @@ manager: dansimp
# Policy CSP - WindowsPowerShell
-
-
@@ -34,11 +32,13 @@ manager: dansimp
**WindowsPowerShell/TurnOnPowerShellScriptBlockLogging**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -57,19 +57,18 @@ manager: dansimp
-This policy setting enables logging of all PowerShell script input to the Microsoft-Windows-PowerShell/Operational event log. If you enable this policy setting,
-Windows PowerShell will log the processing of commands, script blocks, functions, and scripts - whether invoked interactively, or through automation.
+This policy setting enables logging of all PowerShell script input to the Microsoft-Windows-PowerShell/Operational event log. If you enable this policy setting, Windows PowerShell will log the processing of commands, script blocks, functions, and scripts - whether invoked interactively, or through automation.
If you disable this policy setting, logging of PowerShell script input is disabled.
-If you enable the Script Block Invocation Logging, PowerShell additionally logs events when invocation of a command, script block, function, or script
-starts or stops. Enabling Invocation Logging generates a high volume of event logs.
+If you enable the Script Block Invocation Logging, PowerShell additionally logs events when invocation of a command, script block, function, or script starts or stops. Enabling Invocation Logging generates a high volume of event logs.
-Note: This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.
+> [!NOTE]
+> This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
@@ -86,6 +85,8 @@ ADMX Info:
-
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-windowssandbox.md b/windows/client-management/mdm/policy-csp-windowssandbox.md
index 02edfd6f6e..8a946c0358 100644
--- a/windows/client-management/mdm/policy-csp-windowssandbox.md
+++ b/windows/client-management/mdm/policy-csp-windowssandbox.md
@@ -39,7 +39,6 @@ ms.date: 10/14/2020
-
@@ -48,11 +47,13 @@ ms.date: 10/14/2020
Available in the latest Windows 10 insider preview build.
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -118,11 +119,13 @@ The following are the supported values:
Available in the latest Windows 10 insider preview build.
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -142,7 +145,7 @@ Available in the latest Windows 10 insider preview build.
This policy setting allows the IT admin to enable or disable sharing of the host clipboard with the sandbox.
-If this policy isn't configured, end-users get the default behavior (clipboard redirection enabled.
+If this policy isn't configured, end-users get the default behavior (clipboard redirection enabled).
If clipboard sharing is disabled, a user won't be able to enable clipboard sharing from their own configuration file.
@@ -185,11 +188,13 @@ The following are the supported values:
Available in the latest Windows 10 insider preview build.
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -250,11 +255,13 @@ The following are the supported values:
Available in the latest Windows 10 insider preview build.
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -272,7 +279,7 @@ Available in the latest Windows 10 insider preview build.
-This policy setting allows the IT admin to enable or disable printer sharing from the host into the Sandbox.
+This policy setting allows the IT admin to enable or disable printer sharing from the host into the Sandbox.
If this policy isn't configured, end-users get the default behavior (printer sharing disabled).
@@ -316,11 +323,13 @@ The following are the supported values:
Available in the latest Windows 10 insider preview build.
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -385,11 +394,13 @@ The following are the supported values:
Available in the latest Windows 10 insider preview build.
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -448,3 +459,7 @@ The following are the supported values:
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-wirelessdisplay.md b/windows/client-management/mdm/policy-csp-wirelessdisplay.md
index ac5e6d69fd..54953f93ee 100644
--- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md
+++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md
@@ -56,11 +56,13 @@ manager: dansimp
**WirelessDisplay/AllowMdnsAdvertisement**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -96,11 +98,13 @@ The following list shows the supported values:
**WirelessDisplay/AllowMdnsDiscovery**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -136,11 +140,13 @@ The following list shows the supported values:
**WirelessDisplay/AllowMovementDetectionOnInfrastructure**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -183,11 +189,13 @@ The following list shows the supported values:
**WirelessDisplay/AllowProjectionFromPC**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -223,11 +231,13 @@ The following list shows the supported values:
**WirelessDisplay/AllowProjectionFromPCOverInfrastructure**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -263,11 +273,13 @@ The following list shows the supported values:
**WirelessDisplay/AllowProjectionToPC**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -289,7 +301,7 @@ Allow or disallow turning off the projection to a PC.
If you set it to 0 (zero), your PC isn't discoverable and you can't project to it. If you set it to 1, your PC is discoverable and you can project to it above the lock screen. The user has an option to turn it always on or always off except for manual launch. In PCs that support Miracast, after the policy is applied you can verify the setting from the user interface in **Settings** > **System** > **Projecting to this PC**.
-Value type is integer.
+Supported value type is integer.
@@ -315,11 +327,13 @@ The following list shows the supported values:
**WirelessDisplay/AllowProjectionToPCOverInfrastructure**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -355,11 +369,13 @@ The following list shows the supported values:
**WirelessDisplay/AllowUserInputFromWirelessDisplayReceiver**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -395,11 +411,13 @@ The following list shows the supported values:
**WirelessDisplay/RequirePinForPairing**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -421,7 +439,7 @@ Allow or disallow requirement for a PIN for pairing.
If you turn on this policy, the pairing ceremony for new devices will always require a PIN. If you turn off this policy or don't configure it, a PIN isn't required for pairing. In PCs that support Miracast, after the policy is applied you can verify the setting from the user interface in **Settings** > **System** > **Projecting to this PC**.
-Value type is integer.
+Supported value type is integer.
@@ -444,3 +462,7 @@ The following list shows the supported values:
+CSP Article:
+
+## Related topics
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-ddf-file.md b/windows/client-management/mdm/policy-ddf-file.md
index 4294786148..bffc844378 100644
--- a/windows/client-management/mdm/policy-ddf-file.md
+++ b/windows/client-management/mdm/policy-ddf-file.md
@@ -1,7 +1,6 @@
---
title: Policy DDF file
description: Learn about the OMA DM device description framework (DDF) for the Policy configuration service provider.
-ms.assetid: D90791B5-A772-4AF8-B058-5D566865AF8D
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/policymanager-csp.md b/windows/client-management/mdm/policymanager-csp.md
deleted file mode 100644
index ecef629054..0000000000
--- a/windows/client-management/mdm/policymanager-csp.md
+++ /dev/null
@@ -1,29 +0,0 @@
----
-title: PolicyManager CSP
-description: Learn how PolicyManager CSP is deprecated. For Windows 10 devices you should use Policy CSP, which replaces PolicyManager CSP.
-ms.assetid: 048427b1-6024-4660-8660-bd91c583f7f9
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: dansimp
-ms.date: 06/28/2017
----
-
-# PolicyManager CSP
-
-PolicyManager CSP is deprecated. Use [Policy CSP](policy-configuration-service-provider.md) instead.
-
-
-
-## Related articles
-
-[Policy CSP](policy-configuration-service-provider.md)
-
-[Configuration service provider reference](configuration-service-provider-reference.md)
diff --git a/windows/client-management/mdm/provisioning-csp.md b/windows/client-management/mdm/provisioning-csp.md
index 6e19fc3072..cf2bf86897 100644
--- a/windows/client-management/mdm/provisioning-csp.md
+++ b/windows/client-management/mdm/provisioning-csp.md
@@ -1,7 +1,6 @@
---
title: Provisioning CSP
description: The Provisioning configuration service provider is used for bulk user enrollment to an MDM service.
-ms.assetid: 5D6C17BE-727A-4AFA-9F30-B34C1EA1D2AE
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,6 +13,16 @@ ms.date: 06/26/2017
# Provisioning CSP
+The table below shows the applicability of Windows:
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
The Provisioning configuration service provider is used for bulk user enrollment to an MDM service.
diff --git a/windows/client-management/mdm/proxy-csp.md b/windows/client-management/mdm/proxy-csp.md
deleted file mode 100644
index 33a8847c7f..0000000000
--- a/windows/client-management/mdm/proxy-csp.md
+++ /dev/null
@@ -1,127 +0,0 @@
----
-title: PROXY CSP
-description: Learn how the PROXY configuration service provider (CSP) is used to configure proxy connections.
-ms.assetid: 9904d44c-4a1e-4ae7-a6c7-5dba06cb16ce
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: dansimp
-ms.date: 06/26/2017
----
-
-# PROXY CSP
-
-
-The PROXY configuration service provider is used to configure proxy connections.
-
-> [!NOTE]
-> Use [CM\_ProxyEntries CSP](cm-proxyentries-csp.md) instead of PROXY CSP, which will be deprecated in a future release.
-
-This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_NETWORKING\_ADMIN capabilities to be accessed from a network configuration application.
-
-For the PROXY CSP, you can't use the Replace command unless the node already exists.
-
-The following example shows the PROXY configuration service provider management object in tree format as used by OMA DM. The OMA Client Provisioning protocol isn't supported by this configuration service provider.
-
-```
-./Vendor/MSFT/Proxy
-----*
---------ProxyId
---------Name
---------AddrType
---------Addr
---------AddrFQDN
---------ConRefs
-------------*
-----------------ConRef
---------Domains
-------------*
-----------------DomainName
---------Ports
-------------*
-----------------PortNbr
-----------------Services
---------------------*
-------------------------ServiceName
---------ProxyType
---------ProxyParams
-------------WAP
-----------------Trust
-----------------PushEnabled
---------Ext
-------------Microsoft
-----------------Guid
-```
-
-**./Vendor/MSFT/Proxy**
-Root node for the proxy connection.
-
-***ProxyName***
-Defines the name of a proxy connection.
-
-It's recommended that this element name is specified as a numbered node beginning at zero. For example, to provision two proxy connections, use "PROXY0" and "PROXY1" as the element names. Any unique name can be used if desired (such as "GPRS-NAP"), but no spaces may appear in the name (use %20 instead).
-
-The addition, update, and deletion of this subtree of nodes have to be specified in a single atomic transaction.
-
-***ProxyName*/PROXYID**
-Specifies the unique identifier of the proxy connection.
-
-***ProxyName*/NAME**
-Specifies the user-friendly name of the proxy connection.
-
-***ProxyName*/ADDR**
-Specifies the address of the proxy server.
-
-This value may be the network name of the server, or any other string (such as an IP address) used to uniquely identify the proxy connection.
-
-***ProxyName*/ADDRTYPE**
-Specifies the type of address used to identify the proxy server.
-
-The valid values are IPV4, IPV6, E164, ALPHA.
-
-***ProxyName*/PROXYTYPE**
-Specifies the type of proxy connection.
-
-Depending on the ProxyID, the valid values are ISA, WAP, SOCKS, or NULL.
-
-***ProxyName*/Ports**
-Node for port information.
-
-***ProxyName*/Ports/_PortName_**
-Defines the name of a port.
-
-It's recommended that this element name is specified as a numbered node beginning at zero. For example, to provision two ports, use "PORT0" and "PORT1" as the element names.
-
-***ProxyName*/Ports/*PortName*/PortNbr**
-Specifies the port number to be associated with the parent port.
-
-***ProxyName*/Ports/*PortName*/Services**
-Node for services information.
-
-***ProxyName*/Ports/Services/_ServiceName_**
-Defines the name of a service.
-
-It's recommended that this element name is specified as a numbered node beginning at zero. For example, to provision two services, use "SERVICE0" and "SERVICE1" as the element names.
-
-***ProxyName*/Ports/Services/*ServiceName*/ServiceName**
-Specifies the protocol to be associated with the parent port.
-
-One commonly used value is "HTTP".
-
-***ProxyName*/ConRefs**
-Node for connection reference information
-
-***ProxyName*/ConRefs/_ConRefName_**
-Defines the name of a connection reference.
-
-It's recommended that this element name is specified as a numbered node beginning at zero. For example, to provision two connection references, use "CONREF0" and "CONREF1" as the element names.
-
-***ProxyName*/ConRefs/*ConRefName*/ConRef**
-Specifies one single connectivity object associated with the proxy connection.
-
-## Related topics
-
-[Configuration service provider reference](configuration-service-provider-reference.md)
diff --git a/windows/client-management/mdm/push-notification-windows-mdm.md b/windows/client-management/mdm/push-notification-windows-mdm.md
index 43c7d7baf5..5c41f9aa36 100644
--- a/windows/client-management/mdm/push-notification-windows-mdm.md
+++ b/windows/client-management/mdm/push-notification-windows-mdm.md
@@ -4,7 +4,6 @@ description: The DMClient CSP supports the ability to configure push-initiated d
MS-HAID:
- 'p\_phdevicemgmt.push\_notification\_support\_for\_device\_management'
- 'p\_phDeviceMgmt.push\_notification\_windows\_mdm'
-ms.assetid: 9031C4FE-212A-4481-A1B0-4C3190B388AE
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/pxlogical-csp.md b/windows/client-management/mdm/pxlogical-csp.md
index cc8752d76b..cae3527452 100644
--- a/windows/client-management/mdm/pxlogical-csp.md
+++ b/windows/client-management/mdm/pxlogical-csp.md
@@ -1,7 +1,6 @@
---
title: PXLOGICAL configuration service provider
description: The PXLOGICAL configuration service provider is used to add, remove, or modify WAP logical and physical proxies by using WAP or the standard Windows techniques.
-ms.assetid: b5fc84d4-aa32-4edd-95f1-a6a9c0feb459
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,7 +13,6 @@ ms.date: 06/26/2017
# PXLOGICAL configuration service provider
-
The PXLOGICAL configuration service provider is used to add, remove, or modify WAP logical and physical proxies by using WAP or the standard Windows techniques.
> [!NOTE]
@@ -45,9 +43,9 @@ PXLOGICAL
-------TO-NAPID
```
-
The following example shows the PXLOGICAL configuration service provider management object in tree format as used by OMA Client Provisioning for updating the bootstrapping of the device. The OMA DM protocol isn't supported by this configuration service provider.
+
```console
PXLOGICAL
--PROXY-ID
diff --git a/windows/client-management/mdm/reboot-csp.md b/windows/client-management/mdm/reboot-csp.md
index 95d4d915de..1934327705 100644
--- a/windows/client-management/mdm/reboot-csp.md
+++ b/windows/client-management/mdm/reboot-csp.md
@@ -1,7 +1,6 @@
---
title: Reboot CSP
description: Learn how the Reboot configuration service provider (CSP) is used to configure reboot settings.
-ms.assetid: 4E3F1225-BBAD-40F5-A1AB-FF221B6BAF48
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,10 +13,21 @@ ms.date: 06/26/2017
# Reboot CSP
+The table below shows the applicability of Windows:
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
The Reboot configuration service provider is used to configure reboot settings.
The following shows the Reboot configuration service provider management objects in tree format as used by Open Mobile Alliance Device Management (OMA DM), OMA Client Provisioning, and Enterprise DM.
+
```
./Device/Vendor/MSFT
Reboot
@@ -26,41 +36,44 @@ Reboot
--------Single
--------DailyRecurrent
```
-**./Vendor/MSFT/Reboot**
-
The root node for the Reboot configuration service provider.
-
The supported operation is Get.
+**./Vendor/MSFT/Reboot**
+
+The root node for the Reboot configuration service provider.
+
+The supported operation is Get.
**RebootNow**
-
This node executes a reboot of the device. RebootNow triggers a reboot within 5 minutes to allow the user to wrap up any active work.
+
+This node executes a reboot of the device. RebootNow triggers a reboot within 5 minutes to allow the user to wrap up any active work.
> [!NOTE]
> If this node is set to execute during a sync session, the device will reboot at the end of the sync session.
-
The supported operations are Execute and Get.
+The supported operations are Execute and Get.
**Schedule**
-
The supported operation is Get.
+
+The supported operation is Get.
**Schedule/Single**
-
This node will execute a reboot at a scheduled date and time. The date and time value is **ISO 8601**, and both the date and time are required.
-Example to configure: 2018-10-25T18:00:00
+
+This node will execute a reboot at a scheduled date and time. The date and time value is **ISO 8601**, and both the date and time are required.
+Example to configure: 2018-10-25T18:00:00
Setting a null (empty) date will delete the existing schedule. In accordance with the ISO 8601 format, the date and time representation needs to be 0000-00-00T00:00:00.
-
The supported operations are Get, Add, Replace, and Delete.
-
-
The supported data type is "String".
+- The supported operations are Get, Add, Replace, and Delete.
+- The supported data type is "String".
**Schedule/DailyRecurrent**
-
This node will execute a reboot each day at a scheduled time starting at the configured starting time and date. Setting a null (empty) date will delete the existing schedule. The date and time value is ISO8601, and both the date and time are required. The CSP will return the date time in the following format: 2018-06-29T10:00:00+01:00.
-Example to configure: 2018-10-25T18:00:00
-
The supported operations are Get, Add, Replace, and Delete.
+This node will execute a reboot each day at a scheduled time starting at the configured starting time and date. Setting a null (empty) date will delete the existing schedule. The date and time value is ISO8601, and both the date and time are required. The CSP will return the date time in the following format: 2018-06-29T10:00:00+01:00.
+Example to configure: 2018-10-25T18:00:00
-
The supported data type is "String".
+- The supported operations are Get, Add, Replace, and Delete.
+- The supported data type is "String".
## Related topics
-
[Configuration service provider reference](configuration-service-provider-reference.md)
diff --git a/windows/client-management/mdm/reboot-ddf-file.md b/windows/client-management/mdm/reboot-ddf-file.md
index aa6d711c71..ec6084c3b0 100644
--- a/windows/client-management/mdm/reboot-ddf-file.md
+++ b/windows/client-management/mdm/reboot-ddf-file.md
@@ -1,7 +1,6 @@
---
title: Reboot DDF file
description: This topic shows the OMA DM device description framework (DDF) for the Reboot configuration service provider. DDF files are used only with OMA DM provisioning XML.
-ms.assetid: ABBD850C-E744-462C-88E7-CA3F43D80DB1
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,7 +13,6 @@ ms.date: 12/05/2017
# Reboot DDF file
-
This topic shows the OMA DM device description framework (DDF) for the **Reboot** configuration service provider. DDF files are used only with OMA DM provisioning XML.
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
@@ -147,8 +145,7 @@ The XML below is the current version for this CSP.
## Related topics
-
-[Reboot configuration service provider](reboot-csp.md)
+[Reboot CSP](reboot-csp.md)
diff --git a/windows/client-management/mdm/reclaim-seat-from-user.md b/windows/client-management/mdm/reclaim-seat-from-user.md
index 89bfa7164d..c5f35430d4 100644
--- a/windows/client-management/mdm/reclaim-seat-from-user.md
+++ b/windows/client-management/mdm/reclaim-seat-from-user.md
@@ -1,7 +1,6 @@
---
title: Reclaim seat from user
description: The Reclaim seat from user operation returns reclaimed seats for a user in the Microsoft Store for Business.
-ms.assetid: E2C3C899-D0AD-469A-A319-31A420472A4C
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md b/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md
index 0d32ea3135..a51ff42cae 100644
--- a/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md
+++ b/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md
@@ -1,7 +1,6 @@
---
title: Register your free Azure Active Directory subscription
description: Paid subscribers to Office 365, Microsoft Dynamics CRM Online, Enterprise Mobility Suite, or other Microsoft services, have a free subscription to Azure AD.
-ms.assetid: 97DCD303-BB11-4AFF-84FE-B7F14CDF64F7
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/remotefind-csp.md b/windows/client-management/mdm/remotefind-csp.md
index 51ce1f0fd5..4453fedf30 100644
--- a/windows/client-management/mdm/remotefind-csp.md
+++ b/windows/client-management/mdm/remotefind-csp.md
@@ -1,7 +1,6 @@
---
title: RemoteFind CSP
description: The RemoteFind configuration service provider retrieves the location information for a particular device.
-ms.assetid: 2EB02824-65BF-4B40-A338-672D219AF5A0
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,6 +13,16 @@ ms.date: 06/26/2017
# RemoteFind CSP
+The table below shows the applicability of Windows:
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
The RemoteFind configuration service provider retrieves the location information for a particular device.
@@ -37,21 +46,24 @@ Optional. The node accepts the requested radius value in meters. Valid values fo
The default value is 50. Replacing this value only replaces it for the current session. The value isn't retained.
-Supported operations are Replace and Get. The Add command isn't supported.
+- Supported operations are Replace and Get.
+- The Add command isn't supported.
**Timeout**
Optional. Value is DWORD in seconds.
The default value is 7, and the range is 0 to 1800 seconds. Replacing this value only replaces it for the current session. The value isn't retained.
-Supported operations are Replace and Get. The Add command isn't supported.
+- Supported operations are Replace and Get.
+- The Add command isn't supported.
**MaximumAge**
Optional. The value represents the desired time window in minutes that the server will accept a successful location retrieval. The node enables the server to set the requested age value in 100 nanoseconds. Valid values for accuracy include any integer value between 0 and 1440 minutes.
The default value is 60. Replacing this value only replaces it for the current session. The value isn't retained.
-Supported operations are Replace and Get. The Add command isn't supported.
+- Supported operations are Replace and Get.
+- The Add command isn't supported.
**Location**
Required. Nodes under this path must be queried atomically in order to succeed. This condition is to prevent servers from querying incomplete sets of data.
@@ -102,7 +114,7 @@ The default value is 0.
Supported operation is Get.
**Age**
-Required. Provides the age in 100 nanoseconds for current location data.
+Required. Provides the age in 100 nanoseconds for the current location data.
The value returned is an integer.
@@ -176,15 +188,4 @@ Supported operation is Get.
## Related topics
-
[Configuration service provider reference](configuration-service-provider-reference.md)
-
-
-
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/remotefind-ddf-file.md b/windows/client-management/mdm/remotefind-ddf-file.md
index e6b61e9477..1cc00be86b 100644
--- a/windows/client-management/mdm/remotefind-ddf-file.md
+++ b/windows/client-management/mdm/remotefind-ddf-file.md
@@ -1,7 +1,6 @@
---
title: RemoteFind DDF file
description: This topic shows the OMA DM device description framework (DDF) for the RemoteFind configuration service provider. DDF files are used only with OMA DM provisioning XML.
-ms.assetid: 5864CBB8-2030-459E-BCF6-9ACB69206FEA
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,7 +13,6 @@ ms.date: 12/05/2017
# RemoteFind DDF file
-
This topic shows the OMA DM device description framework (DDF) for the **RemoteFind** configuration service provider. DDF files are used only with OMA DM provisioning XML.
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
@@ -298,7 +296,9 @@ The XML below is the current version for this CSP.
```
-
+## Related topics
+
+[RemoteFind CSP](remotefind-csp.md)
diff --git a/windows/client-management/mdm/remotering-csp.md b/windows/client-management/mdm/remotering-csp.md
index 548923b5fe..0e0012bb4b 100644
--- a/windows/client-management/mdm/remotering-csp.md
+++ b/windows/client-management/mdm/remotering-csp.md
@@ -1,7 +1,6 @@
---
title: RemoteRing CSP
description: The RemoteRing CSP can be used to remotely trigger a device to produce an audible ringing sound regardless of the volume that's set on the device.
-ms.assetid: 70015243-c07f-46cb-a0f9-4b4ad13a5609
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/remotering-ddf-file.md b/windows/client-management/mdm/remotering-ddf-file.md
deleted file mode 100644
index 763d8b6a90..0000000000
--- a/windows/client-management/mdm/remotering-ddf-file.md
+++ /dev/null
@@ -1,105 +0,0 @@
----
-title: RemoteRing DDF file
-description: This topic shows the OMA DM device description framework (DDF) for the RemoteRing configuration service provider. DDF files are used only with OMA DM provisioning XML.
-ms.assetid: 6815267F-212B-4370-8B72-A457E8000F7B
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: dansimp
-ms.date: 12/05/2017
----
-
-# RemoteRing DDF file
-
-
-This topic shows the OMA DM device description framework (DDF) for the **RemoteRing** configuration service provider. DDF files are used only with OMA DM provisioning XML.
-
-Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
-
-The XML below is the current version for this CSP.
-
-```xml
-
-]>
-
- 1.2
-
- RemoteRing
- ./User/Vendor/MSFT
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Ring
-
-
-
-
- Required. The node accepts requests to ring the device. The supported operation is Exec
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
-
- Root
- ./Device/Vendor/MSFT
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-```
-
-
-
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/remotewipe-csp.md b/windows/client-management/mdm/remotewipe-csp.md
index 1ff78fcccf..39a3e28d9e 100644
--- a/windows/client-management/mdm/remotewipe-csp.md
+++ b/windows/client-management/mdm/remotewipe-csp.md
@@ -1,7 +1,6 @@
---
title: RemoteWipe CSP
description: Learn how the RemoteWipe configuration service provider (CSP) can be used by mobile operators DM server or enterprise management server to remotely wipe a device.
-ms.assetid: 6e89bd37-7680-4940-8a67-11ed062ffb70
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,6 +13,16 @@ ms.date: 08/13/2018
# RemoteWipe CSP
+The table below shows the applicability of Windows:
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
The RemoteWipe configuration service provider can be used by mobile operators DM server or enterprise management server to remotely wipe a device. The RemoteWipe configuration service provider can make the data stored in memory and hard disks difficult to recover if the device is remotely wiped after being lost or stolen.
@@ -40,10 +49,10 @@ Supported operation is Exec.
**doWipePersistProvisionedData**
Specifies that provisioning data should be backed up to a persistent location, and then a remote wipe of the device should be performed.
-Supported operation is Exec.
-
When used with OMA Client Provisioning, a dummy value of "1" should be included for this element.
+Supported operation is Exec.
+
The information that was backed up will be restored and applied to the device when it resumes. The return status code shows whether the device accepted the Exec command.
**doWipeProtected**
@@ -54,7 +63,7 @@ The doWipeProtected is functionally similar to doWipe. But unlike doWipe, which
Supported operation is Exec.
**doWipePersistUserData**
-Added in Windows 10, version 1709. Exec on this node will perform a remote reset on the device and persist user accounts and data. The return status code shows whether the device accepted the Exec command.
+Added in Windows 10, version 1709. Exec on this node will perform a remote reset on the device, and persist user accounts and data. The return status code shows whether the device accepted the Exec command.
**AutomaticRedeployment**
Added in Windows 10, version 1809. Node for the Autopilot Reset operation.
@@ -71,7 +80,7 @@ Added in Windows 10, version 1809. Status value indicating current state of an A
Supported values:
- 0: Never run (not started). The default state.
-- 1: Complete.
+- 1: Complete.
- 10: Reset has been scheduled.
- 20: Reset is scheduled and waiting for a reboot.
- 30: Failed during CSP Execute ("Exec" in SyncML).
@@ -80,7 +89,6 @@ Supported values:
## Related topics
-
[Configuration service provider reference](configuration-service-provider-reference.md)
diff --git a/windows/client-management/mdm/remotewipe-ddf-file.md b/windows/client-management/mdm/remotewipe-ddf-file.md
index b423d893d9..b78051384b 100644
--- a/windows/client-management/mdm/remotewipe-ddf-file.md
+++ b/windows/client-management/mdm/remotewipe-ddf-file.md
@@ -1,7 +1,6 @@
---
title: RemoteWipe DDF file
description: Learn about the OMA DM device description framework (DDF) for the RemoteWipe configuration service provider.
-ms.assetid: 10ec4fb7-f911-4d0c-9a8f-e96bf5faea0c
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,7 +13,6 @@ ms.date: 08/13/2018
# RemoteWipe DDF file
-
This topic shows the OMA DM device description framework (DDF) for the **RemoteWipe** configuration service provider. DDF files are used only with OMA DM provisioning XML.
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
@@ -109,7 +107,7 @@ The XML below is the DDF for Windows 10, version 1809.
text/plain
- Exec on this node will perform a remote wipe on the device and fully clean the internal drive. In some device configurations, this command may leave the device unable to boot. The return status code shows whether the device accepted the Exec command.
+ Exec on this node will perform a remote wipe on the device, and fully clean the internal drive. In some device configurations, this command may leave the device unable to boot. The return status code shows whether the device accepted the Exec command.
@@ -221,3 +219,7 @@ The XML below is the DDF for Windows 10, version 1809.
```
+
+## Related topics
+
+[RemoteWipe CSP](remotewipe-csp.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/reporting-csp.md b/windows/client-management/mdm/reporting-csp.md
index 3167a33adc..b35de0f323 100644
--- a/windows/client-management/mdm/reporting-csp.md
+++ b/windows/client-management/mdm/reporting-csp.md
@@ -1,7 +1,6 @@
---
title: Reporting CSP
description: The Reporting configuration service provider is used to retrieve Windows Information Protection (formerly known as Enterprise Data Protection) and security auditing logs.
-ms.assetid: 148441A6-D9E1-43D8-ADEE-FB62E85A39F7
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,6 +13,16 @@ ms.date: 06/26/2017
# Reporting CSP
+The table below shows the applicability of Windows:
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
The Reporting configuration service provider is used to retrieve Windows Information Protection (formerly known as Enterprise Data Protection) and security auditing logs. This CSP was added in Windows 10, version 1511.
@@ -36,7 +45,7 @@ Reporting
```
**Reporting**
-Root node.
+The root node for the reporting configuration service provider.
**Reporting/EnterpriseDataProtection**
Interior node for retrieving the Windows Information Protection (formerly known as Enterprise Data Protection) logs.
@@ -62,37 +71,32 @@ Interior node for retrieving a specified number of logs from the StartTime. The
**Logs**
Contains the reporting logs.
-Value type is XML.
-
-Supported operation is Get.
+- Value type is XML.
+- Supported operation is Get.
**StartTime**
Specifies the starting time for retrieving logs.
-Value type is string. Use ISO 8601 format.
-
-Supported operations are Get and Replace.
+- Value type is string. Use ISO 8601 format.
+- Supported operations are Get and Replace.
**StopTime**
Specifies the ending time for retrieving logs.
-Value type is string. Use ISO 8601 format.
-
-Supported operations are Get and Replace.
+- Value type is string. Use ISO 8601 format.
+- Supported operations are Get and Replace.
**Type**
-Added in Windows 10, version 1703. Specifies the type of logs to retrieve. You can use this policy to retrieve the WIP learning logs.
+Added in Windows 10, version 1703. Specifies the type of logs to retrieve. You can use this policy to retrieve the Windows Information Protection learning logs.
-Value type is integer.
-
-Supported operations are Get and Replace.
+- Value type is integer.
+- Supported operations are Get and Replace.
**LogCount**
Specifies the number of logs to retrieve from the StartTime.
-Value type is int.
-
-Supported operations are Get and Replace.
+- Value type is int.
+- Supported operations are Get and Replace.
## Example
@@ -170,4 +174,8 @@ Retrieve a specified number of security auditing logs starting from the specifie
```
--->
\ No newline at end of file
+-->
+
+## Related topics
+
+[Configuration service provider reference](configuration-service-provider-reference.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/reporting-ddf-file.md b/windows/client-management/mdm/reporting-ddf-file.md
index d5d716e6bb..ac2bc0f113 100644
--- a/windows/client-management/mdm/reporting-ddf-file.md
+++ b/windows/client-management/mdm/reporting-ddf-file.md
@@ -1,7 +1,6 @@
---
title: Reporting DDF file
description: View the OMA DM device description framework (DDF) for the Reporting configuration service provider.
-ms.assetid: 7A5B79DB-9571-4F7C-ABED-D79CD08C1E35
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,7 +13,6 @@ ms.date: 12/05/2017
# Reporting DDF file
-
This topic shows the OMA DM device description framework (DDF) for the Reporting configuration service provider. This CSP was added in Windows 10, version 1511. Support for desktop security auditing was added for the desktop in Windows 10, version 1607.
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
@@ -73,7 +71,7 @@ The XML below is the current version for the desktop CSP.
- A time range is supported by setting a start and stop time in ISO 8601 format. If the start/stop value is not preset and a GetValue is called to RetrieveByTimeRange then the missing values will be interpreted as either the first existing or the last existing. For example, not setting a start date and setting an end date will return all known logs that exist before the end date. Setting a start date but not an end date will return all the logs that exist from the start date. Not setting a start and end date will return all logs.
+ A time range is supported by setting a start and stop time in ISO 8601 format. If the start/stop value is not preset and a GetValue is called to RetrieveByTimeRange, then the missing values will be interpreted as either the first existing or the last existing. For example, not setting a start date, and setting an end date will return all known logs that exist before the end date. Setting a start date but not an end date will return all the logs that exist from the start date. Not setting a start and end date will return all logs.
@@ -159,7 +157,7 @@ The XML below is the current version for the desktop CSP.
0
- Specifies the type of logs to retrieve
+ Specifies the type of logs to retrieve.
@@ -181,7 +179,7 @@ The XML below is the current version for the desktop CSP.
- The count range will return the configured number of logs starting from the StartTime value. The start time is expressed in ISO8601 formt. The caller will configure the number of desired logs by calling set on the LogCount and StartTime, then retrieve the logs by calling get on Logs node. The call will return the number of desired logs or less if the total number of logs are less than the desired number of logs. The logs are returned from StartTime forward.
+ The count range will return the configured number of logs starting from the StartTime value. The start time is expressed in ISO8601 format. The caller will configure the number of desired logs by calling set on the LogCount and StartTime, and then retrieve the logs by calling get on Logs node. The call will return the number of desired logs or less, if the total number of logs are less than the desired number of logs. The logs are returned from StartTime forward.
@@ -266,7 +264,7 @@ The XML below is the current version for the desktop CSP.
0
- Specifies the type of logs to retrieve
+ Specifies the type of logs to retrieve.
@@ -286,13 +284,8 @@ The XML below is the current version for the desktop CSP.
```
-
+## Related topics
-
-
-
-
-
-
-
+[Reporting CSP](reporting-csp.md)
+
\ No newline at end of file
diff --git a/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md b/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md
index db7f1cc835..ef51421942 100644
--- a/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md
+++ b/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md
@@ -4,7 +4,6 @@ description: Learn how the REST API reference for Microsoft Store for Business i
MS-HAID:
- 'p\_phdevicemgmt.business\_store\_portal\_management\_rest\_api\_reference'
- 'p\_phDeviceMgmt.rest\_api\_reference\_windows\_store\_for\_Business'
-ms.assetid: 8C48A879-525A-471F-B0FD-506E743A7D2F
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/rootcacertificates-csp.md b/windows/client-management/mdm/rootcacertificates-csp.md
index 3b298a1606..cbfbf19ba1 100644
--- a/windows/client-management/mdm/rootcacertificates-csp.md
+++ b/windows/client-management/mdm/rootcacertificates-csp.md
@@ -1,7 +1,6 @@
---
title: RootCATrustedCertificates CSP
description: Learn how the RootCATrustedCertificates configuration service provider (CSP) enables the enterprise to set the Root Certificate Authority (CA) certificates.
-ms.assetid: F2F25DEB-9DB3-40FB-BC3C-B816CE470D61
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,13 +13,22 @@ ms.date: 03/06/2018
# RootCATrustedCertificates CSP
+The table below shows the applicability of Windows:
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
The RootCATrustedCertificates configuration service provider enables the enterprise to set the Root Certificate Authority (CA) certificates.
> [!Note]
> The **./User/** configuration is not supported for **RootCATrustedCertificates/Root/**.
-
The following example shows the RootCATrustedCertificates configuration service provider in tree format.
Detailed specification of the principal root nodes:
@@ -61,13 +69,13 @@ RootCATrustedCertificates
------------TemplateName
```
**Device or User**
-For device certificates, use **./Device/Vendor/MSFT** path and for user certificates use **./User/Vendor/MSFT** path.
+For device certificates, use **./Device/Vendor/MSFT** path, and for user certificates use **./User/Vendor/MSFT** path.
**RootCATrustedCertificates**
The root node for the RootCATrustedCertificates configuration service provider.
**RootCATrustedCertificates/Root/**
-Defines the certificate store that contains root, or self-signed certificates, in this case, the computer store.
+Defines the certificate store that contains root or self-signed certificates, in this case, the computer store.
> [!Note]
> The **./User/** configuration is not supported for **RootCATrustedCertificates/Root/**.
@@ -89,34 +97,24 @@ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certifi
The following nodes are all common to the **_CertHash_** node:
-**/EncodedCertificate**
-Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value can't include extra formatting characters such as embedded linefeeds, etc. The supported operations are Add, Get, and Replace.
+- **/EncodedCertificate**
+Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc. The supported operations are Add, Get, and Replace.
-**/IssuedBy**
+- **/IssuedBy**
Returns the name of the certificate issuer. This name is equivalent to the **Issuer** member in the CERT\_INFO data structure. The only supported operation is Get.
-**/IssuedTo**
+- **/IssuedTo**
Returns the name of the certificate subject. This name is equivalent to the **Subject** member in the CERT\_INFO data structure. The only supported operation is Get.
-**/ValidFrom**
+- **/ValidFrom**
Returns the starting date of the certificate's validity. This date is equivalent to the **NotBefore** member in the CERT\_INFO data structure. The only supported operation is Get.
-**/ValidTo**
+- **/ValidTo**
Returns the expiration date of the certificate. This date is equivalent to the **NotAfter** member in the CERT\_INFO data structure. The only supported operation is Get.
-**/TemplateName**
+- **/TemplateName**
Returns the certificate template name. The only supported operation is Get.
## Related topics
[Configuration service provider reference](configuration-service-provider-reference.md)
-
-
-
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/rootcacertificates-ddf-file.md b/windows/client-management/mdm/rootcacertificates-ddf-file.md
index 78f3e0b69e..cc11893ef0 100644
--- a/windows/client-management/mdm/rootcacertificates-ddf-file.md
+++ b/windows/client-management/mdm/rootcacertificates-ddf-file.md
@@ -1,7 +1,6 @@
---
title: RootCATrustedCertificates DDF file
description: Learn about the OMA DM device description framework (DDF) for the RootCACertificates configuration service provider (CSP).
-ms.assetid: 06D8787B-D3E1-4D4B-8A21-8045A8F85C1C
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,7 +13,6 @@ ms.date: 03/07/2018
# RootCATrustedCertificates DDF file
-
This topic shows the OMA DM device description framework (DDF) for the **RootCACertificates** configuration service provider. DDF files are used only with OMA DM provisioning XML.
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
@@ -77,7 +75,7 @@ The XML below is for Windows 10, version 1803.
- Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value
+ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value.
@@ -127,7 +125,7 @@ The XML below is for Windows 10, version 1803.
- Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure.
+ Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure.
@@ -199,7 +197,7 @@ The XML below is for Windows 10, version 1803.
- Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure
+ Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure.
@@ -272,7 +270,7 @@ The XML below is for Windows 10, version 1803.
- Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value
+ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value.
@@ -319,7 +317,7 @@ The XML below is for Windows 10, version 1803.
- Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure.
+ Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure.
@@ -382,7 +380,7 @@ The XML below is for Windows 10, version 1803.
- Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure
+ Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure.
@@ -449,7 +447,7 @@ The XML below is for Windows 10, version 1803.
- Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value
+ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value.
@@ -499,7 +497,7 @@ The XML below is for Windows 10, version 1803.
- Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure.
+ Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure.
@@ -571,7 +569,7 @@ The XML below is for Windows 10, version 1803.
- Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure
+ Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure.
@@ -644,7 +642,7 @@ The XML below is for Windows 10, version 1803.
- Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value
+ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value.
@@ -694,7 +692,7 @@ The XML below is for Windows 10, version 1803.
- Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure.
+ Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure.
@@ -766,7 +764,7 @@ The XML below is for Windows 10, version 1803.
- Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure
+ Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure.
@@ -839,7 +837,7 @@ The XML below is for Windows 10, version 1803.
- Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value
+ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value.
@@ -889,7 +887,7 @@ The XML below is for Windows 10, version 1803.
- Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure.
+ Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure.
@@ -961,7 +959,7 @@ The XML below is for Windows 10, version 1803.
- Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure
+ Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure.
@@ -1055,7 +1053,7 @@ The XML below is for Windows 10, version 1803.
- Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value
+ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value.
@@ -1105,7 +1103,7 @@ The XML below is for Windows 10, version 1803.
- Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure.
+ Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure.
@@ -1177,7 +1175,7 @@ The XML below is for Windows 10, version 1803.
- Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure
+ Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure.
@@ -1250,7 +1248,7 @@ The XML below is for Windows 10, version 1803.
- Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value
+ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value.
@@ -1297,7 +1295,7 @@ The XML below is for Windows 10, version 1803.
- Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure.
+ Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure.
@@ -1360,7 +1358,7 @@ The XML below is for Windows 10, version 1803.
- Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure
+ Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure.
@@ -1427,7 +1425,7 @@ The XML below is for Windows 10, version 1803.
- Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value
+ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value.
@@ -1477,7 +1475,7 @@ The XML below is for Windows 10, version 1803.
- Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure.
+ Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure.
@@ -1549,7 +1547,7 @@ The XML below is for Windows 10, version 1803.
- Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure
+ Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure.
@@ -1622,7 +1620,7 @@ The XML below is for Windows 10, version 1803.
- Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value
+ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value.
@@ -1672,7 +1670,7 @@ The XML below is for Windows 10, version 1803.
- Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure.
+ Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure.
@@ -1744,7 +1742,7 @@ The XML below is for Windows 10, version 1803.
- Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure
+ Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure.
@@ -1817,7 +1815,7 @@ The XML below is for Windows 10, version 1803.
- Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value
+ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value.
@@ -1867,7 +1865,7 @@ The XML below is for Windows 10, version 1803.
- Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure.
+ Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure.
@@ -1939,7 +1937,7 @@ The XML below is for Windows 10, version 1803.
- Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure
+ Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure.
@@ -1986,3 +1984,7 @@ The XML below is for Windows 10, version 1803.
```
+
+## Related topics
+
+[RootCATrustedCertificates CSP](rootcacertificates-csp.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/secureassessment-csp.md b/windows/client-management/mdm/secureassessment-csp.md
index bdc2932777..b973e23145 100644
--- a/windows/client-management/mdm/secureassessment-csp.md
+++ b/windows/client-management/mdm/secureassessment-csp.md
@@ -1,7 +1,6 @@
---
title: SecureAssessment CSP
description: Learn how the SecureAssessment configuration service provider (CSP) is used to provide configuration information for the secure assessment browser.
-ms.assetid: 6808BE4B-961E-4638-BF15-FD7841D1C00A
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,6 +13,17 @@ ms.date: 06/26/2017
# SecureAssessment CSP
+The table below shows the applicability of Windows:
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
The SecureAssessment configuration service provider is used to provide configuration information for the secure assessment browser.
The following example shows the SecureAssessment configuration service provider management objects in tree format as used by Open Mobile Alliance Device Management (OMA DM), OMA Client Provisioning, and Enterprise DM.
@@ -29,7 +39,7 @@ The root node for the SecureAssessment configuration service provider.
The supported operation is Get.
**LaunchURI**
-URI Link to an assessment that's automatically loaded when the secure assessment browser is launched.
+URI link to an assessment that's automatically loaded when the secure assessment browser is launched.
The supported operations are Add, Delete, Get, and Replace.
@@ -37,7 +47,7 @@ The supported operations are Add, Delete, Get, and Replace.
The user name of the test taking account.
- To specify a domain account, use domain\\user.
-- To specify an AAD account, use username@tenant.com.
+- To specify an Azure Active Directory account, use username@tenant.com.
- To specify a local account, use the username.
The supported operations are Add, Delete, Get, and Replace.
diff --git a/windows/client-management/mdm/secureassessment-ddf-file.md b/windows/client-management/mdm/secureassessment-ddf-file.md
index 76fa3dcb8b..9c0896a99d 100644
--- a/windows/client-management/mdm/secureassessment-ddf-file.md
+++ b/windows/client-management/mdm/secureassessment-ddf-file.md
@@ -1,7 +1,6 @@
---
title: SecureAssessment DDF file
description: View the OMA DM device description framework (DDF) for the SecureAssessment configuration service provider. DDF files are used only with OMA DM provisioning XML
-ms.assetid: 68D17F2A-FAEA-4608-8727-DBEC1D7BE48A
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -84,7 +83,7 @@ The XML below is the current version for this CSP.
- The user name of the test taking account. To specify a domain account, use domain\user. To specify an AAD account, use username@tenant.com. To specify a local account, use the username.
+ The user name of the test taking account. To specify a domain account, use domain\user. To specify an Azure Active Directory account, use username@tenant.com. To specify a local account, use the username.
@@ -184,12 +183,6 @@ The XML below is the current version for this CSP.
```
-
-
-
-
-
-
-
-
+## Related topics
+[SecureAssessment CSP](secureassessment-csp.md)
diff --git a/windows/client-management/mdm/securitypolicy-csp.md b/windows/client-management/mdm/securitypolicy-csp.md
index 5664077e3e..0f55bf6958 100644
--- a/windows/client-management/mdm/securitypolicy-csp.md
+++ b/windows/client-management/mdm/securitypolicy-csp.md
@@ -1,7 +1,6 @@
---
title: SecurityPolicy CSP
description: The SecurityPolicy CSP is used to configure security policy settings for WAP push, OMA DM, Service Indication (SI), Service Loading (SL), and MMS.
-ms.assetid: 6014f8fe-f91b-49f3-a357-bdf625545bc9
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,15 +13,23 @@ ms.date: 06/26/2017
# SecurityPolicy CSP
+The table below shows the applicability of Windows:
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
The SecurityPolicy configuration service provider is used to configure security policy settings for WAP push, OMA Client Provisioning, OMA DM, Service Indication (SI), Service Loading (SL), and MMS.
> [!NOTE]
> This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_DEVICE\_MANAGEMENT\_SECURITY\_POLICIES capabilities to be accessed from a network configuration application.
-
-
-For the SecurityPolicy CSP, you can't use the Replace command unless the node already exists.
+For the SecurityPolicy CSP, you cannot use the Replace command unless the node already exists.
The following example shows the SecurityPolicy configuration service provider management object in tree format as used by both OMA DM and OMA Client Provisioning.
@@ -112,7 +119,6 @@ The following security policies are supported.
## Remarks
-
Security roles allow or restrict access to device resources. The security role is based on the message origin and how the message is signed. You can assign multiple roles to a message in the security policy XML document by combining the decimal values of the roles that you want to assign. For example, to assign both the SECROLE\_KNOWN\_PPG and SECROLE\_OPERATOR\_TPS roles, use the decimal value 384 (256+128).
The following security roles are supported.
@@ -123,11 +129,8 @@ The following security roles are supported.
|SECROLE_KNOWN_PPG|256|Known Push Proxy Gateway. Messages assigned this role indicate that the device knows the address to the Push Proxy Gateway.|
|SECROLE_ANY_PUSH_SOURCE|4096|Push Router. Messages received by the push router will be assigned to this role.|
-
-
## OMA Client Provisioning examples
-
Setting a security policy:
```xml
@@ -150,7 +153,6 @@ Querying a security policy:
## OMA DM examples
-
Setting a security policy:
```xml
@@ -195,7 +197,6 @@ Querying a security policy:
## Microsoft Custom Elements
-
The following table shows the Microsoft custom elements that this Configuration Service Provider supports for OMA Client Provisioning.
|Elements|Available|
@@ -203,9 +204,6 @@ The following table shows the Microsoft custom elements that this Configuration
|parm-query|Yes|
|noparm|Yes. If this element is used, then the policy is set to 0 by default (corresponding to the most restrictive of policy values).|
-
-
## Related topics
-
[Configuration service provider reference](configuration-service-provider-reference.md)
diff --git a/windows/client-management/mdm/server-requirements-windows-mdm.md b/windows/client-management/mdm/server-requirements-windows-mdm.md
index 76c6a97981..f0cade5d43 100644
--- a/windows/client-management/mdm/server-requirements-windows-mdm.md
+++ b/windows/client-management/mdm/server-requirements-windows-mdm.md
@@ -4,7 +4,6 @@ description: Learn about the general server requirements for using OMA DM to man
MS-HAID:
- 'p\_phDeviceMgmt.server\_requirements\_for\_oma\_dm'
- 'p\_phDeviceMgmt.server\_requirements\_windows\_mdm'
-ms.assetid: 5b90b631-62a6-4949-b53a-01275fd304b2
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/sharedpc-csp.md b/windows/client-management/mdm/sharedpc-csp.md
index 7f8d360143..f1c190ab44 100644
--- a/windows/client-management/mdm/sharedpc-csp.md
+++ b/windows/client-management/mdm/sharedpc-csp.md
@@ -1,7 +1,6 @@
---
title: SharedPC CSP
description: Learn how the SharedPC configuration service provider is used to configure settings for Shared PC usage.
-ms.assetid: 31273166-1A1E-4F96-B176-CB42ECB80957
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,6 +13,16 @@ ms.date: 01/16/2019
# SharedPC CSP
+The table below shows the applicability of Windows:
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
The SharedPC configuration service provider is used to configure settings for Shared PC usage.
@@ -57,7 +66,9 @@ A boolean value that specifies whether the policies for education environment ar
The supported operations are Add, Get, Replace, and Delete.
-The default value changed to false in Windows 10, version 1703. The default value is Not Configured and this node needs to be configured independent of EnableSharedPCMode. In Windows 10, version 1607, the value is set to True and the education environment is automatically configured when SharedPC mode is configured.
+The default value changed to false in Windows 10, version 1703. The default value is Not Configured and this node needs to be configured independent of EnableSharedPCMode.
+
+In Windows 10, version 1607, the value is set to True and the education environment is automatically configured when SharedPC mode is configured.
**SetPowerPolicies**
Optional. A boolean value that specifies that the power policies should be set when configuring SharedPC mode.
@@ -140,9 +151,9 @@ For Windows 10, version 1607, here's the list shows the supported values:
For Windows 10, version 1703, here's the list of supported values:
-- 0 - Delete immediately
-- 1 - Delete at disk space threshold
-- 2 - Delete at disk space threshold and inactive threshold
+- 0 - Delete immediately.
+- 1 - Delete at disk space threshold.
+- 2 - Delete at disk space threshold and inactive threshold.
The default value is Not Configured. Its value in the SharedPC provisioning package is 1 or 2.
@@ -181,7 +192,8 @@ The default value is Not Configured and behavior is no such restriction applied.
**KioskModeAUMID**
Added in Windows 10, version 1703. Specifies the AUMID of the app to use with assigned access. This node is optional.
-Value type is string. Supported operations are Add, Get, Replace, and Delete.
+- Value type is string.
+- Supported operations are Add, Get, Replace, and Delete.
> [!NOTE]
> If used, this value must set before the action on the **EnableSharedPCMode** node is taken.
@@ -197,7 +209,9 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
**InactiveThreshold**
Added in Windows 10, version 1703. Accounts will start being deleted when they haven't been logged on during the specified period, given as number of days.
-The default value is Not Configured. Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+- The default value is Not Configured.
+- Value type is integer.
+- Supported operations are Add, Get, Replace, and Delete.
The default in the SharedPC provisioning package is 30.
@@ -207,21 +221,12 @@ Added in Windows 10, version 1703. Maximum size of the paging file in MB. Applie
> [!NOTE]
> If used, this value must set before the action on the **EnableSharedPCMode** node is taken.
-Default value is Not Configured. Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+- Default value is Not Configured.
+- Value type is integer.
+- Supported operations are Add, Get, Replace, and Delete.
The default in the SharedPC provisioning package is 1024.
## Related topics
-
[Configuration service provider reference](configuration-service-provider-reference.md)
-
-
-
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/sharedpc-ddf-file.md b/windows/client-management/mdm/sharedpc-ddf-file.md
index 362f24ac59..359f191981 100644
--- a/windows/client-management/mdm/sharedpc-ddf-file.md
+++ b/windows/client-management/mdm/sharedpc-ddf-file.md
@@ -1,7 +1,6 @@
---
title: SharedPC DDF file
description: Learn how the OMA DM device description framework (DDF) for the SharedPC configuration service provider (CSP).
-ms.assetid: 70234197-07D4-478E-97BB-F6C651C0B970
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,7 +13,6 @@ ms.date: 12/05/2017
# SharedPC DDF file
-
This topic shows the OMA DM device description framework (DDF) for the **SharedPC** configuration service provider. DDF files are used only with OMA DM provisioning XML.
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
@@ -176,7 +174,7 @@ The XML below is the DDF for Windows 10, version 1703.
300
- The amount of time before the PC sleeps, giving in seconds. 0 means the PC never sleeps. Default is 5 minutes. This node is optional. If used, it needs to be set before the action on "EnableSharedPCMode" node is taken.
+ The amount of time before the PC sleeps, given in seconds. 0 means the PC never sleeps. Default is 5 minutes. This node is optional. If used, it needs to be set before the action on "EnableSharedPCMode" node is taken.
@@ -436,7 +434,6 @@ The XML below is the DDF for Windows 10, version 1703.
## Related topics
-
[SharedPC configuration service provider](sharedpc-csp.md)
diff --git a/windows/client-management/mdm/storage-csp.md b/windows/client-management/mdm/storage-csp.md
index 65bbfb02c9..d9df5b94c6 100644
--- a/windows/client-management/mdm/storage-csp.md
+++ b/windows/client-management/mdm/storage-csp.md
@@ -1,7 +1,6 @@
---
title: Storage CSP
description: Learn how the Storage enterprise configuration service provider (CSP) is used to configure the storage card settings.
-ms.assetid: b19bdb54-53ed-42ce-a5a1-269379013f57
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/storage-ddf-file.md b/windows/client-management/mdm/storage-ddf-file.md
index 83acf0f5a6..c5870a9cb4 100644
--- a/windows/client-management/mdm/storage-ddf-file.md
+++ b/windows/client-management/mdm/storage-ddf-file.md
@@ -1,7 +1,6 @@
---
title: Storage DDF file
description: Learn about the OMA DM device description framework (DDF) for the Storage configuration service provider (CSP).
-ms.assetid: 247062A3-4DFB-4B14-A3D1-68D02C27703C
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md b/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md
index 5c0940030d..15ee879130 100644
--- a/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md
+++ b/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md
@@ -1,7 +1,6 @@
---
title: Structure of OMA DM provisioning files
description: Learn about the structure of OMA DM provisioning files, for example how each message is composed of a header, specified by the SyncHdr element, and a message body.
-ms.assetid: 7bd3ef57-c76c-459b-b63f-c5a333ddc2bc
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/supl-csp.md b/windows/client-management/mdm/supl-csp.md
index 61cb297fdf..42cfa00702 100644
--- a/windows/client-management/mdm/supl-csp.md
+++ b/windows/client-management/mdm/supl-csp.md
@@ -1,7 +1,6 @@
---
title: SUPL CSP
description: Learn how the SUPL configuration service provider (CSP) is used to configure the location client.
-ms.assetid: afad0120-1126-4fc5-8e7a-64b9f2a5eae1
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,6 +13,17 @@ ms.date: 09/12/2019
# SUPL CSP
+The SUPL configuration service provider is used to configure the location client, as shown in the following:
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
The SUPL configuration service provider is used to configure the location client, as shown in the following table:
- **Location Service**: Connection type
@@ -32,7 +42,7 @@ The SUPL configuration service provider is used to configure the location client
- Address of the server—a mobile positioning center for non-trusted mode.
- The positioning method used by the MPC for non-trusted mode.
-The SUPL or V2 UPL connection will be reconfigured every time the device is rebooted, a new UICC is inserted, or new settings are provisioned by using OMA Client Provisioning, OMA DM, or test tools. When the device is in roaming mode, it reverts to Mobile Station Standalone mode, in which only the built–in Microsoft location components are used.
+The SUPL or V2 UPL connection will be reconfigured every time the device is rebooted. A new UICC is inserted, or new settings are provisioned by using OMA Client Provisioning, OMA DM, or test tools. When the device is in roaming mode, it reverts to Mobile Station Standalone mode, in which only the built–in Microsoft location components are used.
The following example shows the SUPL configuration service provider management object in tree format as used by OMA DM and OMA Client Provisioning.
@@ -83,7 +93,7 @@ Optional. Specifies the address of the Home SUPL Location Platform (H-SLP) serve
If this value isn't specified, the device infers the H-SLP address from the IMSI as defined in the SUPL standard. To use automatic generation of the H-SLP address based on the IMSI, the MNC length must be set correctly on the UICC. Generally, this value is 2 or 3.
-For OMA DM, if the format for this node is incorrect the entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters.
+For OMA DM, if the format for this node is incorrect the entry will be ignored and an error will be returned. But the configuration service provider will continue processing the rest of the parameters.
**Version**
Optional. Determines the major version of the SUPL protocol to use. For SUPL 1.0.0, set this value to 1. For SUPL 2.0.0, set this value to 2. The default is 1. Refer to FullVersion to define the minor version and the service indicator.
@@ -94,9 +104,9 @@ Added in Windows 10, version 2004. Optional. Determines the full version (X.Y.Z
**MCCMNCPairs**
Required. List all of the MCC and MNC pairs owned by the mobile operator. This list is used to verify that the UICC matches the network and SUPL can be used. When the UICC and network don't match, the device uses the default location service and doesn't use SUPL.
-This value is a string with the format "(X1, Y1)(X2, Y2)…(Xn, Yn)", in which `X` is an MCC and `Y` is an MNC.
+This value is a string with the format `(X1, Y1)(X2, Y2)…(Xn, Yn)`, in which `X` is an MCC and `Y` is an MNC.
-For OMA DM, if the format for this node is incorrect the entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters.
+For OMA DM, if the format for this node is incorrect then an entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters.
**HighAccPositioningMethod**
Optional. Specifies the positioning method that the SUPL client will use for mobile originated position requests. The value can be one of the following integers:
@@ -110,16 +120,12 @@ Optional. Specifies the positioning method that the SUPL client will use for mob
|4|OTDOA|
|5|AFLT|
-
-
The default is 0. The default method in Windows devices provides high-quality assisted GNSS positioning for mobile originated position requests without loading the mobile operator’s network or location services.
> [!IMPORTANT]
> The Mobile Station Assisted, OTDOA, and AFLT positioning methods must only be configured for test purposes.
-
-
-For OMA DM, if the format for this node is incorrect the entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters.
+For OMA DM, if the format for this node is incorrect then an entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters.
**LocMasterSwitchDependencyNII**
Optional. Boolean. Specifies whether the location toggle on the **location** screen in **Settings** is also used to manage SUPL network-initiated (NI) requests for location. If the value is set to 0, the NI behavior is independent from the current location toggle setting. If the value is set to 1, the NI behavior follows the current location toggle setting. The default value is 1.
@@ -133,7 +139,6 @@ This value manages the settings for both SUPL and v2 UPL. If a device is configu
|Off|0|Yes|
|Off|1|No (unless privacyOverride is set)|
-
When the location toggle is set to Off and this value is set to 1, the following application requests will fail:
- `noNotificationNoVerification`
@@ -148,12 +153,12 @@ However, if `privacyOverride` is set in the message, the location will be return
When the location toggle is set to Off and this value is set to 0, the location toggle doesn't prevent SUPL network-initiated requests from working.
-For OMA DM, if the format for this node is incorrect the entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters.
+For OMA DM, if the format for this node is incorrect then an entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters.
**NIDefaultTimeout**
-Optional. Time in seconds that the network-initiated location request is displayed to the user, while awaiting a response and before doing the default action. The default is 30 seconds. A value between 20 and 60 seconds is recommended.
+Optional. Time in seconds. It defines that the network-initiated location request is displayed to the user, while awaiting a response and before doing the default action. The default is 30 seconds. A value between 20 and 60 seconds is recommended.
-This value manages the settings for both SUPL and v2 UPL. If a device is configured for both SUPL and V2 UPL and these values differ, the SUPL setting will always be used.
+This value manages the settings for SUPL and v2 UPL. If a device is configured for both SUPL and V2 UPL, then these values will differ, and the SUPL setting will always be used.
**ServerAccessInterval**
Optional. Integer. Defines the minimum interval of time in seconds between mobile originated requests sent to the server to prevent overloading the mobile operator's network. The default value is 60.
@@ -216,10 +221,10 @@ Added in Windows 10, version 1809. The base 64 encoded blob of the H-SLP root ce
Required for V2 UPL for CDMA. Specifies the account settings for user plane location and IS-801 for CDMA. Only one account is supported at a given time.
**MPC**
-Optional. The address of the mobile positioning center (MPC), in the format *ipAddress*: *portNumber*. For non-trusted mode of operation, this parameter is mandatory and the PDE parameter must be empty.
+Optional. Specifies the address of the mobile positioning center (MPC), in the format *ipAddress*: *portNumber*. For non-trusted mode of operation, this parameter is mandatory and the PDE parameter must be empty.
**PDE**
-Optional. The address of the Position Determination Entity (PDE), in the format *ipAddress*: *portNumber*. For non-trusted mode of operation, this parameter must be empty.
+Optional. Specifies the address of the Position Determination Entity (PDE), in the format *ipAddress*: *portNumber*. For non-trusted mode of operation, this parameter must be empty.
**PositioningMethod\_MR**
Optional. Specifies the positioning method that the SUPL client will use for mobile originated position requests. The value can be one of the following integers:
@@ -238,13 +243,12 @@ The default is 0. The default method provides high-quality assisted GNSS positio
> The Mobile Station Assisted and AFLT positioning methods must only be configured for test purposes.
-
-For OMA DM, if the format for this node is incorrect the entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters.
+For OMA DM, if the format for this node is incorrect then an entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters.
**LocMasterSwitchDependencyNII**
Optional. Boolean. Specifies whether the location toggle on the **location** screen in **Settings** is also used to manage network-initiated requests for location. If the value is set to 0, the NI behavior is independent from the current location toggle setting. If the value is set to 1, the NI behavior follows the current location toggle setting. For CDMA devices, this value must be set to 1. The default value is 1.
-This value manages the settings for both SUPL and v2 UPL. If a device is configured for both SUPL and V2 UPL and these values differ, the SUPL setting will always be used.
+This value manages the settings for both SUPL and v2 UPL. If a device is configured for both SUPL and V2 UPL, then these values will differ, and the SUPL setting will always be used.
|Location toggle setting|LocMasterSwitchDependencyNII setting|NI request processing allowed|
|--- |--- |--- |
@@ -267,22 +271,21 @@ However, if `privacyOverride` is set in the message, the location will be return
When the location toggle is set to Off and this value is set to 0, the location toggle doesn't prevent SUPL network-initiated requests from working.
-For OMA DM, if the format for this node is incorrect the entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters.
+For OMA DM, if the format for this node is incorrect then an entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters.
**ApplicationTypeIndicator\_MR**
Required. This value must always be set to `00000011`.
**NIDefaultTimeout**
-Optional. Time in seconds that the network-initiated location request is displayed to the user, while awaiting a response and before doing the default action. The default is 30 seconds. A value between 20 and 60 seconds is recommended.
+Optional. Time in seconds. It defines that the network-initiated location request is displayed to the user, while awaiting a response and before doing the default action. The default is 30 seconds. A value between 20 and 60 seconds is recommended.
-This value manages the settings for both SUPL and v2 UPL. If a device is configured for both SUPL and V2 UPL and these values differ, the SUPL setting will always be used.
+This value manages the settings for both SUPL and v2 UPL. If a device is configured for both SUPL and V2 UPL, then these values will differ, and the SUPL setting will always be used.
**ServerAccessInterval**
Optional. Integer. Defines the minimum interval of time in seconds between mobile originated requests sent to the server to prevent overloading the mobile operator's network. The default value is 60.
## Unsupported Nodes
-
The following optional nodes aren't supported on Windows devices.
- ProviderID
@@ -305,7 +308,6 @@ If a mobile operator requires the communication with the H-SLP to take place ove
## OMA Client Provisioning examples
-
Adding new configuration information for an H-SLP server for SUPL. Values in italic must be replaced with correct settings for the mobile operator network. A valid binary blob must be included for the root certificate data value.
```xml
@@ -330,7 +332,7 @@ Adding new configuration information for an H-SLP server for SUPL. Values in ita
```
-Adding a SUPL and a V2 UPL account to the same device. Values in italic must be replaced with correct settings for the mobile operator network. A valid binary blob must be included for the root certificate data value.
+Adding a SUPL and a V2 UPL account to the same device. Values in italic must be replaced with correct settings for the mobile operator network. A valid binary BLOB must be included for the root certificate data value.
```xml
@@ -361,7 +363,6 @@ Adding a SUPL and a V2 UPL account to the same device. Values in italic must be
## OMA DM examples
-
Adding a SUPL account to a device. Values in italic must be replaced with correct settings for the mobile operator network. A valid binary blob must be included for the root certificate data value.
```xml
@@ -436,7 +437,6 @@ Adding a SUPL account to a device. Values in italic must be replaced with correc
## Microsoft Custom Elements
-
The following table shows the Microsoft custom elements that this configuration service provider supports for OMA Client Provisioning.
|Elements|Available|
diff --git a/windows/client-management/mdm/supl-ddf-file.md b/windows/client-management/mdm/supl-ddf-file.md
index dec54b3f0a..5d250c07da 100644
--- a/windows/client-management/mdm/supl-ddf-file.md
+++ b/windows/client-management/mdm/supl-ddf-file.md
@@ -1,7 +1,6 @@
---
title: SUPL DDF file
description: This topic shows the OMA DM device description framework (DDF) for the SUPL configuration service provider.
-ms.assetid: 514B7854-80DC-4ED9-9805-F5276BF38034
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/surfacehub-csp.md b/windows/client-management/mdm/surfacehub-csp.md
index 1e276239dd..331505d70d 100644
--- a/windows/client-management/mdm/surfacehub-csp.md
+++ b/windows/client-management/mdm/surfacehub-csp.md
@@ -1,7 +1,6 @@
---
title: SurfaceHub CSP
description: The SurfaceHub configuration service provider (CSP) is used to configure Microsoft Surface Hub settings. This CSP was added in Windows 10, version 1511.
-ms.assetid: 36FBBC32-AD6A-41F1-86BF-B384891AA693
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,9 +13,10 @@ ms.date: 07/28/2017
# SurfaceHub CSP
-The SurfaceHub configuration service provider (CSP) is used to configure Microsoft Surface Hub settings. This CSP was added in Windows 10, version 1511.
+The SurfaceHub configuration service provider (CSP) is used to configure Microsoft Surface Hub settings. This CSP was added in Windows 10, version 1511, and later.
The following example shows the SurfaceHub CSP management objects in tree format.
+
```
./Vendor/MSFT
SurfaceHub
@@ -72,13 +72,14 @@ SurfaceHub
--------WorkspaceID
--------WorkspaceKey
```
+
**./Vendor/MSFT/SurfaceHub**
-
The root node for the Surface Hub configuration service provider.
+The root node for the Surface Hub configuration service provider.
**DeviceAccount**
-
Node for setting device account information. A device account is a Microsoft Exchange account that is connected with Skype for Business, which allows people to join scheduled meetings, make Skype for Business calls, and share content from the device. See the Surface Hub administrator guide for more information about setting up a device account.
+Node for setting device account information. A device account is a Microsoft Exchange account that is connected with Skype for Business, which allows people to join scheduled meetings, make Skype for Business calls, and share content from the device. See the Surface Hub administrator guide for more information about setting up a device account.
-
To use a device account from Azure Active Directory
+To use a device account from Azure Active Directory
1. Set the UserPrincipalName (for Azure AD).
2. Set a valid Password.
@@ -89,7 +90,7 @@ SurfaceHub
> If the device cannot auto-discover the Exchange server and Session Initiation Protocol (SIP) address from this information, you should specify the ExchangeServer and SipAddress.
-
Here's a SyncML example.
+Here's a SyncML example.
```xml
@@ -139,7 +140,7 @@ SurfaceHub
```
-
To use a device account from Active Directory
+To use a device account from Active Directory:
1. Set the DomainName.
2. Set the UserName.
@@ -147,207 +148,268 @@ SurfaceHub
4. Execute the ValidateAndCommit node.
**DeviceAccount/DomainName**
-
Domain of the device account when you're using Active Directory. To use a device account from Active Directory, you should specify both DomainName and UserName for the device account.
-
The data type is string. Supported operation is Get and Replace.
+Domain of the device account when you're using Active Directory. To use a device account from Active Directory, you should specify both DomainName and UserName for the device account.
+
+- The data type is string.
+- Supported operation is Get and Replace.
**DeviceAccount/UserName**
-
Username of the device account when you're using Active Directory. To use a device account from Active Directory, you should specify both DomainName and UserName for the device account.
-
The data type is string. Supported operation is Get and Replace.
+Username of the device account when you're using Active Directory. To use a device account from Active Directory, you should specify both DomainName and UserName for the device account.
+
+- The data type is string.
+- Supported operation is Get and Replace.
**DeviceAccount/UserPrincipalName**
-
User principal name (UPN) of the device account. To use a device account from Azure Active Directory or a hybrid deployment, you should specify the UPN of the device account.
-
The data type is string. Supported operation is Get and Replace.
+User principal name (UPN) of the device account. To use a device account from Azure Active Directory or a hybrid deployment, you should specify the UPN of the device account.
+
+- The data type is string.
+- Supported operation is Get and Replace.
**DeviceAccount/SipAddress**
-
Session Initiation Protocol (SIP) address of the device account. Normally, the device will try to auto-discover the SIP. This field is only required if auto-discovery fails.
-
The data type is string. Supported operation is Get and Replace.
+Session Initiation Protocol (SIP) address of the device account. Normally, the device will try to auto-discover the SIP. This field is only required if auto-discovery fails.
+
+- The data type is string.
+- Supported operation is Get and Replace.
**DeviceAccount/Password**
-
Password for the device account.
-
The data type is string. Supported operation is Get and Replace. The operation Get is allowed, but it will always return a blank.
+Password for the device account.
+
+- The data type is string.
+- Supported operation is Get and Replace. The operation Get is allowed, but it will always return a blank.
**DeviceAccount/ValidateAndCommit**
-
This method validates the data provided and then commits the changes.
-
The data type is string. Supported operation is Execute.
+This method validates the data provided and then commits the changes.
+
+- The data type is string.
+- Supported operation is Execute.
**DeviceAccount/Email**
-
Email address of the device account.
-
The data type is string.
+Email address of the device account. The data type is string.
-**DeviceAccount/PasswordRotationEnabled**
-
Specifies whether automatic password rotation is enabled. If you enforce a password expiration policy on the device account, use this setting to allow the device to manage its own password by changing it frequently, without requiring you to manually update the account information when the password expires. You can reset the password at any time using Active Directory (or Azure AD).
+**DeviceAccount/
+PasswordRotationEnabled**
-
Valid values:
+Specifies whether automatic password rotation is enabled. If you enforce a password expiration policy on the device account, use this setting to allow the device to manage its own password by changing it frequently, without requiring you to manually update the account information when the password expires. You can reset the password at any time using Active Directory (or Azure AD).
+
+Valid values:
- 0 - password rotation enabled
- 1 - disabled
-
The data type is integer. Supported operation is Get and Replace.
+It performs the following:
+- The data type is integer.
+- Supported operation is Get and Replace.
**DeviceAccount/ExchangeServer**
-
Exchange server of the device account. Normally, the device will try to auto-discover the Exchange server. This field is only required if auto-discovery fails.
-
The data type is string. Supported operation is Get and Replace.
+Exchange server of the device account. Normally, the device will try to auto-discover the Exchange server. This field is only required if auto-discovery fails.
+
+- The data type is string.
+- Supported operation is Get and Replace.
**DeviceAccount/ExchangeModernAuthEnabled**
-
Added in KB4598291 for Windows 10, version 20H2. Specifies whether Device Account calendar sync will attempt to use token-based Modern Authentication to connect to the Exchange Server. Default value is True.
-
The data type is boolean. Supported operation is Get and Replace.
+Added in KB4598291 for Windows 10, version 20H2. Specifies, whether Device Account calendar sync will attempt to use token-based Modern Authentication to connect to the Exchange Server. Default value is True.
+
+- The data type is boolean.
+- Supported operation is Get and Replace.
**DeviceAccount/CalendarSyncEnabled**
-
Specifies whether calendar sync and other Exchange server services is enabled.
-
The data type is boolean. Supported operation is Get and Replace.
+Specifies, whether calendar sync and other Exchange server services is enabled.
+
+- The data type is boolean.
+- Supported operation is Get and Replace.
**DeviceAccount/ErrorContext**
If there's an error calling ValidateAndCommit, there's another context for that error in this node. Here are the possible error values:
-| ErrorContext value | Stage where error occurred | Description and suggestions |
+| **ErrorContext value** | **Stage where error occurred** | **Description and suggestions** |
| --- | --- | --- |
| 1 | Unknown | |
-| 2 | Populating account | Unable to retrieve account details using the username and password you provided.
-For Azure AD accounts, ensure that UserPrincipalName and Password are valid. -For AD accounts, ensure that DomainName, UserName, and Password are valid. -Ensure that the specified account has an Exchange server mailbox. |
+| 2 | Populating account | Unable to retrieve account details using the username and password you provided.
For Azure AD accounts, ensure that UserPrincipalName and Password are valid. For AD accounts, ensure that DomainName, UserName, and Password are valid. Ensure that the specified account has an Exchange server mailbox. |
| 3 | Populating Exchange server address | Unable to auto-discover your Exchange server address. Try to manually specify the Exchange server address using the ExchangeServer field. |
-| 4 | Validating Exchange server address | Unable to validate the Exchange server address. Ensure that the ExchangeServer field is valid. |
+| 4 | Validating Exchange server address | Unable to validate the Exchange server address. Ensure the ExchangeServer field is valid. |
| 5 | Saving account information | Unable to save account details to the system. |
-| 6 | Validating EAS policies | The device account uses an unsupported EAS policy. Make sure the EAS policy is configured correctly according to the admin guide. |
+| 6 | Validating EAS policies | The device account uses an unsupported EAS policy. Ensure the EAS policy is configured correctly according to the admin guide. |
-The data type is integer. Supported operation is Get.
+It performs the following:
+- The data type is integer.
+- Supported operation is Get.
**MaintenanceHoursSimple/Hours**
-
-
Node for maintenance schedule.
+Node for maintenance schedule.
**MaintenanceHoursSimple/Hours/StartTime**
-
Specifies the start time for maintenance hours in minutes from midnight. For example, to set a 2:00 am start time, set this value to 120.
-
The data type is integer. Supported operation is Get and Replace.
+Specifies the start time for maintenance hours in minutes from midnight. For example, to set a 2:00 am start time, set this value to 120.
+
+- The data type is integer.
+- Supported operation is Get and Replace.
**MaintenanceHoursSimple/Hours/Duration**
-
Specifies the duration of maintenance window in minutes. For example, to set a 3-hour duration, set this value to 180.
-
The data type is integer. Supported operation is Get and Replace.
+Specifies the duration of maintenance window in minutes. For example, to set a 3-hour duration, set this value to 180.
+
+- The data type is integer.
+- Supported operation is Get and Replace.
**InBoxApps**
-
Node for the in-box app settings.
+
+Node for the in-box app settings.
**InBoxApps/SkypeForBusiness**
-
Added in Windows 10, version 1703. Node for the Skype for Business settings.
+
+Added in Windows 10, version 1703. Node for the Skype for Business settings.
**InBoxApps/SkypeForBusiness/DomainName**
-
Added in Windows 10, version 1703. Specifies the domain of the Skype for Business account when you're using Active Directory. For more information, see Set up Skype for Business Online.
-
The data type is string. Supported operation is Get and Replace.
+Added in Windows 10, version 1703. Specifies the domain of the Skype for Business account when you're using Active Directory. For more information, see Set up Skype for Business Online.
+
+- The data type is string.
+- Supported operation is Get and Replace.
**InBoxApps/Welcome**
-
Node for the welcome screen.
+Node for the welcome screen.
**InBoxApps/Welcome/AutoWakeScreen**
-
Automatically turn on the screen using motion sensors.
-
The data type is boolean. Supported operation is Get and Replace.
+Automatically turn on the screen using motion sensors.
+
+- The data type is boolean.
+- Supported operation is Get and Replace.
**InBoxApps/Welcome/CurrentBackgroundPath**
-
Download location for image to be used as the background during user sessions and on the welcome screen. To set this location, specify an https URL to a 32-bit PNG file (only PNGs are supported for security reasons). If any certificate authorities need to be trusted in order to access the URL, ensure they're valid and installed on the Hub, otherwise it may not be able to load the image.
-
The data type is string. Supported operation is Get and Replace.
+Download location for image, to be used as the background during user sessions and on the welcome screen. To set this location, specify an https URL to a 32-bit PNG file (only PNGs are supported for security reasons). If any certificate authorities need to be trusted in order to access the URL, ensure they're valid and installed on the Hub. Otherwise, it may not be able to load the image.
+
+- The data type is string.
+- Supported operation is Get and Replace.
**InBoxApps/Welcome/MeetingInfoOption**
-
Meeting information displayed on the welcome screen.
-
Valid values:
+Meeting information displayed on the welcome screen.
+
+Valid values:
- 0 - Organizer and time only
- 1 - Organizer, time, and subject. Subject is hidden in private meetings.
-
The data type is integer. Supported operation is Get and Replace.
+It performs the following:
+- The data type is integer.
+- Supported operation is Get and Replace.
**InBoxApps/Whiteboard**
-
Node for the Whiteboard app settings.
+
+Node for the Whiteboard app settings.
**InBoxApps/Whiteboard/SharingDisabled**
-
Invitations to collaborate from the Whiteboard app aren't allowed.
-
The data type is boolean. Supported operation is Get and Replace.
+Invitations to collaborate from the Whiteboard app aren't allowed.
+
+- The data type is boolean.
+- Supported operation is Get and Replace.
**InBoxApps/Whiteboard/SigninDisabled**
-
Sign-ins from the Whiteboard app aren't allowed.
-
The data type is boolean. Supported operation is Get and Replace.
+Sign-ins from the Whiteboard app aren't allowed.
+
+- The data type is boolean.
+- Supported operation is Get and Replace.
**InBoxApps/Whiteboard/TelemeteryDisabled**
-
Telemetry collection from the Whiteboard app isn't allowed.
-
The data type is boolean. Supported operation is Get and Replace.
+Telemetry collection from the Whiteboard app isn't allowed.
+
+- The data type is boolean.
+- Supported operation is Get and Replace.
**InBoxApps/WirelessProjection**
-
Node for the wireless projector app settings.
+
+Node for the wireless projector app settings.
**InBoxApps/WirelessProjection/PINRequired**
-
Users must enter a PIN to wirelessly project to the device.
-
The data type is boolean. Supported operation is Get and Replace.
+Users must enter a PIN to wireless project to the device.
+
+- The data type is boolean.
+- Supported operation is Get and Replace.
**InBoxApps/WirelessProjection/Enabled**
-
Enables wireless projection to the device.
-
The data type is boolean. Supported operation is Get and Replace.
+Enables wireless projection to the device.
+
+- The data type is boolean.
+- Supported operation is Get and Replace.
**InBoxApps/WirelessProjection/Channel**
-
Wireless channel to use for Miracast operation. The supported channels are defined by the Wi-Fi Alliance Wi-Fi Direct specification.
-|Compatibility|Values|
+Wireless channel to use for Miracast operation. The supported channels are defined by the Wi-Fi Alliance Wi-Fi Direct specification.
+
+|**Compatibility**|**Values**|
|--- |--- |
|Works with all Miracast senders in all regions|1, 3, 4, 5, 6, 7, 8, 9, 10, 11|
|Works with all 5ghz band Miracast senders in all regions|36, 40, 44, 48|
|Works with all 5ghz band Miracast senders in all regions except Japan|149, 153, 157, 161, 165|
+The default value is 255. Outside of regulatory concerns, if the channel is configured incorrectly, the driver will either not boot or will broadcast on the wrong channel (which senders won't be looking for).
-
The default value is 255. Outside of regulatory concerns, if the channel is configured incorrectly the driver will either not boot, or will broadcast on the wrong channel (which senders won't be looking for).
-
-
The data type is integer. Supported operation is Get and Replace.
+- The data type is integer.
+- Supported operation is Get and Replace.
**InBoxApps/Connect**
-
Added in Windows 10, version 1703. Node for the Connect app.
+
+Added in Windows 10, version 1703. Node for the Connect app.
**InBoxApps/Connect/AutoLaunch**
-
Added in Windows 10, version 1703. Specifies whether to automatically launch the Connect app whenever a projection is initiated.
-
If this setting is true, the Connect app will be automatically launched. If false, the user will need to launch the Connect app manually from the Hub’s settings.
+Added in Windows 10, version 1703. Specifies, whether to automatically launch the Connect app whenever a projection is initiated.
-
The data type is boolean. Supported operation is Get and Replace.
+If this setting is true, the Connect app will be automatically launched. If false, the user will need to launch the Connect app manually from the Hub’s settings.
+
+- The data type is boolean.
+- Supported operation is Get and Replace.
**Properties**
-
Node for the device properties.
+
+Node for the device properties.
**Properties/FriendlyName**
-
Friendly name of the device. Specifies the name that users see when they want to wirelessly project to the device.
-
The data type is string. Supported operation is Get and Replace.
+Friendly name of the device. Specifies the name that users see when they want wireless project to the device.
+
+- The data type is string.
+- Supported operation is Get and Replace.
**Properties/DefaultVolume**
-
Added in Windows 10, version 1703. Specifies the default volume value for a new session. Permitted values are 0-100. The default is 45.
-
The data type is integer. Supported operation is Get and Replace.
+Added in Windows 10, version 1703. Specifies the default volume value for a new session. Permitted values are 0-100. The default is 45.
+
+- The data type is integer.
+- Supported operation is Get and Replace.
**Properties/DefaultAutomaticFraming**
-
Added in KB5010415 for Windows 10, version 20H2. Specifies whether the Surface Hub 2 Smart Camera feature to automatically zoom and keep users centered in the video is enabled. Default value is True.
-
The data type is boolean. Supported operation is Get and Replace.
+Added in KB5010415 for Windows 10, version 20H2. Specifies whether the Surface Hub 2 Smart Camera feature to automatically zoom and keep users centered in the video is enabled. Default value is True.
+
+- The data type is boolean.
+- Supported operation is Get and Replace.
**Properties/ScreenTimeout**
-
Added in Windows 10, version 1703. Specifies the number of minutes until the Hub screen turns off.
-
The following table shows the permitted values.
+Added in Windows 10, version 1703. Specifies the number of minutes until the Hub screen turns off.
-|Value|Description|
+The following table shows the permitted values.
+
+|**Value**|**Description**|
|--- |--- |
|0|Never time out|
|1|1 minute|
@@ -361,14 +423,17 @@ The data type is integer. Supported operation is Get.
|120|2 hours|
|240|4 hours|
-
The data type is integer. Supported operation is Get and Replace.
+It performs the following:
+- The data type is integer.
+- Supported operation is Get and Replace.
**Properties/SessionTimeout**
-
Added in Windows 10, version 1703. Specifies the number of minutes until the session times out.
-
The following table shows the permitted values.
+Added in Windows 10, version 1703. Specifies the number of minutes until the session times out.
-|Value|Description|
+The following table shows the permitted values.
+
+|**Value**|**Description**|
|--- |--- |
|0|Never time out|
|1|1 minute (default)|
@@ -382,14 +447,17 @@ The data type is integer. Supported operation is Get.
|120|2 hours|
|240|4 hours|
-
The data type is integer. Supported operation is Get and Replace.
+It performs the following:
+- The data type is integer.
+- Supported operation is Get and Replace.
**Properties/SleepTimeout**
-
Added in Windows 10, version 1703. Specifies the number of minutes until the Hub enters sleep mode.
-
The following table shows the permitted values.
+Added in Windows 10, version 1703. Specifies the number of minutes until the Hub enters sleep mode.
-|Value|Description|
+The following table shows the permitted values.
+
+|**Value**|**Description**|
|--- |--- |
|0|Never time out|
|1|1 minute|
@@ -403,61 +471,84 @@ The data type is integer. Supported operation is Get.
|120|2 hours|
|240|4 hours|
-
The data type is integer. Supported operation is Get and Replace.
+It performs the following:
+- The data type is integer.
+- Supported operation is Get and Replace.
**Properties/SleepMode**
-
Added in Windows 10, version 20H2. Specifies the type of sleep mode for the Surface Hub.
-
Valid values:
+Added in Windows 10, version 20H2. Specifies the type of sleep mode for the Surface Hub.
+
+Valid values:
- 0 - Connected Standby (default)
- 1 - Hibernate
-
The data type is integer. Supported operation is Get and Replace.
+It performs the following:
+- The data type is integer.
+- Supported operation is Get and Replace.
**Properties/AllowSessionResume**
-
Added in Windows 10, version 1703. Specifies whether to allow the ability to resume a session when the session times out.
-
If this setting is true, the "Resume Session" feature will be available on the welcome screen when the screen is idle. If false, once the screen idles, the session will be automatically cleaned up as if the “End Session" feature was initiated.
+Added in Windows 10, version 1703. Specifies whether to allow the ability to resume a session when the session times out.
-
The data type is boolean. Supported operation is Get and Replace.
+If this setting is true, the "Resume Session" feature will be available on the welcome screen when the screen is idle. If false, once the screen idles, the session will be automatically cleaned up as if the “End Session" feature was initiated.
+
+- The data type is boolean.
+- Supported operation is Get and Replace.
**Properties/AllowAutoProxyAuth**
-
Added in Windows 10, version 1703. Specifies whether to use the device account for proxy authentication.
-
If this setting is true, the device account will be used for proxy authentication. If false, a separate account will be used.
+Added in Windows 10, version 1703. Specifies whether to use the device account for proxy authentication.
-
The data type is boolean. Supported operation is Get and Replace.
+If this setting is true, the device account will be used for proxy authentication. If false, a separate account will be used.
+
+- The data type is boolean.
+- Supported operation is Get and Replace.
**Properties/ProxyServers**
-
Added in KB4499162 for Windows 10, version 1703. Specifies FQDNs of proxy servers to provide device account credentials to before any user interaction (if AllowAutoProxyAuth is enabled). This FQDN is a semi-colon separated list of server names, without any extra prefixes (for example, https://).
-
The data type is string. Supported operation is Get and Replace.
+Added in KB4499162 for Windows 10, version 1703. Specifies FQDNs of proxy servers to provide device account credentials to before any user interaction (if AllowAutoProxyAuth is enabled). This FQDN is a semi-colon separated list of server names, without any extra prefixes (for example, https://).
+
+- The data type is string.
+- Supported operation is Get and Replace.
**Properties/DisableSigninSuggestions**
-
Added in Windows 10, version 1703. Specifies whether to disable auto-populating of the sign-in dialog with invitees from scheduled meetings.
-
If this setting is true, the sign-in dialog won't be populated. If false, the dialog will auto-populate.
+Added in Windows 10, version 1703. Specifies whether to disable auto-populating of the sign-in dialog with invitees from scheduled meetings.
-
The data type is boolean. Supported operation is Get and Replace.
+If this setting is true, the sign-in dialog won't be populated. If false, the dialog will auto-populate.
+
+- The data type is boolean.
+- Supported operation is Get and Replace.
**Properties/DoNotShowMyMeetingsAndFiles**
-
Added in Windows 10, version 1703. Specifies whether to disable the "My meetings and files" feature in the Start menu, which shows the signed-in user's meetings and files from Office 365.
-
If this setting is true, the “My meetings and files” feature won't be shown. When false, the “My meetings and files” feature will be shown.
+Added in Windows 10, version 1703. Specifies whether to disable the "My meetings and files" feature in the Start menu, which shows the signed-in user's meetings and files from Office 365.
-
The data type is boolean. Supported operation is Get and Replace.
+If this setting is true, the “My meetings and files” feature won't be shown. When false, the “My meetings and files” feature will be shown.
+
+- The data type is boolean.
+- Supported operation is Get and Replace.
**MOMAgent**
-
Node for the Microsoft Operations Management Suite.
+
+Node for the Microsoft Operations Management Suite.
**MOMAgent/WorkspaceID**
-
GUID identifying the Microsoft Operations Management Suite workspace ID to collect the data. Set this GUID to an empty string to disable the MOM agent.
-
The data type is string. Supported operation is Get and Replace.
+GUID identifying the Microsoft Operations Management Suite workspace ID to collect the data. Set this GUID to an empty string to disable the MOM agent.
-**MOMAgent/WorkspaceKey**
-
Primary key for authenticating with the workspace.
+- The data type is string.
+- Supported operation is Get and Replace.
-
The data type is string. Supported operation is Get and Replace. The Get operation is allowed, but it will always return an empty string.
+**MOMAgent/WorkspaceKey**
+Primary key for authenticating with the workspace.
+
+- The data type is string.
+- Supported operation is Get and Replace. The Get operation is allowed, but it will always return an empty string.
+
+## Related topics
+
+[Configuration service provider reference](configuration-service-provider-reference.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/surfacehub-ddf-file.md b/windows/client-management/mdm/surfacehub-ddf-file.md
index 70ed2fa2a4..1a8a825bde 100644
--- a/windows/client-management/mdm/surfacehub-ddf-file.md
+++ b/windows/client-management/mdm/surfacehub-ddf-file.md
@@ -1,7 +1,6 @@
---
title: SurfaceHub DDF file
description: This topic shows the OMA DM device description framework (DDF) for the SurfaceHub configuration service provider. This CSP was added in Windows 10, version 1511.
-ms.assetid: D34DA1C2-09A2-4BA3-BE99-AC483C278436
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/tenantlockdown-csp.md b/windows/client-management/mdm/tenantlockdown-csp.md
index 6f4815ab07..a4b4565694 100644
--- a/windows/client-management/mdm/tenantlockdown-csp.md
+++ b/windows/client-management/mdm/tenantlockdown-csp.md
@@ -13,6 +13,17 @@ manager: dansimp
# TenantLockdown CSP
+The table below shows the applicability of Windows:
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
> [!WARNING]
> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. This CSP was added in Windows 10, version 1809.
@@ -28,16 +39,21 @@ TenantLockdown
----RequireNetworkInOOBE
```
**./Vendor/MSFT/TenantLockdown**
-The root node.
+The root node for the TenantLockdown configuration service provider.
**RequireNetworkInOOBE**
-Specifies whether to require a network connection during the out-of-box experience (OOBE) at first sign in.
+Specifies whether a network connection is required during the out-of-box experience (OOBE) at first logon.
When RequireNetworkInOOBE is true, when the device goes through OOBE at first sign in or after a reset, the user is required to choose a network before proceeding. There's no "skip for now" option.
-Value type is bool. Supported operations are Get and Replace.
+- Value type is bool.
+- Supported operations are Get and Replace.
-- True - Require network in OOBE
-- False - No network connection requirement in OOBE
+ - True - Require network in OOBE.
+ - False - No network connection requirement in OOBE.
-Example scenario: Henry is the IT admin at Contoso. He deploys 1000 devices successfully with RequireNetworkInOOBE set to true. When users accidentally or intentionally reset their device, they're required to connect to a network before they can proceed. Upon successful connection, users see the Contoso branded sign-in experience where they must use their Azure AD credentials. There's no option to skip the network connection and create a local account.
+Example scenario: Henry is the IT admin at Contoso. He deploys 1000 devices successfully with RequireNetworkInOOBE set to true. When users accidentally or intentionally reset their device, they are required to connect to a network before they can proceed. Upon successful connection, users see the Contoso branded sign-in experience where they must use their Azure AD credentials. There is no option to skip the network connection and create a local account.
+
+## Related topics
+
+[Configuration service provider reference](configuration-service-provider-reference.md)
diff --git a/windows/client-management/mdm/tenantlockdown-ddf.md b/windows/client-management/mdm/tenantlockdown-ddf.md
index af4f245a6e..e85778cb28 100644
--- a/windows/client-management/mdm/tenantlockdown-ddf.md
+++ b/windows/client-management/mdm/tenantlockdown-ddf.md
@@ -75,3 +75,7 @@ The XML below is for Windows 10, version 1809.
```
+
+## Related topics
+
+[TenantLockdown CSP](tenantlockdown-csp.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml
index ee13358bb5..a95c47c94f 100644
--- a/windows/client-management/mdm/toc.yml
+++ b/windows/client-management/mdm/toc.yml
@@ -255,8 +255,6 @@ items:
items:
- name: EnterpriseAPN DDF
href: enterpriseapn-ddf.md
- - name: EnterpriseAppManagement CSP
- href: enterpriseappmanagement-csp.md
- name: EnterpriseAppVManagement CSP
href: enterpriseappvmanagement-csp.md
items:
@@ -296,11 +294,6 @@ items:
items:
- name: HealthAttestation DDF
href: healthattestation-ddf.md
- - name: Messaging CSP
- href: messaging-csp.md
- items:
- - name: Messaging DDF file
- href: messaging-ddf.md
- name: MultiSIM CSP
href: multisim-csp.md
items:
@@ -835,12 +828,8 @@ items:
href: policy-csp-windowssandbox.md
- name: WirelessDisplay
href: policy-csp-wirelessdisplay.md
- - name: PolicyManager CSP
- href: policymanager-csp.md
- name: Provisioning CSP
href: provisioning-csp.md
- - name: PROXY CSP
- href: proxy-csp.md
- name: PXLOGICAL CSP
href: pxlogical-csp.md
- name: Reboot CSP
@@ -853,11 +842,6 @@ items:
items:
- name: RemoteFind DDF file
href: remotefind-ddf-file.md
- - name: RemoteRing CSP
- href: remotering-csp.md
- items:
- - name: RemoteRing DDF file
- href: remotering-ddf-file.md
- name: RemoteWipe CSP
href: remotewipe-csp.md
items:
@@ -920,6 +904,11 @@ items:
items:
- name: UnifiedWriteFilter DDF file
href: unifiedwritefilter-ddf.md
+ - name: UniversalPrint CSP
+ href: universalprint-csp.md
+ items:
+ - name: UniversalPrint DDF file
+ href: universalprint-ddf-file.md
- name: Update CSP
href: update-csp.md
items:
@@ -963,10 +952,10 @@ items:
items:
- name: WindowsAdvancedThreatProtection DDF file
href: windowsadvancedthreatprotection-ddf.md
- - name: WindowsAutoPilot CSP
+ - name: WindowsAutopilot CSP
href: windowsautopilot-csp.md
items:
- - name: WindowsAutoPilot DDF file
+ - name: WindowsAutopilot DDF file
href: windowsautopilot-ddf-file.md
- name: WindowsDefenderApplicationGuard CSP
href: windowsdefenderapplicationguard-csp.md
diff --git a/windows/client-management/mdm/tpmpolicy-csp.md b/windows/client-management/mdm/tpmpolicy-csp.md
index 0c7915fe7c..698e2bf85e 100644
--- a/windows/client-management/mdm/tpmpolicy-csp.md
+++ b/windows/client-management/mdm/tpmpolicy-csp.md
@@ -13,10 +13,20 @@ manager: dansimp
# TPMPolicy CSP
+The table below shows the applicability of Windows:
-The TPMPolicy configuration service provider (CSP) provides a mechanism to enable zero-exhaust configuration on a Windows device for TPM software components. Zero exhaust is defined as no network traffic (diagnostic data or otherwise, such as downloading background images, Windows Updates, and so on) from Windows and inbox applications to public IP addresses, unless directly intended by the user. This definition allows the enterprise admin to configure devices where no network communication is initiated by the system without explicit approval.
+The TPMPolicy Configuration Service Provider (CSP) provides a mechanism to enable zero exhaust configuration on a Windows device for TPM software components. Zero exhaust is defined as no network traffic (diagnostic data or otherwise, such as downloading background images, Windows Updates, and so on.) from Windows and inbox applications to public IP addresses unless directly intended by the user. This allows the enterprise admin to configure devices where no network communication is initiated by the system without explicit approval.
-The TPMPolicy CSP was added in Windows 10, version 1703.
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+The TPMPolicy CSP was added in Windows 10, version 1703, and later.
The following example shows the TPMPolicy configuration service provider in tree format.
```
diff --git a/windows/client-management/mdm/uefi-csp.md b/windows/client-management/mdm/uefi-csp.md
index 8a3a6d1f58..fd47c179fa 100644
--- a/windows/client-management/mdm/uefi-csp.md
+++ b/windows/client-management/mdm/uefi-csp.md
@@ -13,8 +13,19 @@ manager: dansimp
# UEFI CSP
+The table below shows the applicability of Windows:
+
+The UEFI Configuration Service Provider (CSP) interfaces to UEFI's Device Firmware Configuration Interface (DFCI) to make BIOS configuration changes. This CSP was added in Windows 10, version 1809.
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
-The UEFI configuration service provider (CSP) interfaces to UEFI's Device Firmware Configuration Interface (DFCI) to make BIOS configuration changes. This CSP was added in Windows 10, version 1809.
> [!NOTE]
> The UEFI CSP version published in Windows 10, version 1803 is replaced with this one (version 1809).
@@ -51,7 +62,7 @@ Uefi
```
The following list describes the characteristics and parameters.
-**./Vendor/MSFT/Uefi**
+**./Vendor/MSFT/UEFI**
Root node.
**DeviceIdentifier**
@@ -80,7 +91,7 @@ Retrieves the binary result package of the previous Identity/Apply operation.
Supported operation is Get.
**Permissions**
-Node for settings permission operations..
+Node for settings permission operations.
**Permissions/Current**
Retrieves XML from UEFI that describes the current UEFI settings permissions.
diff --git a/windows/client-management/mdm/unifiedwritefilter-csp.md b/windows/client-management/mdm/unifiedwritefilter-csp.md
index 1904740772..46abb8acab 100644
--- a/windows/client-management/mdm/unifiedwritefilter-csp.md
+++ b/windows/client-management/mdm/unifiedwritefilter-csp.md
@@ -1,7 +1,6 @@
---
title: UnifiedWriteFilter CSP
description: The UnifiedWriteFilter (UWF) configuration service provider allows you to remotely manage the UWF. Understand how it helps protect physical storage media.
-ms.assetid: F4716AC6-0AA5-4A67-AECE-E0F200BA95EB
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,6 +13,16 @@ ms.date: 06/26/2017
# UnifiedWriteFilter CSP
+The table below shows the applicability of Windows:
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Windows SE|No|No|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
The UnifiedWriteFilter (UWF) configuration service provider enables the IT administrator to remotely manage the UWF to help protect physical storage media including any writable storage type.
@@ -315,7 +324,6 @@ Supported operations are Get and Execute.
## Related topics
-
[Configuration service provider reference](configuration-service-provider-reference.md)
diff --git a/windows/client-management/mdm/unifiedwritefilter-ddf.md b/windows/client-management/mdm/unifiedwritefilter-ddf.md
index f91c0ba659..51a25e686a 100644
--- a/windows/client-management/mdm/unifiedwritefilter-ddf.md
+++ b/windows/client-management/mdm/unifiedwritefilter-ddf.md
@@ -1,7 +1,6 @@
---
title: UnifiedWriteFilter DDF File
description: UnifiedWriteFilter DDF File
-ms.assetid: 23A7316E-A298-43F7-9407-A65155C8CEA6
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/universalprint-csp.md b/windows/client-management/mdm/universalprint-csp.md
new file mode 100644
index 0000000000..e7ca5d359c
--- /dev/null
+++ b/windows/client-management/mdm/universalprint-csp.md
@@ -0,0 +1,110 @@
+---
+title: UniversalPrint CSP
+description: Learn how the UniversalPrint configuration service provider (CSP) is used to install printers on Windows client devices.
+ms.author: mandia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: MandiOhlinger
+ms.date: 06/02/2022
+ms.reviewer: jimwu
+manager: dougeby
+---
+
+# UniversalPrint CSP
+
+The table below shows the applicability of Windows:
+
+|Edition|Windows 11|
+|--- |--- |
+|Home|No|
+|Pro|Yes|
+|Windows SE|Yes|
+|Business|Yes|
+|Enterprise|Yes|
+|Education|Yes|
+
+The UniversalPrint configuration service provider (CSP) is used to add Universal Print-compatible printers to Windows client endpoints. Universal Print is a cloud-based printing solution that runs entirely in Microsoft Azure. It doesn't require any on-premises infrastructure. For more specific information, go to [What is Universal Print](/universal-print/fundamentals/universal-print-whatis).
+
+This CSP was added in Windows 11.
+
+The following example shows the UniversalPrint configuration service provider in tree format.
+
+```console
+./Vendor/MSFT
+PrinterProvisioning
+----UPPrinterInstalls
+-------- (PrinterSharedID)
+--------CloudDeviceID
+--------PrinterSharedName
+--------Install
+--------Status
+--------ErrorCode
+```
+
+**./Vendor/MSFT/PrinterProvisioning**
+The root node for the Universal Print PrinterProvisioning configuration service provider.
+
+**UPPrinterInstalls**
+
+This setting will install or uninstall a specific printer to a targeted user account.
+
+Valid values:
+
+- Install (default) - The printer is installed.
+- Uninstall - The printer is uninstalled.
+
+The data type is node (XML node). Supported operation is Get.
+
+**`` (PrinterSharedID)**
+
+The Share ID is used to identify the Universal Print printer you want to install on the targeted user account. You can get the printer's Share ID in the printer's properties in the [Universal Print portal](/universal-print/portal/navigate-up).
+
+The data type is node (XML node). Supported operations are Get, Add, and Delete.
+
+> [!NOTE]
+> The targeted user account must have access rights to the printer and to the Universal Print service.
+
+**CloudDeviceID**
+
+The Printer ID is used to identify the Universal Print printer you want to install on the targeted user account. You can get the printer's Printer ID in the printer's properties in the [Universal Print portal](/universal-print/portal/navigate-up).
+
+The data type is string/text (GUID). Supported operations are Get, Add, Delete, and Replace.
+
+> [!NOTE]
+> The targeted user account must have access rights to the printer and to the Universal Print service.
+
+**PrinterSharedName**
+
+The Share Name is used to identify the Universal Print printer you want to install on the targeted user account. You can get the printer's Share Name in the printer's properties in the [Universal Print portal](/universal-print/portal/navigate-up).
+
+The data type is string/text. Supported operations are Get, Add, Delete, and Replace.
+
+> [!NOTE]
+> The targeted user account must have access rights to the printer and to the Universal Print service.
+
+**Install**
+
+Installs the Universal Print printer. Supports async execute.
+
+The data type is string/text (empty string). Supported operations are Get and Execute.
+
+**Status**
+
+The result status of the printer installation.
+
+Valid values:
+
+- 1 (default) - Installation completed successfully.
+- 2 - Installation is in progress after receiving execute cmd.
+- 4 - Installation failed.
+- 8 - Installation initial status
+- 32 - Unknown (not used)
+
+The data type is int. Supported operations is Get.
+
+**ErrorCode**
+
+HRESULT of the last installation returned code.
+
+The data type is int. Supported operation is Get.
diff --git a/windows/client-management/mdm/universalprint-ddf-file.md b/windows/client-management/mdm/universalprint-ddf-file.md
new file mode 100644
index 0000000000..cc624c9c29
--- /dev/null
+++ b/windows/client-management/mdm/universalprint-ddf-file.md
@@ -0,0 +1,214 @@
+---
+title: UniversalPrint DDF file
+description: UniversalPrint DDF file
+ms.author: mandia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: MandiOhlinger
+ms.date: 06/02/2022
+ms.reviewer: jimwu
+manager: dougeby
+---
+
+# UniversalPrint DDF file
+
+This article shows the OMA DM device description framework (DDF) for the **UniversalPrint** configuration service provider.
+
+Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
+
+The XML below is the current version for this CSP.
+
+```xml
+
+]>
+
+ 1.2
+
+ PrinterProvisioning
+ ./User/Vendor/MSFT
+
+
+
+
+ Printer Provisioning
+
+
+
+
+
+
+
+
+
+
+ com.microsoft/1.0/MDM/PrinterProvisioning
+
+
+
+ UPPrinterInstalls
+
+
+
+
+ This setting will take the action on the specified user account to install or uninstall the specified printer. Install action is selected by default.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Identifies the Universal Print printer, by its Share ID, you wish to install on the targeted user account. The printer's Share ID can be found in the printer's properties via the Universal Print portal. Note: the targeted user account must have access rights to both the printer and to the Universal Print service.
+
+
+
+
+
+
+
+
+
+ PrinterSharedID
+
+
+
+
+ PrinterSharedID from the Universal Print system, which is used to discover and install Univeral Print printer
+
+
+
+
+
+ CloudDeviceID
+
+
+
+
+
+
+
+ Identifies the Universal Print printer, by its Printer ID, you wish to install on the targeted user account. The printer's Printer ID can be found in the printer's properties via the Universal Print portal. Note: the targeted user account must have access rights to both the printer and to the Universal Print service.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ Install
+
+
+
+
+
+ Support async execute. Install Universal Print printer.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ Status
+
+
+
+
+ 1 finished installation successfully, 2 installation in progress after receiving execute cmd, 4 installation failed, 8 installation initial status, 32 unknown (not used).
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ ErrorCode
+
+
+
+
+ HRESULT of the last installation returned code.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ PrinterSharedName
+
+
+
+
+
+
+
+ Identifies the Universal Print printer, by its Share Name, you wish to install on the targeted user account. The printer's Share Name can be found in the printer's properties via the Universal Print portal. Note: the targeted user account must have access rights to both the printer and to the Universal Print service.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+
+
+
+```
diff --git a/windows/client-management/mdm/update-csp.md b/windows/client-management/mdm/update-csp.md
index c728cdb027..8924365745 100644
--- a/windows/client-management/mdm/update-csp.md
+++ b/windows/client-management/mdm/update-csp.md
@@ -1,7 +1,6 @@
---
title: Update CSP
description: Learn how the Update configuration service provider (CSP) enables IT administrators to manage and control the rollout of new updates.
-ms.assetid: F1627B57-0749-47F6-A066-677FDD3D7359
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,7 +13,19 @@ ms.date: 02/23/2018
# Update CSP
-The Update configuration service provider enables IT administrators to manage and control the rollout of new updates.
+The Update configuration service provider enables the IT administrators to manage and control the rollout of new updates.
+
+The table below shows the applicability of Windows:
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
> [!NOTE]
> The Update CSP functionality of 'ApprovedUpdates' is not recommended for managing desktop devices. To manage updates to desktop devices from Windows Update, see the [Policy CSP - Updates](policy-csp-update.md) documentation for the recommended policies.
@@ -62,7 +73,7 @@ The following example shows the Update configuration service provider in tree fo
> [!NOTE]
> When the RequireUpdateApproval policy is set, the MDM uses the ApprovedUpdates list to pass the approved GUIDs. These GUIDs should be a subset of the InstallableUpdates list.
-
The MDM must first present the EULA to IT and have them accept it before the update is approved. Failure to do this presentation is a breach of legal or contractual obligations. The EULAs can be obtained from the update metadata and have their own EULA ID. It's possible for multiple updates to share the same EULA. It's only necessary to approve the EULA once per EULA ID, not one per update.
+
The MDM must first present the EULA to IT and have them accept it before the update is approved. Failure to do this is a breach of legal or contractual obligations. The EULAs can be obtained from the update metadata and have their own EULA ID. It's possible for multiple updates to share the same EULA. It is only necessary to approve the EULA once per EULA ID, not one per update.
The update approval list enables IT to approve individual updates and update classifications. Auto-approval by update classifications allows IT to automatically approve Definition Updates (that is, updates to the virus and spyware definitions on devices) and Security Updates (that is, product-specific updates for security-related vulnerability). The update approval list doesn't support the uninstallation of updates by revoking approval of already installed updates. Updates are approved based on UpdateID, and an UpdateID only needs to be approved once. An update UpdateID and RevisionNumber are part of the UpdateIdentity type. An UpdateID can be associated to several UpdateIdentity GUIDs due to changes to the RevisionNumber setting. MDM services must synchronize the UpdateIdentity of an UpdateID based on the latest RevisionNumber to get the latest metadata for an update. However, update approval is based on UpdateID.
diff --git a/windows/client-management/mdm/update-ddf-file.md b/windows/client-management/mdm/update-ddf-file.md
index efba4330c5..3daad32697 100644
--- a/windows/client-management/mdm/update-ddf-file.md
+++ b/windows/client-management/mdm/update-ddf-file.md
@@ -1,7 +1,6 @@
---
title: Update DDF file
description: Learn about the OMA DM device description framework (DDF) for the Update configuration service provider (CSP).
-ms.assetid: E236E468-88F3-402A-BA7A-834ED38DD388
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider.md b/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider.md
index 7dee32b407..6d66ae073b 100644
--- a/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider.md
+++ b/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider.md
@@ -1,7 +1,6 @@
---
title: Using PowerShell scripting with the WMI Bridge Provider
description: This topic covers using PowerShell Cmdlet scripts to configure per-user and per-device policy settings, and how to invoke methods through the WMI Bridge Provider.
-ms.assetid: 238D45AD-3FD8-46F9-B7FB-6AEE42BE4C08
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/vpn-csp.md b/windows/client-management/mdm/vpn-csp.md
index 4e2ae5fec4..e26ae9c716 100644
--- a/windows/client-management/mdm/vpn-csp.md
+++ b/windows/client-management/mdm/vpn-csp.md
@@ -1,7 +1,6 @@
---
title: VPN CSP
description: Learn how the VPN configuration service provider (CSP) allows the mobile device management (MDM) server to configure the VPN profile of the device.
-ms.assetid: 05ca946a-1c0b-4e11-8d7e-854e14740707
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/vpn-ddf-file.md b/windows/client-management/mdm/vpn-ddf-file.md
index ba5b9526f2..a59443bf05 100644
--- a/windows/client-management/mdm/vpn-ddf-file.md
+++ b/windows/client-management/mdm/vpn-ddf-file.md
@@ -1,7 +1,6 @@
---
title: VPN DDF file
description: Learn about the OMA DM device description framework (DDF) for the VPN configuration service provider (CSP).
-ms.assetid: 728FCD9C-0B8E-413B-B54A-CD72C9F2B9EE
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md
index 07dbd492dc..053e642943 100644
--- a/windows/client-management/mdm/vpnv2-csp.md
+++ b/windows/client-management/mdm/vpnv2-csp.md
@@ -1,7 +1,6 @@
---
title: VPNv2 CSP
description: Learn how the VPNv2 configuration service provider (CSP) allows the mobile device management (MDM) server to configure the VPN profile of the device.
-ms.assetid: 51ADA62E-1EE5-4F15-B2AD-52867F5B2AD2
ms.reviewer: pesmith
manager: dansimp
ms.author: dansimp
@@ -14,13 +13,23 @@ ms.date: 09/21/2021
# VPNv2 CSP
+The table below shows the applicability of Windows:
-The VPNv2 configuration service provider allows the mobile device management (MDM) server to configure the VPN profile of the device.
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+The VPNv2 configuration service provider allows the Mobile Device Management (MDM) server to configure the VPN profile of the device.
Here are the requirements for this CSP:
- VPN configuration commands must be wrapped in an Atomic block in SyncML.
-- For best results, configure your VPN certificates first before pushing down VPN profiles to devices. If you're using Windows Information Protection (WIP) (formerly known as Enterprise Data Protection), then you should configure VPN first before you configure WIP policies.
+- For best results, configure your VPN certificates first before pushing down VPN profiles to devices. If you're using Windows Information Protection (WIP) (formerly known as Enterprise Data Protection), then you should configure VPN first before you configure Windows Information Protection policies.
- Instead of changing individual properties, follow these steps to make any changes:
- Send a Delete command for the ProfileName to delete the entire profile.
@@ -337,11 +346,10 @@ A sequential integer identifier that allows the ability to specify multiple apps
Supported operations include Get, Add, Replace, and Delete.
**VPNv2/**ProfileName**/AppTriggerList/**appTriggerRowId**/App**
-App Node under the Row Id.
+App Node under the Row ID.
**VPNv2/**ProfileName**/AppTriggerList/**appTriggerRowId**/App/Id**
-App identity, which is either an app’s package family name or file path. The type is inferred by the Id, and therefore can't be specified in the get only App/Type field
-
+App identity, which is either an app’s package family name or file path. The type is inferred by the ID, and therefore can't be specified in the get only App/Type field
**VPNv2/**ProfileName**/AppTriggerList/**appTriggerRowId**/App/Type**
Returns the type of **App/Id**. This value can be either of the following values:
@@ -355,9 +363,10 @@ Optional node. List of routes to be added to the routing table for the VPN inter
Every computer that runs TCP/IP makes routing decisions. These decisions are controlled by the IP routing table. Adding values under this node updates the routing table with routes for the VPN interface post connection. The values under this node represent the destination prefix of IP routes. A destination prefix consists of an IP address prefix and a prefix length.
-Adding a route here allows the networking stack to identify the traffic that needs to go over the VPN interface for split tunnel VPN. Some VPN servers can configure this route during connect negotiation and don't need this information in the VPN Profile. Check with your VPN server administrator to determine whether you need this information in the VPN profile.
+Adding a route here allows the networking stack to identify the traffic that needs to go over the VPN interface for split tunnel VPN. Some VPN servers can configure this during connect negotiation and don't need this information in the VPN Profile. Check with your VPN server administrator to determine whether you need this information in the VPN profile.
**VPNv2/**ProfileName**/RouteList/**routeRowId
+
A sequential integer identifier for the RouteList. This value is required if you're adding routes. Sequencing must start at 0.
Supported operations include Get, Add, Replace, and Delete.
@@ -402,7 +411,7 @@ Supported operations include Get, Add, Replace, and Delete.
Used to indicate the namespace to which the policy applies. When a Name query is issued, the DNS client compares the name in the query to all of the namespaces under DomainNameInformationList to find a match. This parameter can be one of the following types:
- FQDN - Fully qualified domain name
-- Suffix - A domain suffix that will be appended to the shortname query for DNS resolution. To specify a suffix, prepend **.** to the DNS suffix.
+- Suffix - A domain suffix that will be appended to the shortname query for DNS resolution. To specify a suffix, prepend.**.** to the DNS suffix.
Value type is chr. Supported operations include Get, Add, Replace, and Delete.
@@ -531,9 +540,9 @@ If no inbound filter is provided, then by default all unsolicited inbound traffi
Value type is chr. Supported operations include Get, Add, Replace, and Delete.
**VPNv2/**ProfileName**/EdpModeId**
-Enterprise ID, which is required for connecting this VPN profile with a WIP policy. When this ID is set, the networking stack looks for this Enterprise ID in the app token to determine if the traffic is allowed to go over the VPN. If the profile is active, it also automatically triggers the VPN to connect. We recommend having only one such profile per device.
+Enterprise ID, which is required for connecting this VPN profile with a Windows Information Protection policy. When this ID is set, the networking stack looks for this Enterprise ID in the app token to determine if the traffic is allowed to go over the VPN. If the profile is active, it also automatically triggers the VPN to connect. We recommend having only one such profile per device.
-Additionally when a connection is being established with Windows Information Protection (WIP)(formerly known as Enterprise Data Protection), the admin doesn't have to specify AppTriggerList and TrafficFilterList rules separately in this profile (unless more advanced config is needed) because the WIP policies and App lists automatically takes effect.
+Additionally when a connection is being established with Windows Information Protection (WIP)(formerly known as Enterprise Data Protection), the admin doesn't have to specify AppTriggerList and TrafficFilterList rules separately in this profile (unless more advanced config is needed) because the Windows Information Protection policies and App lists automatically takes effect.
Value type is chr. Supported operations include Get, Add, Replace, and Delete.
@@ -550,7 +559,7 @@ An optional flag to enable Always On mode. This flag will automatically connect
Preserving user Always On preference
-Windows has a feature to preserve a user’s AlwaysOn preference. If a user manually unchecks the “Connect automatically” checkbox, Windows will remember this user preference for this profile name by adding the profile name to the value AutoTriggerDisabledProfilesList.
+Windows has a feature to preserve a user’s AlwaysOn preference. If a user manually unchecks the “Connect automatically” checkbox, Windows will remember this user preference for this profile name by adding the profile name to the value AutoTriggerDisabledProfilesList.
Should a management tool remove/add the same profile name back and set AlwaysOn to true, Windows won't check the box if the profile name exists in the below registry value in order to preserve user preference.
Key: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Config`
Value: AutoTriggerDisabledProfilesList
@@ -649,10 +658,10 @@ Reserved for future use.
Reserved for future use.
**VPNv2/**ProfileName**/DeviceCompliance**
-Added in Windows 10, version 1607. Nodes under DeviceCompliance can be used to enable AAD-based Conditional Access for VPN.
+Added in Windows 10, version 1607. Nodes under DeviceCompliance can be used to enable Azure Active Directory-based Conditional Access for VPN.
**VPNv2/**ProfileName**/DeviceCompliance/Enabled**
-Added in Windows 10, version 1607. Enables the Device Compliance flow from the client. If marked as True, the VPN Client will attempt to communicate with AAD to get a certificate to use for authentication. The VPN should be set up to use Certificate Auth and the VPN Server must trust the Server returned by Azure Active Directory.
+Added in Windows 10, version 1607. Enables the Device Compliance flow from the client. If marked as True, the VPN Client will attempt to communicate with Azure Active Directory to get a certificate to use for authentication. The VPN should be set up to use Certificate Auth and the VPN Server must trust the Server returned by Azure Active Directory (AAD).
Value type is bool. Supported operations include Get, Add, Replace, and Delete.
@@ -696,7 +705,7 @@ Supported operations include Get, Add, Replace, and Delete.
Reserved for future use.
**VPNv2/**ProfileName**/NativeProfile**
-Nodes under NativeProfile are required when using a Windows Inbox VPN Protocol (IKEv2, PPTP, L2TP).
+Nodes under NativeProfile are required when using a Windows Inbox VPN Protocol (IKEv2, PPTP, and L2TP).
**VPNv2/**ProfileName**/NativeProfile/Servers**
Required for native profiles. Public or routable IP address or DNS name for the VPN gateway. It can point to the external IP of a gateway or a virtual IP for a server farm. Examples, 208.147.66.130 or vpn.contoso.com.
diff --git a/windows/client-management/mdm/vpnv2-ddf-file.md b/windows/client-management/mdm/vpnv2-ddf-file.md
index 7ac4734a65..d94de5b3c6 100644
--- a/windows/client-management/mdm/vpnv2-ddf-file.md
+++ b/windows/client-management/mdm/vpnv2-ddf-file.md
@@ -1,7 +1,6 @@
---
title: VPNv2 DDF file
description: This topic shows the OMA DM device description framework (DDF) for the VPNv2 configuration service provider.
-ms.assetid: 4E2F36B7-D2EE-4F48-AD1A-6BDE7E72CC94
ms.reviewer: pesmith
manager: dansimp
ms.author: dansimp
@@ -1403,7 +1402,7 @@ The XML below is for Windows 10, version 2004.
- Nodes under DeviceCompliance can be used to enable AAD based Conditional Access for VPN
+ Nodes under DeviceCompliance can be used to enable Azure Active Directory based Conditional Access for VPN
@@ -1426,7 +1425,7 @@ The XML below is for Windows 10, version 2004.
- Enables the Device Compliance flow from the client. If marked as True, the VPN Client will attempt to communicate with AAD to get a certificate to use for authentication. The VPN should be set up to use Certificate Auth and the VPN Server must trust the Server returned by Azure Active Directory
+ Enables the Device Compliance flow from the client. If marked as True, the VPN Client will attempt to communicate with Azure Active Directory to get a certificate to use for authentication. The VPN should be set up to use Certificate Auth and the VPN Server must trust the Server returned by Azure Active Directory
@@ -3593,7 +3592,7 @@ The XML below is for Windows 10, version 2004.
- Nodes under DeviceCompliance can be used to enable AAD based Conditional Access for VPN
+ Nodes under DeviceCompliance can be used to enable Azure Active Directory based Conditional Access for VPN
@@ -3616,7 +3615,7 @@ The XML below is for Windows 10, version 2004.
- Enables the Device Compliance flow from the client. If marked as True, the VPN Client will attempt to communicate with AAD to get a certificate to use for authentication. The VPN should be set up to use Certificate Auth and the VPN Server must trust the Server returned by Azure Active Directory
+ Enables the Device Compliance flow from the client. If marked as True, the VPN Client will attempt to communicate with Azure Active Directory to get a certificate to use for authentication. The VPN should be set up to use Certificate Auth and the VPN Server must trust the Server returned by Azure Active Directory
diff --git a/windows/client-management/mdm/vpnv2-profile-xsd.md b/windows/client-management/mdm/vpnv2-profile-xsd.md
index d318a8734b..b1daeaf543 100644
--- a/windows/client-management/mdm/vpnv2-profile-xsd.md
+++ b/windows/client-management/mdm/vpnv2-profile-xsd.md
@@ -1,7 +1,6 @@
---
title: ProfileXML XSD
description: Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some profile examples.
-ms.assetid: 2F32E14B-F9B9-4760-AE94-E57F1D4DFDB3
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -442,3 +441,7 @@ Here's the XSD for the ProfileXML node in the VPNv2 CSP and VpnManagementAgent::
```
+
+## Related topics
+
+[Configuration service provider reference](configuration-service-provider-reference.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/w4-application-csp.md b/windows/client-management/mdm/w4-application-csp.md
index fca8b3674b..a8d705d870 100644
--- a/windows/client-management/mdm/w4-application-csp.md
+++ b/windows/client-management/mdm/w4-application-csp.md
@@ -1,7 +1,6 @@
---
title: w4 APPLICATION CSP
description: Use an APPLICATION configuration service provider (CSP) that has an APPID of w4 to configure Multimedia Messaging Service (MMS).
-ms.assetid: ef42b82a-1f04-49e4-8a48-bd4e439fc43a
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,6 +13,16 @@ ms.date: 06/26/2017
# w4 APPLICATION CSP
+The table below shows the applicability of Windows:
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
Use an **APPLICATION** configuration service provider that has an APPID of w4 to configure Multimedia Messaging Service (MMS).
@@ -43,11 +52,10 @@ Optional. Specifies a user–readable application identity. This parameter is al
This parameter takes a string value. The possible values to configure the NAME parameter are:
- Character string containing the name.
-
- no value specified
> [!NOTE]
-> The APPLICATION/NAME value is displayed in the UI. The APPLICATION/NAME value might not be saved on the device. So after an upgrade, the MDM servers should resend APPLICATION/NAME to DMAcc.
+> The APPLICATION/NAME value is displayed in the UI. The APPLICATION/NAME value might not be saved on the device. Hence, after an upgrade, the MDM servers should resend APPLICATION/NAME to DMAcc.
If no value is specified, the registry location will default to ``.
@@ -65,9 +73,7 @@ Required. Specifies the network access point identification name (NAPID) defined
Required. Specifies the address of the MMS application server, as a string. The possible values to configure the ADDR parameter are:
- A Uniform Resource Identifier (URI)
-
- An IPv4 address represented in decimal format with dots as delimiters
-
- A fully qualified Internet domain name
**MS**
diff --git a/windows/client-management/mdm/w7-application-csp.md b/windows/client-management/mdm/w7-application-csp.md
index 139c2e3cfd..cf703e5dca 100644
--- a/windows/client-management/mdm/w7-application-csp.md
+++ b/windows/client-management/mdm/w7-application-csp.md
@@ -1,7 +1,6 @@
---
title: w7 APPLICATION CSP
description: Learn that the APPLICATION configuration service provider (CSP) that has an APPID of w7 is used for bootstrapping a device with an OMA DM account.
-ms.assetid: 10f8aa16-5c89-455d-adcd-d7fb45d4e768
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,11 +13,21 @@ ms.date: 06/26/2017
# w7 APPLICATION CSP
+The table below shows the applicability of Windows:
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
The APPLICATION configuration service provider that has an APPID of w7 is used for bootstrapping a device with an OMA DM account. Although this configuration service provider is used to set up an OMA DM account, it's managed over OMA Client Provisioning.
-> **Note** This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_DEVICE\_MANAGEMENT\_ADMIN capabilities to be accessed from a network configuration application.
-
+> [!Note]
+> This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_DEVICE\_MANAGEMENT\_ADMIN capabilities to be accessed from a network configuration application.
The following shows the configuration service provider in tree format as used by OMA Client Provisioning.
@@ -51,11 +60,10 @@ APPLICATION
---SSLCLIENTCERTSEARCHCRITERIA
```
-> **Note** All parm names and characteristic types are case sensitive and must use all uppercase.
+> [!Note]
+> All parameter names and characteristic types are case sensitive and must use all uppercase.
Both APPSRV and CLIENT credentials must be provided in provisioning XML.
-
-
**APPADDR**
This characteristic is used in the w7 APPLICATION characteristic to specify the DM server address.
@@ -99,10 +107,8 @@ Optional. The AAUTHTYPE parameter of the APPAUTH characteristic is used to get o
Valid values:
-- BASIC - specifies that the SyncML DM 'syncml:auth-basic' authentication type.
-
-- DIGEST - specifies that the SyncML DM 'syncml:auth-md5' authentication type.
-
+- BASIC - Specifies that the SyncML DM 'syncml:auth-basic' authentication type.
+- DIGEST - Specifies that the SyncML DM 'syncml:auth-md5' authentication type.
- When AAUTHLEVEL is CLIENT, then AAUTHTYPE must be DIGEST. When AAUTHLEVEL is APPSRV, AAUTHTYPE can be BASIC or DIGEST.
**APPID**
@@ -111,9 +117,9 @@ Required. The APPID parameter is used in the APPLICATION characteristic to diffe
**BACKCOMPATRETRYDISABLED**
Optional. The BACKCOMPATRETRYDISABLED parameter is used in the APPLICATION characteristic to specify whether to retry resending a package with an older protocol version (for example, 1.1) in the SyncHdr (not including the first time).
-> **Note** This parameter doesn't contain a value. The existence of this parameter means backward compatibility retry is disabled. If the parameter is missing, it means backward compatibility retry is enabled.
+> [!Note]
+> This parameter doesn't contain a value. The existence of this parameter means backward compatibility retry is disabled. If the parameter is missing, it means backward compatibility retry is enabled.
-
**CONNRETRYFREQ**
Optional. The CONNRETRYFREQ parameter is used in the APPLICATION characteristic to specify how many retries the DM client performs when there are Connection Manager-level or WinInet-level errors. This parameter takes a numeric value in string format. The default value is “3”. You can set this parameter.
@@ -124,17 +130,16 @@ Optional. The DEFAULTENCODING parameter is used in the APPLICATION characteristi
The valid values are:
- application/vnd.syncml.dm+xml (Default)
-
- application/vnd.syncml.dm+wbxml
**INIT**
Optional. The INIT parameter is used in the APPLICATION characteristic to indicate that the management server wants the client to initiate a management session immediately after settings approval. If the current w7 APPLICATION document will be put in ROM, the INIT parameter must not be present.
-> **Note** This node is only for mobile operators and MDM servers that try to use this will fail. This node isn't supported in the enterprise MDM enrollment scenario.
+> [!Note]
+> This node is only for mobile operators and MDM servers that try to use this will fail. This node isn't supported in the enterprise MDM enrollment scenario.
This parameter forces the device to attempt to connect with the OMA DM server. The connection attempt fails if the XML is set during the coldinit phase. A common cause of this failure is that immediately after coldinit is finished the radio isn't yet ready.
-
**INITIALBACKOFFTIME**
Optional. The INITIALBACKOFFTIME parameter is used in the APPLICATION characteristic to specify the initial wait time in milliseconds when the DM client retries for the first time. The wait time grows exponentially. This parameter takes a numeric value in string format. The default value is “16000”. You can get or set this parameter.
@@ -152,7 +157,6 @@ Optional. The PROTOVER parameter is used in the APPLICATION characteristic to sp
Possible values:
- 1.1
-
- 1.2
**PROVIDER-ID**
@@ -168,7 +172,6 @@ Optional. The TO-NAPID parameter is used in the APPLICATION characteristic to sp
Optional. The USEHWDEVID parameter is used in the APPLICATION characteristic to specify use of device hardware identification. It doesn't have a value.
- If the parameter isn't present, the default behavior is to use an application-specific GUID used rather than the hardware device ID.
-
- If the parameter is present, the hardware device ID will be provided at the **./DevInfo/DevID** node and in the Source LocURI for the DM package sent to the server. International Mobile Subscriber Identity (IMEI) is returned for a GSM device.
**SSLCLIENTCERTSEARCHCRITERIA**
@@ -179,12 +182,11 @@ The string is a concatenation of name/value pairs, each member of the pair delim
The supported names are Subject and Stores; wildcard certificate search isn't supported.
Stores specifies which certificate stores the DM client will search to find the SSL client certificate. The valid store value is My%5CUser. The store name isn't case sensitive.
-
-> **Note** %EF%80%80 is the UTF8-encoded character U+F000.
-
+Subject specifies the certificate to search for. For example, to specify that you want a certificate with a particular Subject attribute (“CN=Tester,O=Microsoft”), use the following:
-Subject specifies the certificate to search for. For example, to specify that you want a certificate with a particular Subject attribute (“CN=Tester,O=Microsoft”), use the following syntax:
+> [!Note]
+> `%EF%80%80` is the UTF8-encoded character U+F000.
```xml
[!WARNING]
> Some information relates to pre-released products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
@@ -41,11 +51,10 @@ WiFi
---------WiFiCost
```
-
The following list shows the characteristics and parameters.
**Device or User profile**
-For user profile, use ./User/Vendor/MSFT/Wifi path and for device profile, use ./Device/Vendor/MSFT/Wifi path.
+For user profile, use .`/User/Vendor/MSFT/Wifi` path and for device profile, use `./Device/Vendor/MSFT/Wifi` path.
**Profile**
Identifies the Wi-Fi network configuration. Each Wi-Fi network configuration is represented by a profile object. This network profile includes all the information required for the device to connect to that network – for example, the SSID, authentication and encryption methods and passphrase if there's WEP or WPA2 networks.
@@ -94,6 +103,7 @@ Supported operations are Get, Add, Delete, and Replace.
-->
**DisableInternetConnectivityChecks**
+
> [!Note]
> This node has been deprecated since Windows 10, version 1607.
@@ -101,8 +111,8 @@ Added in Windows 10, version 1511. Optional. Disable the internet connectivity c
Value type is chr.
-- True - internet connectivity check is disabled.
-- False - internet connectivity check is enabled.
+- True - internet connectivity check is disabled.
+- False - internet connectivity check is enabled.
Supported operations are Get, Add, Delete, and Replace.
@@ -139,7 +149,6 @@ Supported operations are Add, Get, Replace and Delete. Value type is integer.
## Examples
-
These XML examples show how to perform various tasks using OMA DM.
### Add a network
@@ -241,8 +250,4 @@ The following example shows how to add PEAP-MSCHAPv2 network with SSID ‘MyNetw
## Related topics
-
[Configuration service provider reference](configuration-service-provider-reference.md)
-
-
-
diff --git a/windows/client-management/mdm/wifi-ddf-file.md b/windows/client-management/mdm/wifi-ddf-file.md
index c64fc0e3c2..295832f932 100644
--- a/windows/client-management/mdm/wifi-ddf-file.md
+++ b/windows/client-management/mdm/wifi-ddf-file.md
@@ -1,7 +1,6 @@
---
title: WiFi DDF file
description: Learn about the OMA DM device description framework (DDF) for the WiFi configuration service provider (CSP).
-ms.assetid: 00DE1DA7-23DE-4871-B3F0-28EB29A62D61
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -15,11 +14,11 @@ ms.date: 06/28/2018
# WiFi DDF file
> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+> Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
This topic shows the OMA DM device description framework (DDF) for the **WiFi** configuration service provider. DDF files are used only with OMA DM provisioning XML.
-The XML below is for Windows 10, version 1809.
+The XML below is for Windows 10, version 1809 and later.
```xml
diff --git a/windows/client-management/mdm/win32appinventory-csp.md b/windows/client-management/mdm/win32appinventory-csp.md
index a537048478..c3d3098f0a 100644
--- a/windows/client-management/mdm/win32appinventory-csp.md
+++ b/windows/client-management/mdm/win32appinventory-csp.md
@@ -1,7 +1,6 @@
---
title: Win32AppInventory CSP
description: Learn how the Win32AppInventory configuration service provider (CSP) is used to provide an inventory of installed applications on a device.
-ms.assetid: C0DEDD51-4EAD-4F8E-AEE2-CBE9658BCA22
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,6 +13,16 @@ ms.date: 06/26/2017
# Win32AppInventory CSP
+The table below shows the applicability of Windows:
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
The Win32AppInventory configuration service provider is used to provide an inventory of installed applications on a device.
diff --git a/windows/client-management/mdm/win32appinventory-ddf-file.md b/windows/client-management/mdm/win32appinventory-ddf-file.md
index a70763abb9..cbb05d50b8 100644
--- a/windows/client-management/mdm/win32appinventory-ddf-file.md
+++ b/windows/client-management/mdm/win32appinventory-ddf-file.md
@@ -1,7 +1,6 @@
---
title: Win32AppInventory DDF file
description: Learn about the OMA DM device description framework (DDF) for the Win32AppInventory configuration service provider (CSP).
-ms.assetid: F6BCC10B-BFE4-40AB-AEEE-34679A4E15B0
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,7 +13,6 @@ ms.date: 12/05/2017
# Win32AppInventory DDF file
-
This topic shows the OMA DM device description framework (DDF) for the **Win32AppInventory** configuration service provider. DDF files are used only with OMA DM provisioning XML.
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
@@ -274,15 +272,4 @@ The XML below is the current version for this CSP.
## Related topics
-
-[Win32AppInventory configuration service provider](win32appinventory-csp.md)
-
-
-
-
-
-
-
-
-
-
+[Win32AppInventory configuration service provider](win32appinventory-csp.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/win32compatibilityappraiser-csp.md b/windows/client-management/mdm/win32compatibilityappraiser-csp.md
index 015e95075d..ea3289d926 100644
--- a/windows/client-management/mdm/win32compatibilityappraiser-csp.md
+++ b/windows/client-management/mdm/win32compatibilityappraiser-csp.md
@@ -11,7 +11,18 @@ ms.reviewer:
manager: dansimp
---
-# Win32CompatibilityAppraiser CSP
+# Win32CompatibilityAppraiser CSP
+
+The table below shows the applicability of Windows:
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
> [!WARNING]
> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
@@ -45,52 +56,64 @@ Win32CompatibilityAppraiser
------------MostRestrictiveSetting
--------WerConnectionReport
```
+
**./Vendor/MSFT/Win32CompatibilityAppraiser**
The root node for the Win32CompatibilityAppraiser configuration service provider.
**CompatibilityAppraiser**
This represents the state of the Compatibility Appraiser.
-
**CompatibilityAppraiser/AppraiserConfigurationDiagnosis**
This represents various settings that affect whether the Compatibility Appraiser can collect and upload compatibility data.
-
**CompatibilityAppraiser/AppraiserConfigurationDiagnosis/CommercialId**
The unique identifier specifying what organization owns this device. This helps correlate telemetry after it has been uploaded.
-Value type is string. Supported operation is Get.
+Value type is string.
+
+Supported operation is Get.
**CompatibilityAppraiser/AppraiserConfigurationDiagnosis/CommercialIdSetAndValid**
A boolean value representing whether the CommercialId is set to a valid value. Valid values are strings in the form of GUIDs, with no surrounding braces.
-Value type is bool. Supported operation is Get.
+Value type is bool.
+
+Supported operation is Get.
**CompatibilityAppraiser/AppraiserConfigurationDiagnosis/AllTargetOsVersionsRequested**
-A boolean value representing whether the flag to request that the Compatibility Appraiser check compatibility with all possible Windows 10 versions has been set. By default, versions 1507 and 1511, and any version equal to or less than the current version, are not checked.
+A boolean value representing whether the flag to request that the Compatibility Appraiser check compatibility with all possible Windows 10 versions has been set. By default, versions 1507 and 1511, and any version equal to or less than the current version, are not checked.
-Value type is bool. Supported operation is Get.
+Value type is bool.
+
+Supported operation is Get.
**CompatibilityAppraiser/AppraiserConfigurationDiagnosis/OsSkuIsValidForAppraiser**
A boolean value indicating whether the current Windows SKU is able to run the Compatibility Appraiser.
-Value type is bool. Supported operation is Get.
+Value type is bool.
+
+Supported operation is Get.
**CompatibilityAppraiser/AppraiserConfigurationDiagnosis/AppraiserCodeAndDataVersionsAboveMinimum**
An integer value representing whether the installed versions of the Compatibility Appraiser code and data meet the minimum requirement to provide useful data.
-The values are:
-- 0 == Neither the code nor data is of a sufficient version
-- 1 == The code version is insufficient but the data version is sufficient
-- 2 == The code version is sufficient but the data version is insufficient
-- 3 == Both the code and data are of a sufficient version
+The values are:
+
+- 0 == Neither the code nor data is of a sufficient version.
+- 1 == The code version is insufficient but the data version is sufficient.
+- 2 == The code version is sufficient but the data version is insufficient.
+- 3 == Both the code and data are of a sufficient version.
-Value type is integer. Supported operation is Get.
+Value type is integer.
+
+Supported operation is Get.
**CompatibilityAppraiser/AppraiserConfigurationDiagnosis/RebootPending**
-A boolean value representing whether a reboot is pending on this computer. A newly-installed version of the Compatibility Appraiser may require a reboot before useful data is able to be sent.
+A boolean value representing whether a reboot is pending on this computer. A newly-installed version of the Compatibility Appraiser may require a reboot before useful data is able to be sent.
-Value type is bool. Supported operation is Get.
+Value type is bool.
+
+Supported operation is Get.
**CompatibilityAppraiser/AppraiserRunResultReport**
This provides an XML representation of the last run of Appraiser and the last runs of Appraiser of certain types or configurations.
@@ -106,45 +129,58 @@ This represents various settings that affect whether the Universal Telemetry Cli
**UniversalTelemetryClient/UtcConfigurationDiagnosis/TelemetryOptIn**
An integer value representing what level of telemetry will be uploaded.
-Value type is integer. Supported operation is Get.
+Value type is integer.
-The values are:
-- 0 == Security data will be sent
-- 1 == Basic telemetry will be sent
-- 2 == Enhanced telemetry will be sent
-- 3 == Full telemetry will be sent
+Supported operation is Get.
+
+The values are:
+
+- 0 == Security data will be sent.
+- 1 == Basic telemetry will be sent.
+- 2 == Enhanced telemetry will be sent.
+- 3 == Full telemetry will be sent.
**UniversalTelemetryClient/UtcConfigurationDiagnosis/CommercialDataOptIn**
An integer value representing whether the CommercialDataOptIn setting is allowing any data to upload.
-Value type is integer. Supported operation is Get.
+Value type is integer.
-The values are:
-- 0 == Setting is disabled
-- 1 == Setting is enabled
-- 2 == Setting is not applicable to this version of Windows
+Supported operation is Get.
+
+The values are:
+
+- 0 == Setting is disabled.
+- 1 == Setting is enabled.
+- 2 == Setting is not applicable to this version of Windows.
**UniversalTelemetryClient/UtcConfigurationDiagnosis/DiagTrackServiceRunning**
-A boolean value representing whether the DiagTrack service is running. This service must be running in order to upload UTC data.
+A boolean value representing whether the DiagTrack service is running. This service must be running in order to upload UTC data.
-Value type is bool. Supported operation is Get.
+Value type is bool.
+
+Supported operation is Get.
**UniversalTelemetryClient/UtcConfigurationDiagnosis/MsaServiceEnabled**
-A boolean value representing whether the MSA service is enabled. This service must be enabled for UTC data to be indexed with Global Device IDs.
+A boolean value representing whether the Microsoft account service is enabled. This service must be enabled for UTC data to be indexed with Global Device IDs.
-Value type is bool. Supported operation is Get.
+Value type is bool.
+
+Supported operation is Get.
**UniversalTelemetryClient/UtcConfigurationDiagnosis/InternetExplorerTelemetryOptIn**
-An integer value representing what websites Internet Explorer will collect telemetry data for.
+An integer value representing what websites Internet Explorer will collect telemetry data for.
-Value type is integer. Supported operation is Get.
+Value type is integer.
-The values are:
-- 0 == Telemetry collection is disabled
-- 1 == Telemetry collection is enabled for websites in the local intranet, trusted websites, and machine local zones
-- 2 == Telemetry collection is enabled for internet websites and restricted website zones
-- 3 == Telemetry collection is enabled for all websites
-- 0x7FFFFFFF == Telemetry collection is not configured
+Supported operation is Get.
+
+The values are:
+
+- 0 == Telemetry collection is disabled.
+- 1 == Telemetry collection is enabled for websites in the local intranet, trusted websites, and machine local zones.
+- 2 == Telemetry collection is enabled for internet websites and restricted website zones.
+- 3 == Telemetry collection is enabled for all websites.
+- 0x7FFFFFFF == Telemetry collection is not configured.
**UniversalTelemetryClient/UtcConnectionReport**
This provides an XML representation of the UTC connections during the most recent summary period.
@@ -160,26 +196,31 @@ This represents various settings that affect whether the Windows Error Reporting
**WindowsErrorReporting/WerConfigurationDiagnosis/WerTelemetryOptIn**
An integer value indicating the amount of WER data that will be uploaded.
-Value type integer. Supported operation is Get.
+Value type is integer.
-The values are:
-- 0 == Data will not send due to UTC opt-in
-- 1 == Data will not send due to WER opt-in
-- 2 == Basic WER data will send but not the complete set of data
-- 3 == The complete set of WER data will send
+Supported operation is Get.
+The values are:
+
+- 0 == Data will not send due to UTC opt-in.
+- 1 == Data will not send due to WER opt-in.
+- 2 == Basic WER data will send but not the complete set of data.
+- 3 == The complete set of WER data will send.
**WindowsErrorReporting/WerConfigurationDiagnosis/MostRestrictiveSetting**
An integer value representing which setting category (system telemetry, WER basic policies, WER advanced policies, and WER consent policies) is causing the overall WerTelemetryOptIn value to be restricted.
-Value type integer. Supported operation is Get.
+Value type is integer.
-The values are:
-- 0 == System telemetry settings are restricting uploads
-- 1 == WER basic policies are restricting uploads
-- 2 == WER advanced policies are restricting uploads
-- 3 == WER consent policies are restricting uploads
-- 4 == There are no restrictive settings
+Supported operation is Get.
+
+The values are:
+
+- 0 == System telemetry settings are restricting upload.
+- 1 == WER basic policies are restricting uploads.
+- 2 == WER advanced policies are restricting uploads.
+- 3 == WER consent policies are restricting uploads.
+- 4 == There are no restrictive settings.
**WindowsErrorReporting/WerConnectionReport**
This provides an XML representation of the most recent WER connections of various types.
@@ -190,7 +231,7 @@ For the report XML schema, see [Windows Error Reporting connection report](#wind
### Appraiser run result report
-```
+```xml
@@ -362,7 +403,7 @@ For the report XML schema, see [Windows Error Reporting connection report](#wind
### UTC connection report
-```
+```xml
@@ -440,7 +481,7 @@ For the report XML schema, see [Windows Error Reporting connection report](#wind
### Windows Error Reporting connection report
-```
+```xml
@@ -638,3 +679,7 @@ For the report XML schema, see [Windows Error Reporting connection report](#wind
```
+
+## Related topics
+
+[Configuration service provider reference](configuration-service-provider-reference.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/win32compatibilityappraiser-ddf.md b/windows/client-management/mdm/win32compatibilityappraiser-ddf.md
index 05237311f1..057c668a74 100644
--- a/windows/client-management/mdm/win32compatibilityappraiser-ddf.md
+++ b/windows/client-management/mdm/win32compatibilityappraiser-ddf.md
@@ -1,6 +1,6 @@
---
title: Win32CompatibilityAppraiser DDF file
-description: XML file containing the device description framework for the Win32CompatibilityAppraiser configuration service provider.
+description: Learn about the XML file containing the device description framework for the Win32CompatibilityAppraiser configuration service provider.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -14,13 +14,13 @@ manager: dansimp
# Win32CompatibilityAppraiser DDF file
> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+> Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
This topic shows the OMA DM device description framework (DDF) for the **Win32CompatibilityAppraiser** configuration service provider.
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
-The XML below is for Windows 10, version 1809.
+The XML below is for Windows 10, version 1809 and later.
```xml
@@ -98,7 +98,7 @@ The XML below is for Windows 10, version 1809.
- The unique identifier specifying what organization owns this device. This helps correlate telemetry after it has been uploaded.
+ The unique identifier specifying what organization owns this device. This helps correlate telemetry after it has been uploaded.
@@ -120,7 +120,7 @@ The XML below is for Windows 10, version 1809.
- A boolean value representing whether the CommercialId is set to a valid value. Valid values are strings in the form of GUIDs, with no surrounding braces.
+ A boolean value representing whether the CommercialId is set to a valid value. Valid values are strings in the form of GUIDs, with no surrounding braces.
@@ -142,7 +142,7 @@ The XML below is for Windows 10, version 1809.
- A boolean value representing whether the flag to request that the Compatibility Appraiser check compatibility with all possible Windows 10 versions has been set. By default, versions 1507 and 1511, and any version equal to or less than the current version, are not checked.
+ A boolean value representing whether the flag to request that the Compatibility Appraiser check compatibility with all possible Windows 10 versions has been set. By default, versions 1507 and 1511, and any version equal to or less than the current version, are not checked.
@@ -186,7 +186,7 @@ The XML below is for Windows 10, version 1809.
- An integer value representing whether the installed versions of the Compatibility Appraiser code and data meet the minimum requirement to provide useful data. The values are: 0 == "Neither the code nor data is of a sufficient version", 1 == "The code version is insufficient but the data version is sufficient", 2 == "The code version is sufficient but the data version is insufficient", and 3 == "Both the code and data are of a sufficient version".
+ An integer value representing whether the installed versions of the Compatibility Appraiser code and data meet the minimum requirement to provide useful data. The values are: 0 == "Neither the code nor data is of a sufficient version", 1 == "The code version is insufficient but the data version is sufficient", 2 == "The code version is sufficient but the data version is insufficient", and 3 == "Both the code and data are of a sufficient version".
@@ -208,7 +208,7 @@ The XML below is for Windows 10, version 1809.
- A boolean value representing whether a reboot is pending on this computer. A newly-installed version of the Compatibility Appraiser may require a reboot before useful data is able to be sent.
+ A boolean value representing whether a reboot is pending on this computer. A newly-installed version of the Compatibility Appraiser may require a reboot before useful data is able to be sent.
@@ -296,7 +296,7 @@ The XML below is for Windows 10, version 1809.
- An integer value representing what level of telemetry will be uploaded. The values are: 0 == "Security data will be sent", 1 == "Basic telemetry will be sent", 2 == "Enhanced telemetry will be sent", and 3 == "Full telemetry will be sent".
+ An integer value representing what level of telemetry will be uploaded. The values are: 0 == "Security data will be sent", 1 == "Basic telemetry will be sent", 2 == "Enhanced telemetry will be sent", and 3 == "Full telemetry will be sent".
@@ -318,7 +318,7 @@ The XML below is for Windows 10, version 1809.
- An integer value representing whether the CommercialDataOptIn setting is allowing any data to upload. The values are: 0 == "Setting is disabled", 1 == "Setting is enabled", and 2 == "Setting is not applicable to this version of Windows".
+ An integer value representing whether the CommercialDataOptIn setting is allowing any data to upload. The values are: 0 == "Setting is disabled", 1 == "Setting is enabled", and 2 == "Setting is not applicable to this version of Windows".
@@ -340,7 +340,7 @@ The XML below is for Windows 10, version 1809.
- A boolean value representing whether the DiagTrack service is running. This service must be running in order to upload UTC data.
+ A boolean value representing whether the DiagTrack service is running. This service must be running in order to upload UTC data.
@@ -362,7 +362,7 @@ The XML below is for Windows 10, version 1809.
- A boolean value representing whether the MSA service is enabled. This service must be enabled for UTC data to be indexed with Global Device IDs.
+ A boolean value representing whether the MSA service is enabled. This service must be enabled for UTC data to be indexed with Global Device IDs.
@@ -384,7 +384,7 @@ The XML below is for Windows 10, version 1809.
- An integer value representing what websites Internet Explorer will collect telemetry data for. The values are: 0 == "Telemetry collection is disabled", 1 == "Telemetry collection is enabled for websites in the local intranet, trusted websites, and machine local zones", 2 == "Telemetry collection is enabled for internet websites and restricted website zones", 3 == "Telemetry collection is enabled for all websites", and 0x7FFFFFFF == "Telemetry collection is not configured".
+ An integer value representing what websites Internet Explorer will collect telemetry data for. The values are: 0 == "Telemetry collection is disabled", 1 == "Telemetry collection is enabled for websites in the local intranet, trusted websites, and machine local zones", 2 == "Telemetry collection is enabled for internet websites and restricted website zones", 3 == "Telemetry collection is enabled for all websites", and 0x7FFFFFFF == "Telemetry collection is not configured".
@@ -472,7 +472,7 @@ The XML below is for Windows 10, version 1809.
- An integer value indicating the amount of WER data that will be uploaded. The values are: 0 == "Data will not send due to UTC opt-in", 1 == "Data will not send due to WER opt-in", 2 == "Basic WER data will send but not the complete set of data", and 3 == "The complete set of WER data will send".
+ An integer value indicating the amount of WER data that will be uploaded. The values are: 0 == "Data will not send due to UTC opt-in", 1 == "Data will not send due to WER opt-in", 2 == "Basic WER data will send but not the complete set of data", and 3 == "The complete set of WER data will send".
@@ -494,7 +494,7 @@ The XML below is for Windows 10, version 1809.
- An integer value representing which setting category (system telemetry, WER basic policies, WER advanced policies, and WER consent policies) is causing the overall WerTelemetryOptIn value to be restricted. The values are: 0 == "System telemetry settings are restricting uploads", 1 == "WER basic policies are restricting uploads", 2 == "WER advanced policies are restricting uploads", 3 == "WER consent policies are restricting uploads", and 4 == "There are no restrictive settings".
+ An integer value representing which setting category (system telemetry, WER basic policies, WER advanced policies, and WER consent policies) is causing the overall WerTelemetryOptIn value to be restricted. The values are: 0 == "System telemetry settings are restricting uploads", 1 == "WER basic policies are restricting uploads", 2 == "WER advanced policies are restricting uploads", 3 == "WER consent policies are restricting uploads", and 4 == "There are no restrictive settings".
@@ -537,3 +537,7 @@ The XML below is for Windows 10, version 1809.
```
+
+## Related topics
+
+[Win32CompatibilityAppraiser configuration service provider](win32compatibilityappraiser-csp.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/windows-mdm-enterprise-settings.md b/windows/client-management/mdm/windows-mdm-enterprise-settings.md
index d9ef683424..6ae938bf13 100644
--- a/windows/client-management/mdm/windows-mdm-enterprise-settings.md
+++ b/windows/client-management/mdm/windows-mdm-enterprise-settings.md
@@ -4,7 +4,6 @@ description: The DM client manages the interaction between a device and a server
MS-HAID:
- 'p\_phdevicemgmt.enterprise\_settings\_\_policies\_\_and\_app\_management'
- 'p\_phDeviceMgmt.windows\_mdm\_enterprise\_settings'
-ms.assetid: 92711D65-3022-4789-924B-602BE3187E23
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md b/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md
index 2d7afd2ff5..153d3dd342 100644
--- a/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md
+++ b/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md
@@ -1,7 +1,6 @@
---
title: WindowsAdvancedThreatProtection CSP
description: The Windows Defender Advanced Threat Protection (WDATP) CSP allows IT Admins to onboard, determine configuration and health status, and offboard endpoints for WDATP.
-ms.assetid: 6C3054CA-9890-4C08-9DB6-FBEEB74699A8
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,6 +13,16 @@ ms.date: 11/01/2017
# WindowsAdvancedThreatProtection CSP
+The table below shows the applicability of Windows:
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
The Windows Defender Advanced Threat Protection (WDATP) configuration service provider (CSP) allows IT Admins to onboard, determine configuration and health status, and offboard endpoints for WDATP.
@@ -40,102 +49,101 @@ WindowsAdvancedThreatProtection
The following list describes the characteristics and parameters.
**./Device/Vendor/MSFT/WindowsAdvancedThreatProtection**
-
The root node for the Windows Defender Advanced Threat Protection configuration service provider.
+The root node for the Windows Defender Advanced Threat Protection configuration service provider.
-
Supported operation is Get.
+Supported operation is Get.
**Onboarding**
-
Sets Windows Defender Advanced Threat Protection Onboarding blob and initiates onboarding to Windows Defender Advanced Threat Protection.
+Sets Windows Defender Advanced Threat Protection Onboarding blob and initiates onboarding to Windows Defender Advanced Threat Protection.
-
The data type is a string.
+The data type is a string.
-
Supported operations are Get and Replace.
+Supported operations are Get and Replace.
**HealthState**
-
Node that represents the Windows Defender Advanced Threat Protection health state.
+Node that represents the Windows Defender Advanced Threat Protection health state.
**HealthState/LastConnected**
-
Contains the timestamp of the last successful connection.
+Contains the timestamp of the last successful connection.
-
Supported operation is Get.
+Supported operation is Get.
**HealthState/SenseIsRunning**
-
Boolean value that identifies the Windows Defender Advanced Threat Protection Sense running state.
+Boolean value that identifies the Windows Defender Advanced Threat Protection Sense running state.
-
The default value is false.
+The default value is false.
-
Supported operation is Get.
+Supported operation is Get.
**HealthState/OnboardingState**
-
Represents the onboarding state.
+Represents the onboarding state.
-
Supported operation is Get.
+Supported operation is Get.
-
The following list shows the supported values:
+The following list shows the supported values:
-- 0 (default) – Not onboarded.
-- 1 – Onboarded
+- 0 (default) – Not onboarded
+- 1 – Onboarded
**HealthState/OrgId**
-
String that represents the OrgID.
+String that represents the OrgID.
-
Supported operation is Get.
+Supported operation is Get.
**Configuration**
-
Represents Windows Defender Advanced Threat Protection configuration.
+Represents Windows Defender Advanced Threat Protection configuration.
**Configuration/SampleSharing**
-
Returns or sets the Windows Defender Advanced Threat Protection Sample Sharing configuration parameter.
+Returns or sets the Windows Defender Advanced Threat Protection Sample Sharing configuration parameter.
-
The following list shows the supported values:
+The following list shows the supported values:
- 0 – None
- 1 (default)– All
-
Supported operations are Get and Replace.
+Supported operations are Get and Replace.
**Configuration/TelemetryReportingFrequency**
-
Added in Windows 10, version 1703. Returns or sets the Windows Defender Advanced Threat Protection diagnostic data reporting frequency.
+Added in Windows 10, version 1703. Returns or sets the Windows Defender Advanced Threat Protection diagnostic data reporting frequency.
-
The following list shows the supported values:
+The following list shows the supported values:
-- 1 (default) – Normal
-- 2 - Expedite
+- 1 (default) – Normal
+- 2 - Expedite
-
Supported operations are Get and Replace.
+Supported operations are Get and Replace.
**Offboarding**
-
Sets the Windows Defender Advanced Threat Protection Offboarding blob and initiates offboarding to Windows Defender Advanced Threat Protection.
+Sets the Windows Defender Advanced Threat Protection Offboarding blob and initiates offboarding to Windows Defender Advanced Threat Protection.
-
The data type is a string.
+The data type is a string.
-
Supported operations are Get and Replace.
+Supported operations are Get and Replace.
**DeviceTagging**
-
Added in Windows 10, version 1709. Represents Windows Defender Advanced Threat Protection configuration for managing role based access and device tagging.
+Added in Windows 10, version 1709. Represents Windows Defender Advanced Threat Protection configuration for managing role based access and device tagging.
-
Supported operation is Get.
+Supported operation is Get.
**DeviceTagging/Group**
-
Added in Windows 10, version 1709. Device group identifiers.
+Added in Windows 10, version 1709. Device group identifiers.
-
The data type is a string.
+The data type is a string.
-
Supported operations are Get and Replace.
+Supported operations are Get and Replace.
**DeviceTagging/Criticality**
-
Added in Windows 10, version 1709. Asset criticality value. Supported values:
+Added in Windows 10, version 1709. Asset criticality value. Supported values:
- 0 - Normal
- 1 - Critical
-
The data type is an integer.
+The data type is an integer.
-
Supported operations are Get and Replace.
+Supported operations are Get and Replace.
## Examples
-
```xml
@@ -246,15 +254,4 @@ The following list describes the characteristics and parameters.
## Related topics
-
[Configuration service provider reference](configuration-service-provider-reference.md)
-
-
-
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md b/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md
index 93b378c6f0..044557e1f2 100644
--- a/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md
+++ b/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md
@@ -1,6 +1,6 @@
---
title: WindowsAdvancedThreatProtection DDF file
-description: Learn how the OMA DM device description framework (DDF) for the WindowsAdvancedThreatProtection configuration service provider (CSP).
+description: Learn about the OMA DM device description framework (DDF) for the WindowsAdvancedThreatProtection configuration service provider (CSP).
ms.assetid: 0C62A790-4351-48AF-89FD-7D46C42D13E0
ms.reviewer:
manager: dansimp
@@ -14,7 +14,6 @@ ms.date: 12/05/2017
# WindowsAdvancedThreatProtection DDF file
-
This topic shows the OMA DM device description framework (DDF) for the **WindowsAdvancedThreatProtection** configuration service provider. DDF files are used only with OMA DM provisioning XML.
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
@@ -56,7 +55,7 @@ The XML below is the current version for this CSP.
- Set Windows Defender Advanced Threat Protection Onboarding blob and initiate onboarding to Windows Defender Advanced Threat Protection
+ Set Windows Defender Advanced Threat Protection Onboarding blob and initiate onboarding to Windows Defender Advanced Threat Protection.
@@ -77,7 +76,7 @@ The XML below is the current version for this CSP.
- Represents Windows Defender Advanced Threat Protection Health State
+ Represents Windows Defender Advanced Threat Protection Health State.
@@ -119,7 +118,7 @@ The XML below is the current version for this CSP.
false
- Return Windows Defender Advanced Threat Protection service running state
+ Return Windows Defender Advanced Threat Protection service running state.
@@ -141,7 +140,7 @@ The XML below is the current version for this CSP.
0
- Return Windows Defender Advanced Threat Protection onboarding state: 0 – not onboarded; 1 - onboarded
+ Return Windows Defender Advanced Threat Protection onboarding state: 0 – not onboarded; 1 - onboarded.
@@ -184,7 +183,7 @@ The XML below is the current version for this CSP.
- Represents Windows Defender Advanced Threat Protection Configuration
+ Represents Windows Defender Advanced Threat Protection Configuration.
@@ -206,7 +205,7 @@ The XML below is the current version for this CSP.
1
- Return or set Windows Defender Advanced Threat Protection Sample Sharing configuration parameter: 0 - none, 1 - All
+ Return or set Windows Defender Advanced Threat Protection Sample Sharing configuration parameter: 0 - none, 1 - All.
@@ -229,7 +228,7 @@ The XML below is the current version for this CSP.
1
- Return or set Windows Defender Advanced Threat Protection diagnostic data reporting frequency. Allowed values are: 1 - Normal, 2 - Expedite
+ Return or set Windows Defender Advanced Threat Protection diagnostic data reporting frequency. Allowed values are: 1 - Normal, 2 - Expedite.
@@ -253,7 +252,7 @@ The XML below is the current version for this CSP.
- Set Windows Defender Advanced Threat Protection Offboarding blob and initiate offboarding
+ Set Windows Defender Advanced Threat Protection Offboarding blob and initiate offboarding.
@@ -274,7 +273,7 @@ The XML below is the current version for this CSP.
- Represents Windows Defender Advanced Threat Protection configuration for managing role base access and device tagging
+ Represents Windows Defender Advanced Threat Protection configuration for managing role base access and device tagging.
@@ -343,15 +342,4 @@ The XML below is the current version for this CSP.
## Related topics
-
-[Configuration service provider reference](configuration-service-provider-reference.md)
-
-
-
-
-
-
-
-
-
-
+[WindowsAdvancedThreatProtection configuration service provider](windowsadvancedthreatprotection-csp.md)
diff --git a/windows/client-management/mdm/windowsautopilot-csp.md b/windows/client-management/mdm/windowsautopilot-csp.md
index b50c42c129..f1a5f8bb5b 100644
--- a/windows/client-management/mdm/windowsautopilot-csp.md
+++ b/windows/client-management/mdm/windowsautopilot-csp.md
@@ -1,7 +1,6 @@
---
-title: WindowsAutoPilot CSP
+title: WindowsAutopilot CSP
description: Learn how without the ability to mark a device as remediation required, the device will remain in a broken state, which results in security and privacy concerns in Autopilot.
-ms.assetid: E6BC6B0D-1F16-48A5-9AC4-76D69A7EDDA6
ms.reviewer:
manager: dansimp
ms.author: v-nsatapathy
@@ -9,21 +8,38 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: dansimp
-ms.date: 02/07/2022
+ms.date: 05/09/2022
---
-# WindowsAutoPilot CSP
+# WindowsAutopilot CSP
+
+The table below shows the applicability of Windows:
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|Yes|
+|Windows SE|No|Yes|
+|Business|No|Yes|
+|Enterprise|No|Yes|
+|Education|No|Yes|
> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+> Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
-The WindowsAutopilot CSP collects hardware information about a device and formats it into a BLOB. This BLOB is used as input for calling Windows Autopilot Service to mark a device as remediation required if the device underwent a hardware change that affects its ability to use Windows Autopilot.” with “The WindowsAutopilot CSP exposes Windows Autopilot related device information.” Because the CSP description should be more general/high level.
+The WindowsAutopilot CSP exposes Windows Autopilot related device information. The WindowsAutopilot CSP collects hardware information about a device and formats it into a BLOB. This BLOB is used as input for calling Windows Autopilot Service to mark a device as remediation required if the device underwent a hardware change that affects its ability to use Windows Autopilot.
**./Vendor/MSFT/WindowsAutopilot**
-Root node. Supported operation is Get.
+Root node for the WindowsAutopilot configuration service provider.
+Supported operation is Get.
**HardwareMismatchRemediationData**
-Interior node. Supported operation is Get. Collects hardware information about a device and returns it as an encoded string. This string is used as input for calling Windows Autopilot Service to remediate a device if the device underwent a hardware change that affects its ability to use Windows Autopilot.
+Interior node for the HardwareMismatchRemediationData configuration service provider. Collects hardware information about a device and returns it as an encoded string. This string is used as input for calling Windows Autopilot Service to remediate a device if the device underwent a hardware change that affects its ability to use Windows Autopilot.
+
+Supported operation is Get.
+
+## Related topics
+
+[Configuration service provider reference](configuration-service-provider-reference.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/windowsautopilot-ddf-file.md b/windows/client-management/mdm/windowsautopilot-ddf-file.md
index a07f24501d..d6f71e89a4 100644
--- a/windows/client-management/mdm/windowsautopilot-ddf-file.md
+++ b/windows/client-management/mdm/windowsautopilot-ddf-file.md
@@ -1,6 +1,6 @@
---
-title: WindowsAutoPilot DDF file
-description: Learn how without the ability to mark a device as remediation required, the device will remain in a broken state, for the WindowsAutoPilot DDF file configuration service provider (CSP) .
+title: WindowsAutopilot DDF file
+description: Learn how without the ability to mark a device as remediation required, the device will remain in a broken state, for the WindowsAutopilot DDF file configuration service provider (CSP) .
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -11,12 +11,12 @@ ms.reviewer:
manager: dansimp
---
-# WindowsAutoPilot DDF file
+# WindowsAutopilot DDF file
> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+> Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-This topic shows the device description framework (DDF) for the **WindowsAutoPilot** configuration service provider.
+This topic shows the device description framework (DDF) for the **WindowsAutopilot** configuration service provider.
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
@@ -27,7 +27,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
- These settings enable configuration of Windows Autopilot
+ These settings enable configuration of Windows Autopilot.
@@ -74,3 +74,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
```
+
+## Related topics
+
+[WindowsAutopilot configuration service provider](windowsautopilot-csp.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
index febc8bed02..6a9c6a3055 100644
--- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
+++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
@@ -13,10 +13,22 @@ manager: dansimp
# WindowsDefenderApplicationGuard CSP
+The table below shows the applicability of Windows:
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Windows SE|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
The WindowsDefenderApplicationGuard configuration service provider (CSP) is used by the enterprise to configure the settings in Microsoft Defender Application Guard. This CSP was added in Windows 10, version 1709.
The following example shows the WindowsDefenderApplicationGuard configuration service provider in tree format.
-```
+
+```console
./Device/Vendor/MSFT
WindowsDefenderApplicationGuard
----Settings
@@ -36,6 +48,7 @@ WindowsDefenderApplicationGuard
----Audit
--------AuditApplicationGuard
```
+
**./Device/Vendor/MSFT/WindowsDefenderApplicationGuard**
Root node. Supported operation is Get.
@@ -43,30 +56,37 @@ Root node. Supported operation is Get.
Interior node. Supported operation is Get.
**Settings/AllowWindowsDefenderApplicationGuard**
-Turn on Microsoft Defender Application Guard in Enterprise Mode.
+Turn on Microsoft Defender Application Guard in Enterprise Mode.
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+Value type is integer.
+
+Supported operations are Add, Get, Replace, and Delete.
The following list shows the supported values:
-- 0 - Disable Microsoft Defender Application Guard
-- 1 - Enable Microsoft Defender Application Guard for Microsoft Edge ONLY
-- 2 - Enable Microsoft Defender Application Guard for isolated Windows environments ONLY (added in Windows 10, version 2004)
-- 3 - Enable Microsoft Defender Application Guard for Microsoft Edge AND isolated Windows environments (added in Windows 10, version 2004)
+
+- 0 - Disable Microsoft Defender Application Guard.
+- 1 - Enable Microsoft Defender Application Guard for Microsoft Edge ONLY.
+- 2 - Enable Microsoft Defender Application Guard for isolated Windows environments ONLY (added in Windows 10, version 2004).
+- 3 - Enable Microsoft Defender Application Guard for Microsoft Edge AND isolated Windows environments (added in Windows 10, version 2004).
**Settings/ClipboardFileType**
-Determines the type of content that can be copied from the host to Application Guard environment and vice versa.
+Determines the type of content that can be copied from the host to Application Guard environment and vice versa.
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+Value type is integer.
-This policy setting is supported on Microsoft Edge on Windows 10 Enterprise or Windows 10 Education with Microsoft Defender Application Guard in Enterprise mode.
+Supported operations are Add, Get, Replace, and Delete.
+
+This policy setting is supported on Microsoft Edge on Windows 10/Windows 11 Enterprise or Windows 10/Windows 11 Education with Microsoft Defender Application Guard in Enterprise mode.
The following list shows the supported values:
+
- 1 - Allow text copying.
- 2 - Allow image copying.
- 3 - Allow text and image copying.
-ADMX Info:
+ADMX Info:
+
- GP Friendly name: *Configure Microsoft Defender Application Guard clipboard settings*
- GP name: *AppHVSIClipboardFileType*
- GP path: *Windows Components/Microsoft Defender Application Guard*
@@ -76,21 +96,25 @@ ADMX Info:
**Settings/ClipboardSettings**
This policy setting allows you to decide how the clipboard behaves while in Application Guard.
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+Value type is integer.
-This policy setting is supported on Microsoft Edge on Windows 10 Enterprise or Windows 10 Education with Microsoft Defender Application Guard in Enterprise mode.
+Supported operations are Add, Get, Replace, and Delete.
+
+This policy setting is supported on Microsoft Edge on Windows 10/Windows 11 Enterprise or Windows 10/Windows 11 Education with Microsoft Defender Application Guard in Enterprise mode.
+
+The following list shows the supported values:
-The following list shows the supported values:
- 0 (default) - Completely turns Off the clipboard functionality for the Application Guard.
- 1 - Turns On clipboard operation from an isolated session to the host.
- 2 - Turns On clipboard operation from the host to an isolated session.
- 3 - Turns On clipboard operation in both the directions.
> [!IMPORTANT]
-> Allowing copied content to go from Microsoft Edge into Application Guard can cause potential security risks and isn't recommended.
+> Allowing copied content to go from Microsoft Edge into Application Guard can cause potential security risks and isn't recommended.
-ADMX Info:
+ADMX Info:
+
- GP Friendly name: *Configure Microsoft Defender Application Guard clipboard settings*
- GP name: *AppHVSIClipboardSettings*
- GP path: *Windows Components/Microsoft Defender Application Guard*
@@ -98,13 +122,16 @@ ADMX Info:
**Settings/PrintingSettings**
-This policy setting allows you to decide how the print functionality behaves while in Application Guard.
+This policy setting allows you to decide how the print functionality behaves while in Application Guard.
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+Value type is integer.
-This policy setting is supported on Microsoft Edge on Windows 10 Enterprise or Windows 10 Education with Microsoft Defender Application Guard in Enterprise mode.
+Supported operations are Add, Get, Replace, and Delete.
-The following list shows the supported values:
+This policy setting is supported on Microsoft Edge on Windows 10/Windows 11 Enterprise or Windows 10/Windows 11 Education with Microsoft Defender Application Guard in Enterprise mode.
+
+The following list shows the supported values:
+
- 0 (default) - Disables all print functionality.
- 1 - Enables only XPS printing.
- 2 - Enables only PDF printing.
@@ -123,7 +150,8 @@ The following list shows the supported values:
- 15 - Enables all printing.
-ADMX Info:
+ADMX Info:
+
- GP Friendly name: *Configure Microsoft Defender Application Guard print settings*
- GP name: *AppHVSIPrintingSettings*
- GP path: *Windows Components/Microsoft Defender Application Guard*
@@ -133,11 +161,14 @@ ADMX Info:
**Settings/BlockNonEnterpriseContent**
This policy setting allows you to decide whether websites can load non-enterprise content in Microsoft Edge and Internet Explorer.
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+Value type is integer.
-This policy setting is supported on Microsoft Edge on Windows 10 Enterprise or Windows 10 Education with Microsoft Defender Application Guard in Enterprise mode.
+Supported operations are Add, Get, Replace, and Delete.
-The following list shows the supported values:
+This policy setting is supported on Microsoft Edge on Windows 10/Windows 11 Enterprise or Windows 10/Windows 11 Education with Microsoft Defender Application Guard in Enterprise mode.
+
+The following list shows the supported values:
+
- 0 (default) - Non-enterprise content embedded in enterprise sites is allowed to open outside of the Microsoft Defender Application Guard container, directly in Internet Explorer and Microsoft Edge.
- 1 - Non-enterprise content embedded on enterprise sites is stopped from opening in Internet Explorer or Microsoft Edge outside of Microsoft Defender Application Guard.
@@ -145,7 +176,8 @@ The following list shows the supported values:
> This policy setting is no longer supported in the new Microsoft Edge browser. The policy will be deprecated and removed in a future release. Webpages that contain mixed content, both enterprise and non-enterprise, may load incorrectly or fail completely if this feature is enabled.
-ADMX Info:
+ADMX Info:
+
- GP Friendly name: *Prevent enterprise websites from loading non-enterprise content in Microsoft Edge and Internet Explorer*
- GP name: *BlockNonEnterpriseContent*
- GP path: *Windows Components/Microsoft Defender Application Guard*
@@ -155,16 +187,18 @@ ADMX Info:
**Settings/AllowPersistence**
This policy setting allows you to decide whether data should persist across different sessions in Application Guard.
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+Value type is integer.
-This policy setting is supported on Microsoft Edge on Windows 10 Enterprise or Windows 10 Education with Microsoft Defender Application Guard in Enterprise mode.
+Supported operations are Add, Get, Replace, and Delete.
The following list shows the supported values:
+
- 0 - Application Guard discards user-downloaded files and other items (such as, cookies, Favorites, and so on) during machine restart or user sign out.
- 1 - Application Guard saves user-downloaded files and other items (such as, cookies, Favorites, and so on) for use in future Application Guard sessions.
-ADMX Info:
+ADMX Info:
+
- GP Friendly name: *Allow data persistence for Microsoft Defender Application Guard*
- GP name: *AllowPersistence*
- GP path: *Windows Components/Microsoft Defender Application Guard*
@@ -172,15 +206,18 @@ ADMX Info:
**Settings/AllowVirtualGPU**
-Added in Windows 10, version 1803. This policy setting allows you to determine whether Application Guard can use the virtual Graphics Processing Unit (GPU) to process graphics.
+Added in Windows 10, version 1803. This policy setting allows you to determine whether Application Guard can use the virtual Graphics Processing Unit (GPU) to process graphics.
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+Value type is integer.
-This policy setting is supported on Microsoft Edge on Windows 10 Enterprise or Windows 10 Education with Microsoft Defender Application Guard in Enterprise mode.
+Supported operations are Add, Get, Replace, and Delete.
+
+This policy setting is supported on Microsoft Edge on Windows 10/Windows 11 Enterprise or Windows 10/Windows 11 Education with Microsoft Defender Application Guard in Enterprise mode.
If you enable this setting, Microsoft Defender Application Guard uses Hyper-V to access supported, high-security rendering graphics hardware (GPUs). These GPUs improve rendering performance and battery life while using Microsoft Defender Application Guard, particularly for video playback and other graphics-intensive use cases. If you enable this setting without connecting any high-security rendering graphics hardware, Microsoft Defender Application Guard will automatically revert to software-based (CPU) rendering.
The following list shows the supported values:
+
- 0 (default) - Can't access the vGPU and uses the CPU to support rendering graphics. When the policy isn't configured, it's the same as disabled (0).
- 1 - Turns on the functionality to access the vGPU offloading graphics rendering from the CPU. This functionality can create a faster experience when working with graphics intense websites or watching video within the container.
@@ -188,7 +225,8 @@ The following list shows the supported values:
> Enabling this setting with potentially compromised graphics devices or drivers might pose a risk to the host device.
-ADMX Info:
+ADMX Info:
+
- GP Friendly name: *Allow hardware-accelerated rendering for Microsoft Defender Application Guard*
- GP name: *AllowVirtualGPU*
- GP path: *Windows Components/Microsoft Defender Application Guard*
@@ -196,18 +234,20 @@ ADMX Info:
**Settings/SaveFilesToHost**
-Added in Windows 10, version 1803. This policy setting allows you to determine whether users can elect to download files from Edge in the container and persist files them from container to the host operating system. This policy setting also enables users to elect files on the host operating system and upload it through Edge in the container.
+Added in Windows 10, version 1803. This policy setting allows you to determine whether users can elect to download files from Edge in the container and persist files from container to the host operating system. This policy setting also enables users to elect files on the host operating system and upload it through Edge in the container.
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+Value type is integer.
-This policy setting is supported on Microsoft Edge on Windows 10 Enterprise or Windows 10 Education with Microsoft Defender Application Guard in Enterprise mode.
+Supported operations are Add, Get, Replace, and Delete.
+
+The following list shows the supported values:
-The following list shows the supported values:
- 0 (default) - The user can't download files from Edge in the container to the host file system, or upload files from host file system to Edge in the container. When the policy isn't configured, it's the same as disabled (0).
- 1 - Turns on the functionality to allow users to download files from Edge in the container to the host file system.
-ADMX Info:
+ADMX Info:
+
- GP Friendly name: *Allow files to download and save to the host operating system from Microsoft Defender Application Guard*
- GP name: *SaveFilesToHost*
- GP path: *Windows Components/Microsoft Defender Application Guard*
@@ -217,9 +257,11 @@ ADMX Info:
**Settings/CertificateThumbprints**
Added in Windows 10, version 1809. This policy setting allows certain device level Root Certificates to be shared with the Microsoft Defender Application Guard container.
-Value type is string. Supported operations are Add, Get, Replace, and Delete.
+Value type is string.
-This policy setting is supported on Microsoft Edge on Windows 10 Enterprise or Windows 10 Education with Microsoft Defender Application Guard in Enterprise mode.
+Supported operations are Add, Get, Replace, and Delete.
+
+This policy setting is supported on Microsoft Edge on Windows 10/Windows 11 Enterprise or Windows 10/Windows 11 Education with Microsoft Defender Application Guard in Enterprise mode.
If you enable this setting, certificates with a thumbprint matching the ones specified will be transferred into the container. Multiple certificates can be specified by using a comma to separate the thumbprints for each certificate you want to transfer.
@@ -229,7 +271,8 @@ b4e72779a8a362c860c36a6461f31e3aa7e58c14,1b1d49f06d2a697a544a1059bd59a7b058cda92
If you disable or don’t configure this setting, certificates aren't shared with the Microsoft Defender Application Guard container.
-ADMX Info:
+ADMX Info:
+
- GP Friendly name: *Allow Microsoft Defender Application Guard to use Root Certificate Authorities from the user's device*
- GP name: *CertificateThumbprints*
- GP path: *Windows Components/Microsoft Defender Application Guard*
@@ -242,15 +285,18 @@ ADMX Info:
**Settings/AllowCameraMicrophoneRedirection**
Added in Windows 10, version 1809. This policy setting allows you to determine whether applications inside Microsoft Defender Application Guard can access the device’s camera and microphone when these settings are enabled on the user’s device.
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+Value type is integer.
-This policy setting is supported on Microsoft Edge on Windows 10 Enterprise or Windows 10 Education with Microsoft Defender Application Guard in Enterprise mode.
+Supported operations are Add, Get, Replace, and Delete.
+
+This policy setting is supported on Microsoft Edge on Windows 10/Windows 11 Enterprise or Windows 10/Windows 11 Education with Microsoft Defender Application Guard in Enterprise mode.
If you enable this policy setting, applications inside Microsoft Defender Application Guard will be able to access the camera and microphone on the user’s device.
If you disable or don't configure this policy setting, applications inside Microsoft Defender Application Guard will be unable to access the camera and microphone on the user’s device.
-The following list shows the supported values:
+The following list shows the supported values:
+
- 0 (default) - Microsoft Defender Application Guard can't access the device’s camera and microphone. When the policy isn't configured, it's the same as disabled (0).
- 1 - Turns on the functionality to allow Microsoft Defender Application Guard to access the device’s camera and microphone.
@@ -258,7 +304,8 @@ The following list shows the supported values:
> If you turn on this policy setting, a compromised container could bypass camera and microphone permissions and access the camera and microphone without the user's knowledge. To prevent unauthorized access, we recommend that camera and microphone privacy settings be turned off on the user's device when they are not needed.
-ADMX Info:
+ADMX Info:
+
- GP Friendly name: *Allow camera and microphone access in Microsoft Defender Application Guard*
- GP name: *AllowCameraMicrophoneRedirection*
- GP path: *Windows Components/Microsoft Defender Application Guard*
@@ -268,22 +315,26 @@ ADMX Info:
**Status**
Returns bitmask that indicates status of Application Guard installation for Microsoft Edge and prerequisites on the device.
-Value type is integer. Supported operation is Get.
+Value type is integer.
-- Bit 0 - Set to 1 when Application Guard is enabled into enterprise manage mode.
-- Bit 1 - Set to 1 when the client machine is Hyper-V capable.
-- Bit 2 - Set to 1 when the client machine has a valid OS license and SKU.
-- Bit 3 - Set to 1 when Application Guard installed on the client machine.
-- Bit 4 - Set to 1 when required Network Isolation Policies are configured.
- > [!IMPORTANT]
- > If you are deploying Application Guard via Intune, Network Isolation Policy must be configured to enable Application Guard for Microsoft Edge.
-- Bit 5 - Set to 1 when the client machine meets minimum hardware requirements.
-- Bit 6 - Set to 1 when system reboot is required.
+Supported operation is Get.
+
+- Bit 0 - Set to 1 when Application Guard is enabled into enterprise manage mode.
+- Bit 1 - Set to 1 when the client machine is Hyper-V capable.
+- Bit 2 - Set to 1 when the client machine has a valid OS license and SKU.
+- Bit 3 - Set to 1 when Application Guard installed on the client machine.
+- Bit 4 - Set to 1 when required Network Isolation Policies are configured.
+ > [!IMPORTANT]
+ > If you are deploying Application Guard via Intune, Network Isolation Policy must be configured to enable Application Guard for Microsoft Edge.
+- Bit 5 - Set to 1 when the client machine meets minimum hardware requirements.
+- Bit 6 - Set to 1 when system reboot is required.
**PlatformStatus**
Added in Windows 10, version 2004. Applies to Microsoft Office/Generic platform. Returns bitmask that indicates status of Application Guard platform installation and prerequisites on the device.
-Value type is integer. Supported operation is Get.
+Value type is integer.
+
+Supported operation is Get.
- Bit 0 - Set to 1 when Application Guard is enabled into enterprise manage mode.
- Bit 1 - Set to 1 when the client machine is Hyper-V capable.
@@ -297,7 +348,8 @@ Initiates remote installation of Application Guard feature.
Supported operations are Get and Execute.
-The following list shows the supported values:
+The following list shows the supported values:
+
- Install - Will initiate feature install.
- Uninstall - Will initiate feature uninstall.
@@ -305,20 +357,28 @@ The following list shows the supported values:
Interior node. Supported operation is Get.
**Audit/AuditApplicationGuard**
-This policy setting allows you to decide whether auditing events can be collected from Application Guard.
+This policy setting allows you to decide whether auditing events can be collected from Application Guard.
-Value type in integer. Supported operations are Add, Get, Replace, and Delete.
+Value type in integer.
-This policy setting is supported on Windows 10 Enterprise or Windows 10 Education with Microsoft Defender Application Guard in Enterprise mode.
+Supported operations are Add, Get, Replace, and Delete.
-The following list shows the supported values:
+This policy setting is supported on Windows 10/Windows 11 Enterprise or Windows 10/Windows 11 Education with Microsoft Defender Application Guard in Enterprise mode.
+
+The following list shows the supported values:
+
- 0 (default) - Audit event logs aren't collected for Application Guard.
- 1 - Application Guard inherits its auditing policies from system and starts to audit security events for Application Guard container.
-ADMX Info:
+ADMX Info:
+
- GP Friendly name: *Allow auditing events in Microsoft Defender Application Guard*
- GP name: *AuditApplicationGuard*
- GP path: *Windows Components/Microsoft Defender Application Guard*
- GP ADMX file name: *AppHVSI.admx*
+
+## Related topics
+
+[Configuration service provider reference](configuration-service-provider-reference.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md b/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md
index c4c0409389..d910c1b600 100644
--- a/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md
+++ b/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md
@@ -1,6 +1,6 @@
---
title: WindowsDefenderApplicationGuard DDF file
-description: learn about the OMA DM device description framework (DDF) for the WindowsDefenderApplicationGuard DDF file configuration service provider (CSP).
+description: Learn about the OMA DM device description framework (DDF) for the WindowsDefenderApplicationGuard DDF file configuration service provider (CSP).
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -14,13 +14,13 @@ manager: dansimp
# WindowsDefenderApplicationGuard DDF file
> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+> Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
This topic shows the OMA DM device description framework (DDF) for the **WindowsDefenderApplicationGuard** configuration service provider.
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
-This XML is for Windows 10, version 1809.
+This XML is for Windows 10, version 1809 and later.
```xml
@@ -481,3 +481,7 @@ This XML is for Windows 10, version 1809.
```
+
+## Related topics
+
+[WindowsDefenderApplicationGuard configuration service provider](windowsdefenderapplicationguard-csp.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/windowslicensing-csp.md b/windows/client-management/mdm/windowslicensing-csp.md
index 0789764ab1..0345c70924 100644
--- a/windows/client-management/mdm/windowslicensing-csp.md
+++ b/windows/client-management/mdm/windowslicensing-csp.md
@@ -1,7 +1,6 @@
---
title: WindowsLicensing CSP
description: Learn how the WindowsLicensing configuration service provider (CSP) is designed for licensing related management scenarios.
-ms.assetid: E6BC6B0D-1F16-48A5-9AC4-76D69A7EDDA6
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -14,6 +13,17 @@ ms.date: 08/15/2018
# WindowsLicensing CSP
+The table below shows the applicability of Windows:
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
> [!WARNING]
> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
@@ -40,6 +50,7 @@ WindowsLicensing
--------SwitchFromSMode (Added in Windows 10, version 1809)
--------Status (Added in Windows 10, version 1809)
```
+
**./Device/Vendor/MSFT/WindowsLicensing**
This node is the root node for the WindowsLicensing configuration service provider.
@@ -51,21 +62,17 @@ Enters a product key for an edition upgrade of Windows 10 desktop devices.
> [!NOTE]
> This upgrade process requires a system restart.
-
-
The date type is a chr.
The supported operation is Exec.
-When a product key is pushed from an MDM server to a user's device, **changepk.exe** runs using the product key. After it completes, a notification is shown to the user that a new edition of Windows 10 is available. The user can then restart their system manually or, after two hours, the device will restart automatically to complete the upgrade. The user will receive a reminder notification 10 minutes before the automatic restart.
+When a product key is pushed from an MDM server to a user's device, **changepk.exe** runs using the product key. After it completes, a notification is shown to the user that a new edition of Windows 10 is available. The user can then restart their system manually or after two hours, the device will restart automatically to complete the upgrade. The user will receive a reminder notification 10 minutes before the automatic restart.
After the device restarts, the edition upgrade process completes. The user will receive a notification of the successful upgrade.
> [!IMPORTANT]
> If another policy requires a system reboot that occurs when **changepk.exe** is running, the edition upgrade will fail.
-
-
If a product key is entered in a provisioning package and the user begins installation of the package, a notification is shown to the user that their system will restart to complete the package installation. Upon explicit consent from the user to proceed, the package continues installation and **changepk.exe** runs using the product key. The user will receive a reminder notification 30 seconds before the automatic restart.
After the device restarts, the edition upgrade process completes. The user will receive a notification of the successful upgrade.
@@ -75,24 +82,22 @@ This node can also be used to activate or change a product key on a particular e
> [!IMPORTANT]
> The product key entered must be 29 characters (that is, it should include dashes), otherwise the activation, edition upgrade, or product key change on Windows 10 desktop devices will fail. The product key is acquired from Microsoft Volume Licensing Service Center. Your organization must have a Volume Licensing contract with Microsoft to access the portal.
-
-
The following are valid edition upgrade paths when using this node through an MDM:
-- Windows 10 Enterprise to Windows 10 Education
-- Windows 10 Home to Windows 10 Education
-- Windows 10 Pro to Windows 10 Education
-- Windows 10 Pro to Windows 10 Enterprise
+- Windows 10/Windows 11 Enterprise to Windows 10/ Windows 11 Education
+- Windows 10/Windows 11 Home to Windows 10/Windows 11 Education
+- Windows 10/Windows 11 Pro to Windows 10/Windows 11 Education
+- Windows 10/Windows 11 Pro to Windows 10/Windows 11 Enterprise
Activation or changing a product key can be carried out on the following editions:
-- Windows 10 Education
-- Windows 10 Enterprise
-- Windows 10 Home
-- Windows 10 Pro
+- Windows 10/Windows 11 Education
+- Windows 10/Windows 11 Enterprise
+- Windows 10/Windows 11 Home
+- Windows 10/Windows 11 Pro
**Edition**
-Returns a value that maps to the Windows 10 edition. Take the value, convert it into its hexadecimal equivalent and search the GetProductInfo function page on MSDN for edition information.
+Returns a value that maps to the Windows 10 or Windows 11 edition. Take the value, convert it into its hexadecimal equivalent and search the GetProductInfo function page on MSDN for edition information.
The data type is an Int.
@@ -101,11 +106,11 @@ The supported operation is Get.
**Status**
Returns the status of an edition upgrade on Windows devices. The status corresponds to one of the following values:
-- 0 = Failed
-- 1 = Pending
-- 2 = In progress
-- 3 = Completed
-- 4 = Unknown
+- 0 = Failed
+- 1 = Pending
+- 2 = In progress
+- 3 = Completed
+- 4 = Unknown
The data type is an Int.
@@ -136,23 +141,23 @@ The following are valid edition upgrade paths when using this node through an MD
-->
**LicenseKeyType**
-Returns the parameter type used by Windows 10 devices for an edition upgrade, activation, or product key change.
+Returns the parameter type used by Windows 10 or Windows 11 devices for an edition upgrade, activation, or product key change.
-- Windows 10 client devices require a product key.
+- Windows 10 or Windows 11 client devices require a product key.
The data type is a chr.
The supported operation is Get.
**CheckApplicability**
-Returns TRUE if the entered product key can be used for an edition upgrade, activation or changing a product key of Windows 10 for desktop devices.
+Returns TRUE if the entered product key can be used for an edition upgrade, activation or changing a product key of Windows 10 or Windows 11 for desktop devices.
The data type is a chr.
The supported operation is Exec.
**ChangeProductKey**
-Added in Windows 10, version 1703. Installs a product key for Windows 10 desktop devices. Doesn't reboot.
+Added in Windows 10, version 1703. Installs a product key for Windows desktop devices. Doesn't reboot.
The data type is a chr.
@@ -184,32 +189,37 @@ Interior node for managing S mode.
**SMode/SwitchingPolicy**
Added in Windows 10, version 1809. Determines whether a consumer can switch the device out of S mode. This setting is only applicable to devices available in S mode. For examples, see [Add S mode SwitchingPolicy](#smode-switchingpolicy-add), [Get S mode SwitchingPolicy](#smode-switchingpolicy-get), [Replace S mode SwitchingPolicy](#smode-switchingpolicy-replace) and [Delete S mode SwitchingPolicy](#smode-switchingpolicy-delete)
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+Value type is integer.
-Supported values:
-- 0 - No Restriction: The user is allowed to switch the device out of S mode.
-- 1 - User Blocked: The admin has blocked the user from switching their device out of S mode. Only the admin can switch the device out of S mode through the SMode/SwitchFromSMode node.
+Supported operations are Add, Get, Replace, and Delete.
+
+Supported values:
+
+- 0 - No Restriction: The user is allowed to switch the device out of S mode.
+- 1 - User Blocked: The admin has blocked the user from switching their device out of S mode. Only the admin can switch the device out of S mode through the SMode/SwitchFromSMode node.
**SMode/SwitchFromSMode**
Added in Windows 10, version 1809. Switches a device out of S mode if possible. Doesn't reboot. For an example, see [Execute SwitchFromSMode](#smode-switchfromsmode-execute)
Supported operation is Execute.
-**SMode/Status**
+**SMode/Status**
Added in Windows 10, version 1809. Returns the status of the latest SwitchFromSMode set request. For an example, see [Get S mode status](#smode-status-example)
-Value type is integer. Supported operation is Get.
+Value type is integer.
+
+Supported operation is Get.
Values:
-- Request fails with error code 404 - no SwitchFromSMode request has been made.
-- 0 - The device successfully switched out of S mode
-- 1 - The device is processing the request to switch out of S mode
-- 3 - The device was already switched out of S mode
-- 4 - The device failed to switch out of S mode
+
+- Request fails with error code 404 - no SwitchFromSMode request has been made.
+- 0 - The device successfully switched out of S mode.
+- 1 - The device is processing the request to switch out of S mode.
+- 3 - The device was already switched out of S mode.
+- 4 - The device failed to switch out of S mode.
## SyncML examples
-
**CheckApplicability**
```xml
@@ -235,8 +245,6 @@ Values:
> [!NOTE]
> `XXXXX-XXXXX-XXXXX-XXXXX-XXXXX` in the **Data** tag should be replaced with your product key.
-
-
**Edition**
```xml
diff --git a/windows/client-management/mdm/windowslicensing-ddf-file.md b/windows/client-management/mdm/windowslicensing-ddf-file.md
index 5286cedaa2..c570da1af6 100644
--- a/windows/client-management/mdm/windowslicensing-ddf-file.md
+++ b/windows/client-management/mdm/windowslicensing-ddf-file.md
@@ -1,7 +1,6 @@
---
title: WindowsLicensing DDF file
description: Learn about the OMA DM device description framework (DDF) for the WindowsLicensing configuration service provider (CSP).
-ms.assetid: 2A24C922-A167-4CEE-8F74-08E7453800D2
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -15,13 +14,13 @@ ms.date: 07/16/2017
# WindowsLicensing DDF file
> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+> Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
This topic shows the OMA DM device description framework (DDF) for the **WindowsLicensing** configuration service provider. DDF files are used only with OMA DM provisioning XML.
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
-The XML below is for Windows 10, version 1809.
+The XML below is for Windows 10, version 1809 and later.
```xml
@@ -104,7 +103,7 @@ The XML below is for Windows 10, version 1809.
- Returns a value that maps to the Windows 10 edition running on devices. Take the value, convert it into its hexadecimal equivalent and search the GetProductInfo function page on MSDN for edition information.
+ Returns a value that maps to the Windows 10 or Windows 11 edition running on devices. Take the value, convert it into its hexadecimal equivalent and search the GetProductInfo function page on MSDN for edition information.
@@ -128,7 +127,7 @@ The XML below is for Windows 10, version 1809.
- Returns the status of an edition upgrade on Windows 10 client devices. Status: 0 = Failed, 1 = Pending, 2 = In progress, 3 = Completed, 4 = Unknown
+ Returns the status of an edition upgrade on Windows 10 or Windows 11 client devices. Status: 0 = Failed, 1 = Pending, 2 = In progress, 3 = Completed, 4 = Unknown
@@ -349,3 +348,7 @@ The XML below is for Windows 10, version 1809.
```
+
+## Related topics
+
+[WindowsLicensing configuration service provider](windowslicensing-csp.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/wirednetwork-csp.md b/windows/client-management/mdm/wirednetwork-csp.md
index 62808bc9bb..ff85447bbd 100644
--- a/windows/client-management/mdm/wirednetwork-csp.md
+++ b/windows/client-management/mdm/wirednetwork-csp.md
@@ -13,6 +13,17 @@ manager: dansimp
# WiredNetwork CSP
+The table below shows the applicability of Windows:
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
> [!WARNING]
> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
@@ -39,17 +50,19 @@ WiredNetwork
----EnableBlockPeriod
```
**./Device/Vendor/MSFT/WiredNetwork**
-Root node.
+The root node for the wirednetwork configuration service provider.
**LanXML**
Optional. XML describing the wired network configuration and follows the LAN_profile schemas https://msdn.microsoft.com/library/windows/desktop/aa816366(v=vs.85).aspx.
-Supported operations are Add, Get, Replace, and Delete. Value type is string.
+- Supported operations are Add, Get, Replace, and Delete.
+- Value type is string.
**EnableBlockPeriod**
Optional. Enable block period (minutes), used to specify the duration for which automatic authentication attempts will be blocked from occurring after a failed authentication attempt.
-Supported operations are Add, Get, Replace, and Delete. Value type is integer.
+- Supported operations are Add, Get, Replace, and Delete.
+- Value type is integer.
The following example shows how to add a wired network profile:
```xml
@@ -70,3 +83,7 @@ The following example shows how to add a wired network profile:
```
+
+## Related topics
+
+[Configuration service provider reference](configuration-service-provider-reference.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/wirednetwork-ddf-file.md b/windows/client-management/mdm/wirednetwork-ddf-file.md
index bc61e8f7d0..f527c65745 100644
--- a/windows/client-management/mdm/wirednetwork-ddf-file.md
+++ b/windows/client-management/mdm/wirednetwork-ddf-file.md
@@ -167,3 +167,7 @@ The XML below is the current version for this CSP.
```
+
+## Related topics
+
+[WiredNetwork CSP](wirednetwork-csp.md)
diff --git a/windows/client-management/mdm/wmi-providers-supported-in-windows.md b/windows/client-management/mdm/wmi-providers-supported-in-windows.md
index c968865ad0..c185fbbae1 100644
--- a/windows/client-management/mdm/wmi-providers-supported-in-windows.md
+++ b/windows/client-management/mdm/wmi-providers-supported-in-windows.md
@@ -4,7 +4,6 @@ description: Manage settings and applications on devices that subscribe to the M
MS-HAID:
- 'p\_phdevicemgmt.wmi\_providers\_supported\_in\_windows\_10\_technical\_preview'
- 'p\_phDeviceMgmt.wmi\_providers\_supported\_in\_windows'
-ms.assetid: 7D533044-AAD7-4B8F-B71B-9D52C15A168A
ms.reviewer:
manager: dansimp
ms.author: dansimp
diff --git a/windows/client-management/new-policies-for-windows-10.md b/windows/client-management/new-policies-for-windows-10.md
index 79a75c3f90..386ac0ed29 100644
--- a/windows/client-management/new-policies-for-windows-10.md
+++ b/windows/client-management/new-policies-for-windows-10.md
@@ -1,14 +1,10 @@
---
title: New policies for Windows 10 (Windows 10)
description: Learn how Windows 10 includes new policies for management, like Group Policy settings for the Windows system and components.
-ms.assetid: 1F24ABD8-A57A-45EA-BA54-2DA2238C573D
ms.reviewer:
manager: dansimp
ms.author: dansimp
-keywords: ["MDM", "Group Policy", "GP"]
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: dansimp
ms.localizationpriority: medium
ms.date: 09/15/2021
@@ -270,7 +266,7 @@ The following Group Policy settings were added in Windows 10, version 1803:
- Windows Components\IME\Turn on Live Sticker
- Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection\Do not allow video capture redirection
- Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\Use hardware graphics adapters for all Remote Desktop Services sessions
-- Windows Components\Search\Allow Cortana Page in OOBE on an AAD account
+- Windows Components\Search\Allow Cortana Page in OOBE on an Azure Active Directory account
- Windows Components\Store\Disable all apps from Microsoft Store
- Windows Components\Text Input\Allow Uninstallation of Language Features
- Windows Components\Text Input\Improve inking and typing recognition
@@ -311,7 +307,7 @@ The following Group Policy settings were added in Windows 10, version 1709:
- Windows Components\Data Collection and Preview Builds\Limit Enhanced diagnostic data to the minimum required by Windows Analytics
- Windows Components\Handwriting\Handwriting Panel Default Mode Docked
- Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing\Hide the button (next to the New Tab button) that opens Microsoft Edge
-- Windows Components\MDM\Auto MDM Enrollment with AAD Token
+- Windows Components\MDM\Auto MDM Enrollment with Azure Active Directory Token
- Windows Components\Messaging\Allow Message Service Cloud Sync
- Windows Components\Microsoft Edge\Always show the Books Library in Microsoft Edge
- Windows Components\Microsoft Edge\Provision Favorites
diff --git a/windows/client-management/quick-assist.md b/windows/client-management/quick-assist.md
index 120ac4d165..28cd4f3642 100644
--- a/windows/client-management/quick-assist.md
+++ b/windows/client-management/quick-assist.md
@@ -1,30 +1,31 @@
---
title: Use Quick Assist to help users
-description: How IT Pros can use Quick Assist to help users
+description: How IT Pros can use Quick Assist to help users.
ms.prod: w10
-ms.sitesec: library
ms.topic: article
-author: aczechowski
+ms.technology: windows
ms.localizationpriority: medium
+author: aczechowski
ms.author: aaroncz
manager: dougeby
+ms.reviewer: pmadrigal
ms.collection: highpri
---
# Use Quick Assist to help users
-Quick Assist is a Windows application that enables a person to share their device with another person over a remote connection. Your support staff can use it to remotely connect to a user’s device and then view its display, make annotations, or take full control. In this way, they can troubleshoot, diagnose technological issues, and provide instructions to users directly on their devices.
+Quick Assist is a Microsoft Store application that enables a person to share their device with another person over a remote connection. Your support staff can use it to remotely connect to a user's device and then view its display, make annotations, or take full control. In this way, they can troubleshoot, diagnose technological issues, and provide instructions to users directly on their devices.
## Before you begin
-All that's required to use Quick Assist is suitable network and internet connectivity. No particular roles, permissions, or policies are involved. Neither party needs to be in a domain. The helper must have a Microsoft account. The sharer doesn’t have to authenticate.
+All that's required to use Quick Assist is suitable network and internet connectivity. No particular roles, permissions, or policies are involved. Neither party needs to be in a domain. The helper must have a Microsoft account. The sharer doesn't have to authenticate.
> [!NOTE]
> In case the helper and sharer use different keyboard layouts or mouse settings, the ones from the sharer are used during the session.
### Authentication
-The helper can authenticate when they sign in by using a Microsoft Account (MSA) or Azure Active Directory. Local Active Directory authentication is not supported at this time.
+The helper can authenticate when they sign in by using a Microsoft account (MSA) or Azure Active Directory (Azure AD). Local Active Directory authentication isn't currently supported.
### Network considerations
@@ -32,18 +33,20 @@ Quick Assist communicates over port 443 (https) and connects to the Remote Assis
Both the helper and sharer must be able to reach these endpoints over port 443:
-| Domain/Name | Description |
-|-----------------------------------|-------------------------------------------------------|
-| \*.support.services.microsoft.com | Primary endpoint used for Quick Assist application |
-| \*.resources.lync.com | Required for the Skype framework used by Quick Assist |
-| \*.infra.lync.com | Required for the Skype framework used by Quick Assist |
-| \*.latest-swx.cdn.skype.com | Required for the Skype framework used by Quick Assist |
-| \*.login.microsoftonline.com | Required for logging in to the application (MSA) |
-| \*.channelwebsdks.azureedge.net | Used for chat services within Quick Assist |
-| \*.aria.microsoft.com | Used for accessibility features within the app |
-| \*.api.support.microsoft.com | API access for Quick Assist |
-| \*.vortex.data.microsoft.com | Used for diagnostic data |
-| \*.channelservices.microsoft.com | Required for chat services within Quick Assist |
+| Domain/Name | Description |
+|--|--|
+| `*.support.services.microsoft.com` | Primary endpoint used for Quick Assist application |
+| `*.login.microsoftonline.com` | Required for logging in to the application (Microsoft account) |
+| `*.channelwebsdks.azureedge.net` | Used for chat services within Quick Assist |
+| `*.aria.microsoft.com` | Used for accessibility features within the app |
+| `*.api.support.microsoft.com` | API access for Quick Assist |
+| `*.vortex.data.microsoft.com` | Used for diagnostic data |
+| `*.channelservices.microsoft.com` | Required for chat services within Quick Assist |
+| `*.remoteassistanceprodacs.communication.azure.com` | Azure Communication Services (ACS) technology the Quick Assist app uses. |
+| `*.turn.azure.com` | Protocol used to help endpoint. |
+| `browser.pipe.aria.microsoft.com` | Required diagnostic data for client and services used by Quick Assist. |
+| `browser.events.data.microsoft.com` | Required diagnostic data for client and services used by Quick Assist. |
+| `ic3.events.data.microsoft.com` | Required diagnostic data for client and services used by Quick Assist. |
## How it works
@@ -73,9 +76,9 @@ Microsoft logs a small amount of session data to monitor the health of the Quick
- Features used inside the app such as view only, annotation, and session pause
-No logs are created on either the helper’s or sharer’s device. Microsoft cannot access a session or view any actions or keystrokes that occur in the session.
+No logs are created on either the helper's or sharer's device. Microsoft can't access a session or view any actions or keystrokes that occur in the session.
-The sharer sees only an abbreviated version of the helper’s name (first name, last initial) and no other information about them. Microsoft does not store any data about either the sharer or the helper for longer than three days.
+The sharer sees only an abbreviated version of the helper's name (first name, last initial) and no other information about them. Microsoft doesn't store any data about either the sharer or the helper for longer than three days.
In some scenarios, the helper does require the sharer to respond to application permission prompts (User Account Control), but otherwise the helper has the same permissions as the sharer on the device.
@@ -83,8 +86,7 @@ In some scenarios, the helper does require the sharer to respond to application
Either the support staff or a user can start a Quick Assist session.
-
-1. Support staff (“helper”) starts Quick Assist in any of a few ways:
+1. Support staff ("helper") starts Quick Assist in any of a few ways:
- Type *Quick Assist* in the search box and press ENTER.
- From the Start menu, select **Windows Accessories**, and then select **Quick Assist**.
@@ -94,32 +96,16 @@ Either the support staff or a user can start a Quick Assist session.
3. Helper shares the security code with the user over the phone or with a messaging system.
-4. Quick Assist opens on the sharer’s device. The user enters the provided code in the **Code from assistant** box, and then selects **Share screen**.
+4. Quick Assist opens on the sharer's device. The user enters the provided code in the **Code from assistant** box, and then selects **Share screen**.
-5. The helper receives a dialog offering the opportunity to take full control of the device or just view its screen. After choosing, the helper selects **Continue**.
+5. The helper receives a dialog offering the opportunity to take full control of the device or just view its screen. After they choose an option, the helper selects **Continue**.
6. The sharer receives a dialog asking for permission to show their screen or allow access. The sharer gives permission by selecting the **Allow** button.
## If Quick Assist is missing
-If for some reason a user doesn't have Quick Assist on their system or it's not working properly, they might need to uninstall and reinstall it.
-
-### Uninstall Quick Assist
-
-1. Start the Settings app, and then select **Apps**.
-2. Select **Optional features**.
-3. In the **Installed features** search bar, type *Quick Assist*.
-4. Select **Microsoft Quick Assist**, and then select **Uninstall**.
-
-### Reinstall Quick Assist
-
-1. Start the Settings app, and then select **Apps**.
-2. Select **Optional features**.
-3. Select **Add a feature**.
-4. In the new dialog that opens, in the **Add an optional feature** search bar, type *Quick Assist*.
-5. Select the check box for **Microsoft Quick Assist**, and then select **Install**.
-6. Restart the device.
+If for some reason a user doesn't have Quick Assist on their system or it's not working properly, try to uninstall and reinstall it. For more information, see [Install Quick Assist](https://support.microsoft.com/windows/install-quick-assist-c17479b7-a49d-4d12-938c-dbfb97c88bca).
## Next steps
-If you have any problems, questions, or suggestions for Quick Assist, contact us by using the [Feedback Hub app](https://www.microsoft.com/p/feedback-hub/9nblggh4r32n?SilentAuth=1&wa=wsignin1.0&rtc=1#activetab=pivot:overviewtab).
+If you have any problems, questions, or suggestions for Quick Assist, contact us by using the [Feedback Hub app](https://support.microsoft.com/windows/send-feedback-to-microsoft-with-the-feedback-hub-app-f59187f8-8739-22d6-ba93-f66612949332).
diff --git a/windows/client-management/system-failure-recovery-options.md b/windows/client-management/system-failure-recovery-options.md
index 777b9fa6ec..d8b8b2c1b8 100644
--- a/windows/client-management/system-failure-recovery-options.md
+++ b/windows/client-management/system-failure-recovery-options.md
@@ -2,7 +2,6 @@
title: Configure system failure and recovery options in Windows
description: Learn how to configure the actions that Windows takes when a system error occurs and what the recovery options are.
ms.prod: w10
-ms.sitesec: library
ms.topic: troubleshooting
author: Deland-Han
ms.localizationpriority: medium
diff --git a/windows/client-management/troubleshoot-event-id-41-restart.md b/windows/client-management/troubleshoot-event-id-41-restart.md
index 48678bf786..07b7e3a9ca 100644
--- a/windows/client-management/troubleshoot-event-id-41-restart.md
+++ b/windows/client-management/troubleshoot-event-id-41-restart.md
@@ -11,7 +11,6 @@ ms.custom:
- CSSTroubleshooting
audience: ITPro
ms.localizationpriority: medium
-keywords: event id 41, reboot, restart, stop error, bug check code
manager: kaushika
ms.collection: highpri
---
diff --git a/windows/client-management/troubleshoot-inaccessible-boot-device.md b/windows/client-management/troubleshoot-inaccessible-boot-device.md
index 3437793da8..0871f37f71 100644
--- a/windows/client-management/troubleshoot-inaccessible-boot-device.md
+++ b/windows/client-management/troubleshoot-inaccessible-boot-device.md
@@ -2,8 +2,6 @@
title: Advanced advice for Stop error 7B, Inaccessible_Boot_Device
description: Learn how to troubleshoot Stop error 7B or Inaccessible_Boot_Device. This error might occur after some changes are made to the computer,
ms.prod: w10
-ms.mktglfcycl:
-ms.sitesec: library
ms.topic: troubleshooting
author: dansimp
ms.localizationpriority: medium
diff --git a/windows/client-management/troubleshoot-networking.md b/windows/client-management/troubleshoot-networking.md
index 3f28ccd47b..3e9561ed60 100644
--- a/windows/client-management/troubleshoot-networking.md
+++ b/windows/client-management/troubleshoot-networking.md
@@ -4,7 +4,6 @@ ms.reviewer:
manager: dansimp
description: Learn about the topics that are available to help you troubleshoot common problems related to Windows networking.
ms.prod: w10
-ms.sitesec: library
ms.topic: troubleshooting
author: dansimp
ms.localizationpriority: medium
diff --git a/windows/client-management/troubleshoot-stop-error-on-broadcom-driver-update.md b/windows/client-management/troubleshoot-stop-error-on-broadcom-driver-update.md
index a22426c30a..e26d6a5173 100644
--- a/windows/client-management/troubleshoot-stop-error-on-broadcom-driver-update.md
+++ b/windows/client-management/troubleshoot-stop-error-on-broadcom-driver-update.md
@@ -11,7 +11,6 @@ ms.custom:
- CSSTroubleshooting
audience: ITPro
ms.localizationpriority: medium
-keywords:
manager: kaushika
---
diff --git a/windows/client-management/troubleshoot-tcpip-connectivity.md b/windows/client-management/troubleshoot-tcpip-connectivity.md
index 56573160e6..a04d75d606 100644
--- a/windows/client-management/troubleshoot-tcpip-connectivity.md
+++ b/windows/client-management/troubleshoot-tcpip-connectivity.md
@@ -2,7 +2,6 @@
title: Troubleshoot TCP/IP connectivity
description: Learn how to troubleshoot TCP/IP connectivity and what you should do if you come across TCP reset in a network capture.
ms.prod: w10
-ms.sitesec: library
ms.topic: troubleshooting
author: dansimp
ms.localizationpriority: medium
diff --git a/windows/client-management/troubleshoot-tcpip-netmon.md b/windows/client-management/troubleshoot-tcpip-netmon.md
index aed2257b4d..18eff7c2dd 100644
--- a/windows/client-management/troubleshoot-tcpip-netmon.md
+++ b/windows/client-management/troubleshoot-tcpip-netmon.md
@@ -2,7 +2,6 @@
title: Collect data using Network Monitor
description: Learn how to run Network Monitor to collect data for troubleshooting TCP/IP connectivity.
ms.prod: w10
-ms.sitesec: library
ms.topic: troubleshooting
author: dansimp
ms.localizationpriority: medium
diff --git a/windows/client-management/troubleshoot-tcpip-port-exhaust.md b/windows/client-management/troubleshoot-tcpip-port-exhaust.md
index 938136edad..6a732b7a1d 100644
--- a/windows/client-management/troubleshoot-tcpip-port-exhaust.md
+++ b/windows/client-management/troubleshoot-tcpip-port-exhaust.md
@@ -2,7 +2,6 @@
title: Troubleshoot port exhaustion issues
description: Learn how to troubleshoot port exhaustion issues. Port exhaustion occurs when all the ports on a machine are used.
ms.prod: w10
-ms.sitesec: library
ms.topic: troubleshooting
author: dansimp
ms.localizationpriority: medium
diff --git a/windows/client-management/troubleshoot-tcpip-rpc-errors.md b/windows/client-management/troubleshoot-tcpip-rpc-errors.md
index ed7f973fef..0ed8972088 100644
--- a/windows/client-management/troubleshoot-tcpip-rpc-errors.md
+++ b/windows/client-management/troubleshoot-tcpip-rpc-errors.md
@@ -2,7 +2,6 @@
title: Troubleshoot Remote Procedure Call (RPC) errors
description: Learn how to troubleshoot Remote Procedure Call (RPC) errors when connecting to Windows Management Instrumentation (WMI), SQL Server, or during a remote connection.
ms.prod: w10
-ms.sitesec: library
ms.topic: troubleshooting
author: dansimp
ms.localizationpriority: medium
diff --git a/windows/client-management/troubleshoot-tcpip.md b/windows/client-management/troubleshoot-tcpip.md
index 1ffd3f1dc2..e449140d95 100644
--- a/windows/client-management/troubleshoot-tcpip.md
+++ b/windows/client-management/troubleshoot-tcpip.md
@@ -2,7 +2,6 @@
title: Advanced troubleshooting for TCP/IP issues
description: Learn how to troubleshoot common problems in a TCP/IP network environment, for example by collecting data using Network monitor.
ms.prod: w10
-ms.sitesec: library
ms.topic: troubleshooting
author: dansimp
ms.localizationpriority: medium
diff --git a/windows/client-management/troubleshoot-windows-freeze.md b/windows/client-management/troubleshoot-windows-freeze.md
index 9820130606..aeb80a0007 100644
--- a/windows/client-management/troubleshoot-windows-freeze.md
+++ b/windows/client-management/troubleshoot-windows-freeze.md
@@ -225,7 +225,7 @@ If the physical computer is still running in a frozen state, follow these steps
Pool Monitor shows you the number of allocations and outstanding bytes of allocation by type of pool and the tag that is passed into calls of ExAllocatePoolWithTag.
-For more information, see [How to use Memory Pool Monitor to troubleshoot kernel mode memory leaks](https://support.microsoft.com/topic/4f4a05c2-ef8a-fca4-3ae0-670b940af398).
+For more information, see [Using PoolMon to Find a Kernel-Mode Memory Leak](/windows-hardware/drivers/debugger/using-poolmon-to-find-a-kernel-mode-memory-leak) and [PoolMon Examples](/windows-hardware/drivers/devtest/poolmon-examples).
### Use memory dump to collect data for the virtual machine that's running in a frozen state
diff --git a/windows/client-management/troubleshoot-windows-startup.md b/windows/client-management/troubleshoot-windows-startup.md
index 9d9283a355..c2ae601920 100644
--- a/windows/client-management/troubleshoot-windows-startup.md
+++ b/windows/client-management/troubleshoot-windows-startup.md
@@ -2,7 +2,6 @@
title: Advanced troubleshooting for Windows start-up issues
description: Learn advanced options for how to troubleshoot common Windows start-up issues, like system crashes and freezes.
ms.prod: w10
-ms.sitesec: library
ms.topic: troubleshooting
author: dansimp
ms.localizationpriority: medium
diff --git a/windows/client-management/windows-10-support-solutions.md b/windows/client-management/windows-10-support-solutions.md
index 2c423bfbc7..021f22ec21 100644
--- a/windows/client-management/windows-10-support-solutions.md
+++ b/windows/client-management/windows-10-support-solutions.md
@@ -4,8 +4,6 @@ description: Learn where to find information about troubleshooting Windows 10 is
ms.reviewer: kaushika
manager: dansimp
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
ms.author: kaushika
author: kaushika-msft
ms.localizationpriority: medium
diff --git a/windows/client-management/windows-libraries.md b/windows/client-management/windows-libraries.md
index 5db8c1238b..16ef254939 100644
--- a/windows/client-management/windows-libraries.md
+++ b/windows/client-management/windows-libraries.md
@@ -1,5 +1,4 @@
---
-ms.assetid: e68cd672-9dea-4ff8-b725-a915f33d8fd2
ms.reviewer:
manager: dansimp
title: Windows Libraries
@@ -12,6 +11,7 @@ author: dansimp
description: All about Windows Libraries, which are containers for users' content, such as Documents and Pictures.
ms.date: 09/15/2021
---
+
# Windows libraries
> Applies to: Windows 10, Windows 11, Windows 8.1, Windows 7, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2
diff --git a/windows/client-management/windows-version-search.md b/windows/client-management/windows-version-search.md
index 52a2fb766d..462b458840 100644
--- a/windows/client-management/windows-version-search.md
+++ b/windows/client-management/windows-version-search.md
@@ -1,10 +1,7 @@
---
title: What version of Windows am I running?
description: Discover which version of Windows you are running to determine whether or not your device is enrolled in the Long-Term Servicing Channel or General Availability Channel.
-keywords: Long-Term Servicing Channel, LTSC, LTSB, General Availability Channel, GAC, Windows, version, OS Build
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: dansimp
ms.author: dansimp
ms.date: 04/30/2018
@@ -15,7 +12,7 @@ ms.topic: troubleshooting
# What version of Windows am I running?
-To determine if your device is enrolled in the [Long-Term Servicing Channel](/windows/deployment/update/waas-overview#servicing-channels) (LTSC, formerly LTSB) or the [General Availability Channel](/windows/deployment/update/waas-overview#servicing-channels) (SAC) you'll need to know what version of Windows 10 you're running. There are a few ways to figure this out. Each method provides a different set of details, so it’s useful to learn about all of them.
+To determine if your device is enrolled in the [Long-Term Servicing Channel](/windows/deployment/update/waas-overview#servicing-channels) (LTSC, formerly LTSB) or the [General Availability Channel](/windows/deployment/update/waas-overview#servicing-channels) (GA Channel) you'll need to know what version of Windows 10 you're running. There are a few ways to figure this out. Each method provides a different set of details, so it’s useful to learn about all of them.
## System Properties
Click **Start** > **Settings** > **System** > click **About** from the bottom of the left-hand menu
diff --git a/windows/configuration/changes-to-start-policies-in-windows-10.md b/windows/configuration/changes-to-start-policies-in-windows-10.md
index 756137de7c..aa66136bfb 100644
--- a/windows/configuration/changes-to-start-policies-in-windows-10.md
+++ b/windows/configuration/changes-to-start-policies-in-windows-10.md
@@ -1,13 +1,9 @@
---
title: Changes to Group Policy settings for Windows 10 Start menu (Windows 10)
description: Learn about changes to Group Policy settings for the Windows 10 Start menu. Also, learn about the new Windows 10 Start experience.
-ms.assetid: 612FB68A-3832-451F-AA97-E73791FEAA9F
ms.reviewer:
manager: dougeby
-keywords: ["group policy", "start menu", "start screen"]
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.author: aaroncz
ms.topic: article
diff --git a/windows/configuration/configure-windows-10-taskbar.md b/windows/configuration/configure-windows-10-taskbar.md
index 500f5c624f..bf089eb4ba 100644
--- a/windows/configuration/configure-windows-10-taskbar.md
+++ b/windows/configuration/configure-windows-10-taskbar.md
@@ -1,10 +1,7 @@
---
title: Configure Windows 10 taskbar (Windows 10)
description: Administrators can pin additional apps to the taskbar and remove default pinned apps from the taskbar by adding a section to a layout modification XML file.
-keywords: ["taskbar layout","pin apps"]
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.author: aaroncz
ms.topic: article
@@ -14,6 +11,7 @@ ms.reviewer:
manager: dougeby
ms.collection: highpri
---
+
# Configure Windows 10 taskbar
Starting in Windows 10, version 1607, administrators can pin additional apps to the taskbar and remove default pinned apps from the taskbar by adding a `` section to a layout modification XML file. This method never removes user-pinned apps from the taskbar.
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-crm.md b/windows/configuration/cortana-at-work/cortana-at-work-crm.md
index 805a227811..e82f329a86 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-crm.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-crm.md
@@ -2,8 +2,6 @@
title: Set up and test Cortana with Microsoft Dynamics CRM (Preview feature) in Windows
description: How to set up Cortana to give salespeople insights on important CRM activities, including sales leads, accounts, and opportunities.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-feedback.md b/windows/configuration/cortana-at-work/cortana-at-work-feedback.md
index 6d940ecc14..a342f659be 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-feedback.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-feedback.md
@@ -2,8 +2,6 @@
title: Send feedback about Cortana at work back to Microsoft
description: Learn how to send feedback to Microsoft about Cortana at work so you can provide more information to help diagnose reported issues..
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-o365.md b/windows/configuration/cortana-at-work/cortana-at-work-o365.md
index d949c55ed5..633b1edf0b 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-o365.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-o365.md
@@ -2,8 +2,6 @@
title: Set up and test Cortana in Windows 10, versions 1909 and earlier, with Microsoft 365 in your organization
description: Learn how to connect Cortana to Office 365 so employees are notified about regular meetings and unusual events. You can even set an alarm for early meetings.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -29,7 +27,7 @@ There are a few things to be aware of before you start using Cortana in Windows
- **Office 365 Trust Center.** Cortana in Windows 10, version 1909 and earlier, isn't a service governed by the [Online Services Terms](https://www.microsoft.com/en-us/licensing/product-licensing/products). [Learn more about how Cortana in Windows 10, versions 1909 and earlier, treats your data](https://support.microsoft.com/en-us/help/4468233/cortana-and-privacy-microsoft-privacy).
-- Windows Information Protection (WIP). If you want to secure the calendar, email, and contact info provided to Cortana on a device, you can use WIP. For more info about WIP, see [Protect your enterprise data using Windows Information Protection (WIP)](/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip). If you decide to use WIP, you must also have a management solution. This can be Microsoft Intune, Microsoft Endpoint Manager (version 1606 or later), or your current company-wide 3rd party mobile device management (MDM) solution.
+- Windows Information Protection (WIP). If you want to secure the calendar, email, and contact info provided to Cortana on a device, you can use WIP. For more info about WIP, see [Protect your enterprise data using Windows Information Protection (WIP)](/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip). If you decide to use Windows Information Protection, you must also have a management solution. This can be Microsoft Intune, Microsoft Endpoint Manager (version 1606 or later), or your current company-wide 3rd party mobile device management (MDM) solution.
- **Troubleshooting tips.** If you run into issues, check out these [troubleshooting tips](/office365/troubleshoot/miscellaneous/issues-in-cortana).
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-overview.md b/windows/configuration/cortana-at-work/cortana-at-work-overview.md
index 2b72551c54..88b9b1e042 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-overview.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-overview.md
@@ -4,8 +4,6 @@ ms.reviewer:
manager: dougeby
description: Cortana includes powerful configuration options specifically to optimize for unique small to medium-sized business and for enterprise environments.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md b/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md
index 2eb0ba6a03..97966260a0 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md
@@ -2,8 +2,6 @@
title: Configure Cortana with Group Policy and MDM settings (Windows)
description: The list of Group Policy and mobile device management (MDM) policy settings that apply to Cortana at work.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-powerbi.md b/windows/configuration/cortana-at-work/cortana-at-work-powerbi.md
index a54d958f6e..fd81d85f3a 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-powerbi.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-powerbi.md
@@ -2,8 +2,6 @@
title: Set up and test Cortana for Power BI in your organization (Windows)
description: How to integrate Cortana with Power BI to help your employees get answers directly from your key business data.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md
index de0f3315ae..f19d6c310d 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md
@@ -2,8 +2,6 @@
title: Sign into Azure AD, enable the wake word, and try a voice query
description: A test scenario walking you through signing in and managing the notebook.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md
index b9c64414bc..4c019223d3 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md
@@ -2,8 +2,6 @@
title: Perform a quick search with Cortana at work (Windows)
description: This is a test scenario about how to perform a quick search with Cortana at work.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md
index 68ba398dbf..f6d46feb8f 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md
@@ -2,8 +2,6 @@
title: Set a reminder for a location with Cortana at work (Windows)
description: A test scenario about how to set a location-based reminder using Cortana at work.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md
index 6c6a391833..6a45297397 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md
@@ -2,8 +2,6 @@
title: Use Cortana at work to find your upcoming meetings (Windows)
description: A test scenario on how to use Cortana at work to find your upcoming meetings.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md
index 63f5f07436..5085f7608d 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md
@@ -2,8 +2,6 @@
title: Use Cortana to send email to a co-worker (Windows)
description: A test scenario about how to use Cortana at work to send email to a co-worker.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md
index c4647b52d8..b05c1179dc 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md
@@ -2,8 +2,6 @@
title: Review a reminder suggested by Cortana (Windows)
description: A test scenario on how to use Cortana with the Suggested reminders feature.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md
index 6a7ab71a9a..ed2e51d53c 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md
@@ -2,8 +2,6 @@
title: Help protect data with Cortana and WIP (Windows)
description: An optional test scenario about how to use Cortana at work with Windows Information Protection (WIP).
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md b/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md
index cf0cd10b10..55023907da 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md
@@ -2,8 +2,6 @@
title: Cortana at work testing scenarios
description: Suggested testing scenarios that you can use to test Cortana in your organization.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md b/windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md
index 10a3e5644b..fb38e50ec2 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md
@@ -2,8 +2,6 @@
title: Set up and test custom voice commands in Cortana for your organization (Windows)
description: How to create voice commands that use Cortana to perform voice-enabled actions in your line-of-business (LOB) Universal Windows Platform (UWP) apps.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md b/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md
index b922d049e4..b2a351551c 100644
--- a/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md
+++ b/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md
@@ -4,8 +4,6 @@ ms.reviewer:
manager: dougeby
description: Cortana includes powerful configuration options specifically to optimize unique small to medium-sized business and enterprise environments.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -46,4 +44,4 @@ When a user enters a search query (by speech or text), Cortana evaluates if the
Bing Answers is enabled by default for all users. However, admins can configure and change this for specific users and user groups in their organization.
## How the Bing Answer policy configuration is applied
-Before a query is sent to Bing for a search of public results from Bing.com, the Bing Answers service checks with the Office Cloud Policy Service to see if there are any policy configurations that pertain to the user for allowing Bing Answers to respond to questions users ask Cortana. If the user is a member of an AAD group that is assigned that policy configuration, then the appropriate policy settings are applied and a check is made again in 10 minutes.
+Before a query is sent to Bing for a search of public results from Bing.com, the Bing Answers service checks with the Office Cloud Policy Service to see if there are any policy configurations that pertain to the user for allowing Bing Answers to respond to questions users ask Cortana. If the user is a member of an Azure Active Directory group that is assigned that policy configuration, then the appropriate policy settings are applied and a check is made again in 10 minutes.
diff --git a/windows/configuration/cortana-at-work/test-scenario-1.md b/windows/configuration/cortana-at-work/test-scenario-1.md
index 729352fb95..d11ddd9fbf 100644
--- a/windows/configuration/cortana-at-work/test-scenario-1.md
+++ b/windows/configuration/cortana-at-work/test-scenario-1.md
@@ -2,8 +2,6 @@
title: Test scenario 1 – Sign in with your work or school account and use Cortana to manage the notebook
description: A test scenario about how to sign in with your work or school account and use Cortana to manage the notebook.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/cortana-at-work/test-scenario-2.md b/windows/configuration/cortana-at-work/test-scenario-2.md
index 86c279c752..f9128ac53e 100644
--- a/windows/configuration/cortana-at-work/test-scenario-2.md
+++ b/windows/configuration/cortana-at-work/test-scenario-2.md
@@ -2,8 +2,6 @@
title: Test scenario 2 - Perform a quick search with Cortana at work
description: A test scenario about how to perform a quick search with Cortana at work.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/cortana-at-work/test-scenario-3.md b/windows/configuration/cortana-at-work/test-scenario-3.md
index f1706c3579..0bef2a7ad9 100644
--- a/windows/configuration/cortana-at-work/test-scenario-3.md
+++ b/windows/configuration/cortana-at-work/test-scenario-3.md
@@ -2,8 +2,6 @@
title: Test scenario 3 - Set a reminder for a specific location using Cortana at work
description: A test scenario about how to set up, review, and edit a reminder based on a location.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/cortana-at-work/test-scenario-4.md b/windows/configuration/cortana-at-work/test-scenario-4.md
index 635172f826..45d2df199c 100644
--- a/windows/configuration/cortana-at-work/test-scenario-4.md
+++ b/windows/configuration/cortana-at-work/test-scenario-4.md
@@ -2,8 +2,6 @@
title: Use Cortana to find your upcoming meetings at work (Windows)
description: A test scenario about how to use Cortana at work to find your upcoming meetings.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/cortana-at-work/test-scenario-5.md b/windows/configuration/cortana-at-work/test-scenario-5.md
index 7770f46dfd..4a890aca59 100644
--- a/windows/configuration/cortana-at-work/test-scenario-5.md
+++ b/windows/configuration/cortana-at-work/test-scenario-5.md
@@ -2,8 +2,6 @@
title: Use Cortana to send an email to co-worker (Windows)
description: A test scenario on how to use Cortana at work to send email to a co-worker.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/cortana-at-work/test-scenario-6.md b/windows/configuration/cortana-at-work/test-scenario-6.md
index e9b09188c2..eea07d4bbe 100644
--- a/windows/configuration/cortana-at-work/test-scenario-6.md
+++ b/windows/configuration/cortana-at-work/test-scenario-6.md
@@ -2,8 +2,6 @@
title: Test scenario 6 - Review a reminder suggested by Cortana based on what you’ve promised in email
description: A test scenario about how to use Cortana with the Suggested reminders feature.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/cortana-at-work/testing-scenarios-using-cortana-in-business-org.md b/windows/configuration/cortana-at-work/testing-scenarios-using-cortana-in-business-org.md
index 57153a781a..b62794ff0f 100644
--- a/windows/configuration/cortana-at-work/testing-scenarios-using-cortana-in-business-org.md
+++ b/windows/configuration/cortana-at-work/testing-scenarios-using-cortana-in-business-org.md
@@ -2,8 +2,6 @@
title: Testing scenarios using Cortana in your business or organization
description: A list of suggested testing scenarios that you can use to test Cortana in your organization.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/customize-and-export-start-layout.md b/windows/configuration/customize-and-export-start-layout.md
index c979753ccb..5f13879817 100644
--- a/windows/configuration/customize-and-export-start-layout.md
+++ b/windows/configuration/customize-and-export-start-layout.md
@@ -1,13 +1,9 @@
---
title: Customize and export Start layout (Windows 10)
description: The easiest method for creating a customized Start layout is to set up the Start screen and export the layout.
-ms.assetid: CA8DF327-5DD4-452F-9FE5-F17C514B6236
ms.reviewer:
manager: dougeby
-keywords: ["start screen"]
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.author: aaroncz
ms.topic: article
diff --git a/windows/configuration/customize-start-menu-layout-windows-11.md b/windows/configuration/customize-start-menu-layout-windows-11.md
index f21e9bf9dc..069e047309 100644
--- a/windows/configuration/customize-start-menu-layout-windows-11.md
+++ b/windows/configuration/customize-start-menu-layout-windows-11.md
@@ -1,14 +1,10 @@
---
title: Add or remove pinned apps on the Start menu in Windows 11 | Microsoft Docs
description: Export Start layout to LayoutModification.json with pinned apps, and add or remove pinned apps. Use the JSON text in an MDM policy to deploy a custom Start menu layout to Windows 11 devices.
-ms.assetid:
manager: dougeby
ms.author: aaroncz
ms.reviewer: ericpapa
ms.prod: w11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: mobile
author: aczechowski
ms.localizationpriority: medium
ms.collection: highpri
diff --git a/windows/configuration/customize-taskbar-windows-11.md b/windows/configuration/customize-taskbar-windows-11.md
index 8679cc641f..51335436d5 100644
--- a/windows/configuration/customize-taskbar-windows-11.md
+++ b/windows/configuration/customize-taskbar-windows-11.md
@@ -1,14 +1,10 @@
---
title: Configure and customize Windows 11 taskbar | Microsoft Docs
description: On Windows 11 devices, pin and unpin default apps and organization apps on the taskbar using an XML file. Deploy the taskbar XML file using Group Policy or MDM and Microsoft Endpoint Manager. See what happens to the taskbar when the Windows OS client is installed or upgraded.
-ms.assetid:
manager: dougeby
ms.author: aaroncz
ms.reviewer: chataylo
ms.prod: w11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: mobile
author: aczechowski
ms.localizationpriority: medium
ms.collection: highpri
diff --git a/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md b/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md
index 434d699db3..15c1cc2cad 100644
--- a/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md
+++ b/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md
@@ -1,13 +1,9 @@
---
title: Customize Windows 10 Start and taskbar with Group Policy (Windows 10)
description: In Windows 10, you can use a Group Policy Object (GPO) to deploy a customized Start layout to users in a domain.
-ms.assetid: F4A47B36-F1EF-41CD-9CBA-04C83E960545
ms.reviewer:
manager: dougeby
-keywords: ["Start layout", "start menu", "layout", "group policy"]
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md b/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md
index a06b4c2919..fb50dc5a39 100644
--- a/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md
+++ b/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md
@@ -1,13 +1,9 @@
---
title: Change the Windows 10 Start and taskbar using mobile device management | Microsoft Docs
description: In Windows 10, you can use a mobile device management (MDM) policy to deploy a customized Start and taskbar layout to users. For example, use Microsoft Intune to configure the start menu layout and taskbar, and deploy the policy to your devices.
-ms.assetid: F487850D-8950-41FB-9B06-64240127C1E4
ms.reviewer:
manager: dougeby
-keywords: ["start screen", "start menu"]
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.topic: article
ms.author: aaroncz
diff --git a/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md b/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md
index 110d43b999..0a2038ce7d 100644
--- a/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md
+++ b/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md
@@ -1,13 +1,9 @@
---
title: Customize Windows 10 Start and taskbar with provisioning packages (Windows 10)
description: In Windows 10, you can use a provisioning package to deploy a customized Start layout to users.
-ms.assetid: AC952899-86A0-42FC-9E3C-C25F45B1ACAC
ms.reviewer:
manager: dougeby
-keywords: ["Start layout", "start menu"]
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.author: aaroncz
ms.topic: article
diff --git a/windows/configuration/guidelines-for-assigned-access-app.md b/windows/configuration/guidelines-for-assigned-access-app.md
index 7ec5869bf1..ce8ad34838 100644
--- a/windows/configuration/guidelines-for-assigned-access-app.md
+++ b/windows/configuration/guidelines-for-assigned-access-app.md
@@ -1,10 +1,7 @@
---
title: Guidelines for choosing an app for assigned access (Windows 10/11)
description: The following guidelines may help you choose an appropriate Windows app for your assigned access experience.
-keywords: ["kiosk", "lockdown", "assigned access"]
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/images/choose-package.png b/windows/configuration/images/choose-package.png
deleted file mode 100644
index 2bf7a18648..0000000000
Binary files a/windows/configuration/images/choose-package.png and /dev/null differ
diff --git a/windows/configuration/images/oobe.jpg b/windows/configuration/images/oobe.jpg
deleted file mode 100644
index 2e700971c1..0000000000
Binary files a/windows/configuration/images/oobe.jpg and /dev/null differ
diff --git a/windows/configuration/images/oobe.png b/windows/configuration/images/oobe.png
new file mode 100644
index 0000000000..331797c251
Binary files /dev/null and b/windows/configuration/images/oobe.png differ
diff --git a/windows/configuration/images/package.png b/windows/configuration/images/package.png
deleted file mode 100644
index e10cf84f51..0000000000
Binary files a/windows/configuration/images/package.png and /dev/null differ
diff --git a/windows/configuration/images/prov.jpg b/windows/configuration/images/prov.jpg
deleted file mode 100644
index 1593ccb36b..0000000000
Binary files a/windows/configuration/images/prov.jpg and /dev/null differ
diff --git a/windows/configuration/images/provisioning-oobe-choice.png b/windows/configuration/images/provisioning-oobe-choice.png
new file mode 100644
index 0000000000..503fa8f17b
Binary files /dev/null and b/windows/configuration/images/provisioning-oobe-choice.png differ
diff --git a/windows/configuration/images/provisioning-oobe-choose-package.png b/windows/configuration/images/provisioning-oobe-choose-package.png
new file mode 100644
index 0000000000..68b23dae54
Binary files /dev/null and b/windows/configuration/images/provisioning-oobe-choose-package.png differ
diff --git a/windows/configuration/images/provisioning-oobe-installing.png b/windows/configuration/images/provisioning-oobe-installing.png
new file mode 100644
index 0000000000..4b05a90946
Binary files /dev/null and b/windows/configuration/images/provisioning-oobe-installing.png differ
diff --git a/windows/configuration/images/provisioning-runtime-UAC.png b/windows/configuration/images/provisioning-runtime-UAC.png
new file mode 100644
index 0000000000..5e00691b05
Binary files /dev/null and b/windows/configuration/images/provisioning-runtime-UAC.png differ
diff --git a/windows/configuration/images/provisioning-runtime-add-package.png b/windows/configuration/images/provisioning-runtime-add-package.png
new file mode 100644
index 0000000000..542c73fe6e
Binary files /dev/null and b/windows/configuration/images/provisioning-runtime-add-package.png differ
diff --git a/windows/configuration/images/provisioning-runtime-choose-package.png b/windows/configuration/images/provisioning-runtime-choose-package.png
new file mode 100644
index 0000000000..00a8f198a3
Binary files /dev/null and b/windows/configuration/images/provisioning-runtime-choose-package.png differ
diff --git a/windows/configuration/images/provisioning-runtime-click-to-install.png b/windows/configuration/images/provisioning-runtime-click-to-install.png
new file mode 100644
index 0000000000..5e06f26654
Binary files /dev/null and b/windows/configuration/images/provisioning-runtime-click-to-install.png differ
diff --git a/windows/configuration/images/provisioning-runtime-manage-packages.png b/windows/configuration/images/provisioning-runtime-manage-packages.png
new file mode 100644
index 0000000000..657e69b945
Binary files /dev/null and b/windows/configuration/images/provisioning-runtime-manage-packages.png differ
diff --git a/windows/configuration/images/provisioning-runtime-trust.png b/windows/configuration/images/provisioning-runtime-trust.png
new file mode 100644
index 0000000000..50cb98ff3b
Binary files /dev/null and b/windows/configuration/images/provisioning-runtime-trust.png differ
diff --git a/windows/configuration/images/setupmsg.jpg b/windows/configuration/images/setupmsg.jpg
deleted file mode 100644
index 06348dd2b8..0000000000
Binary files a/windows/configuration/images/setupmsg.jpg and /dev/null differ
diff --git a/windows/configuration/images/trust-package.png b/windows/configuration/images/trust-package.png
deleted file mode 100644
index 8a293ea4da..0000000000
Binary files a/windows/configuration/images/trust-package.png and /dev/null differ
diff --git a/windows/configuration/includes/multi-app-kiosk-support-windows11.md b/windows/configuration/includes/multi-app-kiosk-support-windows11.md
index e3b0982b66..efe346ced6 100644
--- a/windows/configuration/includes/multi-app-kiosk-support-windows11.md
+++ b/windows/configuration/includes/multi-app-kiosk-support-windows11.md
@@ -3,7 +3,6 @@ author: aczechowski
ms.author: aaroncz
ms.date: 09/21/2021
ms.reviewer:
-audience: itpro
manager: dougeby
ms.prod: w10
ms.topic: include
diff --git a/windows/configuration/kiosk-additional-reference.md b/windows/configuration/kiosk-additional-reference.md
index cd38222026..fda7a6c1da 100644
--- a/windows/configuration/kiosk-additional-reference.md
+++ b/windows/configuration/kiosk-additional-reference.md
@@ -1,14 +1,10 @@
---
title: More kiosk methods and reference information (Windows 10/11)
description: Find more information for configuring, validating, and troubleshooting kiosk configuration.
-ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC
ms.reviewer: sybruckm
manager: dougeby
ms.author: aaroncz
-keywords: ["assigned access", "kiosk", "lockdown", "digital sign", "digital signage"]
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.topic: reference
diff --git a/windows/configuration/kiosk-mdm-bridge.md b/windows/configuration/kiosk-mdm-bridge.md
index 7c0a77b39e..509e5e3983 100644
--- a/windows/configuration/kiosk-mdm-bridge.md
+++ b/windows/configuration/kiosk-mdm-bridge.md
@@ -1,14 +1,10 @@
---
title: Use MDM Bridge WMI Provider to create a Windows 10/11 kiosk (Windows 10/11)
description: Environments that use Windows Management Instrumentation (WMI) can use the MDM Bridge WMI Provider to configure the MDM_AssignedAccess class.
-ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC
ms.reviewer: sybruckm
manager: dougeby
ms.author: aaroncz
-keywords: ["assigned access", "kiosk", "lockdown", "digital sign", "digital signage"]
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.topic: article
diff --git a/windows/configuration/kiosk-methods.md b/windows/configuration/kiosk-methods.md
index ea9c57c785..c444568fe9 100644
--- a/windows/configuration/kiosk-methods.md
+++ b/windows/configuration/kiosk-methods.md
@@ -5,9 +5,6 @@ manager: dougeby
ms.author: aaroncz
description: In this article, learn about the methods for configuring kiosks and digital signs on Windows 10 or Windows 11 desktop editions.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: security
ms.localizationpriority: medium
author: aczechowski
ms.topic: article
diff --git a/windows/configuration/kiosk-policies.md b/windows/configuration/kiosk-policies.md
index 6524e3e543..219db257fb 100644
--- a/windows/configuration/kiosk-policies.md
+++ b/windows/configuration/kiosk-policies.md
@@ -1,14 +1,9 @@
---
title: Policies enforced on kiosk devices (Windows 10/11)
description: Learn about the policies enforced on a device when you configure it as a kiosk.
-ms.assetid: 14DDDC96-88C7-4181-8415-B371F25726C8
ms.reviewer: sybruckm
manager: dougeby
-keywords: ["lockdown", "app restrictions", "applocker"]
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: edu, security
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/kiosk-prepare.md b/windows/configuration/kiosk-prepare.md
index 45dec9443a..2712131087 100644
--- a/windows/configuration/kiosk-prepare.md
+++ b/windows/configuration/kiosk-prepare.md
@@ -1,14 +1,10 @@
---
title: Prepare a device for kiosk configuration on Windows 10/11 | Microsoft Docs
description: Learn how to prepare a device for kiosk configuration. Also, learn about the recommended kiosk configuration changes.
-ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC
ms.reviewer: sybruckm
manager: dougeby
ms.author: aaroncz
-keywords: ["assigned access", "kiosk", "lockdown", "digital sign", "digital signage"]
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.topic: article
diff --git a/windows/configuration/kiosk-shelllauncher.md b/windows/configuration/kiosk-shelllauncher.md
index 3cd7d04a31..075be3e488 100644
--- a/windows/configuration/kiosk-shelllauncher.md
+++ b/windows/configuration/kiosk-shelllauncher.md
@@ -1,14 +1,10 @@
---
title: Use Shell Launcher to create a Windows 10/11 kiosk (Windows 10/11)
description: Shell Launcher lets you change the default shell that launches when a user signs in to a device.
-ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC
ms.reviewer: sybruckm
manager: dougeby
ms.author: aaroncz
-keywords: ["assigned access", "kiosk", "lockdown", "digital sign", "digital signage"]
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.topic: article
diff --git a/windows/configuration/kiosk-single-app.md b/windows/configuration/kiosk-single-app.md
index 179c44499b..7c13c2715e 100644
--- a/windows/configuration/kiosk-single-app.md
+++ b/windows/configuration/kiosk-single-app.md
@@ -1,14 +1,10 @@
---
title: Set up a single-app kiosk on Windows 10/11
description: A single-use device is easy to set up in Windows 10 and Windows 11 for desktop editions (Pro, Enterprise, and Education).
-ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC
ms.reviewer: sybruckm
manager: dougeby
ms.author: aaroncz
-keywords: ["assigned access", "kiosk", "lockdown", "digital sign", "digital signage"]
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.topic: article
diff --git a/windows/configuration/kiosk-troubleshoot.md b/windows/configuration/kiosk-troubleshoot.md
index cb60660c38..091872a845 100644
--- a/windows/configuration/kiosk-troubleshoot.md
+++ b/windows/configuration/kiosk-troubleshoot.md
@@ -1,14 +1,9 @@
---
title: Troubleshoot kiosk mode issues (Windows 10/11)
description: Learn how to troubleshoot single-app and multi-app kiosk configurations, as well as common problems like sign-in issues.
-ms.assetid: 14DDDC96-88C7-4181-8415-B371F25726C8
ms.reviewer: sybruckm
manager: dougeby
-keywords: ["lockdown", "app restrictions"]
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: edu, security
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/kiosk-validate.md b/windows/configuration/kiosk-validate.md
index 934dd1ed77..dfc4d3e91d 100644
--- a/windows/configuration/kiosk-validate.md
+++ b/windows/configuration/kiosk-validate.md
@@ -1,14 +1,10 @@
---
title: Validate kiosk configuration (Windows 10/11)
description: In this article, learn what to expect on a multi-app kiosk in Windows 10/11 Pro, Enterprise, and Education.
-ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC
ms.reviewer: sybruckm
manager: dougeby
ms.author: aaroncz
-keywords: ["assigned access", "kiosk", "lockdown", "digital sign", "digital signage"]
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.topic: article
diff --git a/windows/configuration/kiosk-xml.md b/windows/configuration/kiosk-xml.md
index f6ddb6a2d4..a5f84dcc40 100644
--- a/windows/configuration/kiosk-xml.md
+++ b/windows/configuration/kiosk-xml.md
@@ -1,14 +1,9 @@
---
title: Assigned Access configuration kiosk XML reference (Windows 10/11)
description: Learn about the assigned access configuration (kiosk) for XML and XSD for kiosk device configuration in Windows 10/11.
-ms.assetid: 14DDDC96-88C7-4181-8415-B371F25726C8
ms.reviewer: sybruckm
manager: dougeby
-keywords: ["lockdown", "app restrictions", "applocker"]
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: edu, security
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/lock-down-windows-10-applocker.md b/windows/configuration/lock-down-windows-10-applocker.md
index 4fcd915dd1..4552e63e33 100644
--- a/windows/configuration/lock-down-windows-10-applocker.md
+++ b/windows/configuration/lock-down-windows-10-applocker.md
@@ -1,14 +1,9 @@
---
title: Use AppLocker to create a Windows 10 kiosk that runs multiple apps (Windows 10)
description: Learn how to use AppLocker to configure a kiosk device running Windows 10 Enterprise or Windows 10 Education so that users can only run a few specific apps.
-ms.assetid: 14DDDC96-88C7-4181-8415-B371F25726C8
ms.reviewer: sybruckm
manager: dougeby
-keywords: ["lockdown", "app restrictions", "applocker"]
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: edu, security
author: aczechowski
ms.localizationpriority: medium
ms.date: 07/30/2018
diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index ef2974bbc5..fcc521e9df 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -404,7 +404,7 @@ Group accounts are specified using ``. Nested groups aren't supported
```
-- Azure AD group: Use the group object ID from the Azure portal to uniquely identify the group in the Name attribute. You can find the object ID on the overview page for the group in **Users and groups** > **All groups**. Specify the group type as **AzureActiveDirectoryGroup**. The kiosk device must have internet connectivity when users that belong to the group sign in.
+- Azure AD group: Use the group object ID from the Azure portal to uniquely identify the group in the Name attribute. You can find the object ID on the overview page for the group in **Users and groups** > **All groups**. Specify the group type as **AzureActiveDirectoryGroup**. The kiosk device must have internet connectivity when users that belong to the group sign-in.
```xml
@@ -544,43 +544,11 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L
### Apply provisioning package to device
-Provisioning packages can be applied to a device during the first-run experience (out-of-box experience or "OOBE") and after ("runtime").
-
->[!TIP]
->In addition to the methods below, you can use the PowerShell comdlet [install-provisioningpackage](/powershell/module/provisioning/Install-ProvisioningPackage) with `-LogsDirectoryPath` to get logs for the operation.
-
-#### During initial setup, from a USB drive
-
-1. Start with a computer on the first-run setup screen. If the PC has gone past this screen, reset the PC to start over. To reset the PC, go to **Settings** > **Update & security** > **Recovery** > **Reset this PC**.
-
- 
-
-2. Insert the USB drive. Windows Setup will recognize the drive and ask if you want to set up the device. Select **Set up**.
-
- 
-
-3. The next screen asks you to select a provisioning source. Select **Removable Media** and tap **Next**.
-
- 
-
-4. Select the provisioning package (\*.ppkg) that you want to apply, and tap **Next**.
-
- 
-
-5. Select **Yes, add it**.
-
- 
-
-#### After setup, from a USB drive, network folder, or SharePoint site
-
-1. Sign in with an admin account.
-2. Insert the USB drive to a desktop computer, navigate to **Settings** > **Accounts** > **Access work or school** > **Add or remove a provisioning package** > **Add a package**, and select the package to install. For a provisioning package stored on a network folder or on a SharePoint site, navigate to the provisioning package and double-click it to begin installation.
+Provisioning packages can be applied to a device during initial setup (out-of-box experience or "OOBE") and after ("runtime"). For more information, see [Apply a provisioning package](./provisioning-packages/provisioning-apply-package.md).
> [!NOTE]
> If your provisioning package doesn't include the assigned access user account creation, make sure the account you specified in the multi-app configuration XML exists on the device.
-
-
### Use MDM to deploy the multi-app configuration
Multi-app kiosk mode is enabled by the [AssignedAccess configuration service provider (CSP)](/windows/client-management/mdm/assignedaccess-csp). Your MDM policy can contain the assigned access configuration XML.
diff --git a/windows/configuration/lockdown-features-windows-10.md b/windows/configuration/lockdown-features-windows-10.md
index 36bf667cc7..caeb98056f 100644
--- a/windows/configuration/lockdown-features-windows-10.md
+++ b/windows/configuration/lockdown-features-windows-10.md
@@ -1,14 +1,9 @@
---
title: Lockdown features from Windows Embedded 8.1 Industry (Windows 10)
description: Many of the lockdown features available in Windows Embedded 8.1 Industry have been modified in some form for Windows 10.
-ms.assetid: 3C006B00-535C-4BA4-9421-B8F952D47A14
ms.reviewer:
manager: dougeby
-keywords: lockdown, embedded
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
author: aczechowski
ms.author: aaroncz
ms.topic: article
diff --git a/windows/configuration/manage-tips-and-suggestions.md b/windows/configuration/manage-tips-and-suggestions.md
index 2dcf1d588b..6eb41bde06 100644
--- a/windows/configuration/manage-tips-and-suggestions.md
+++ b/windows/configuration/manage-tips-and-suggestions.md
@@ -1,11 +1,7 @@
---
title: Manage Windows 10 and Microsoft Store tips, fun facts, and suggestions (Windows 10)
description: Windows 10 provides organizations with various options to manage user experiences to provide a consistent and predictable experience for employees.
-keywords: ["device management"]
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: devices
author: aczechowski
ms.author: aaroncz
ms.topic: article
diff --git a/windows/configuration/manage-wifi-sense-in-enterprise.md b/windows/configuration/manage-wifi-sense-in-enterprise.md
index 8149182469..1bd58d5c1e 100644
--- a/windows/configuration/manage-wifi-sense-in-enterprise.md
+++ b/windows/configuration/manage-wifi-sense-in-enterprise.md
@@ -1,15 +1,10 @@
---
title: Manage Wi-Fi Sense in your company (Windows 10)
description: Wi-Fi Sense automatically connects you to Wi-Fi, so you can get online quickly in more places.
-ms.assetid: 1845e00d-c4ee-4a8f-a5e5-d00f2735a271
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-keywords: ["WiFi Sense", "automatically connect to wi-fi", "wi-fi hotspot connection"]
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: mobile
author: aczechowski
ms.localizationpriority: medium
ms.topic: article
diff --git a/windows/configuration/provisioning-apn.md b/windows/configuration/provisioning-apn.md
index ffe4a55f6d..a168bce8f6 100644
--- a/windows/configuration/provisioning-apn.md
+++ b/windows/configuration/provisioning-apn.md
@@ -1,12 +1,9 @@
---
title: Configure cellular settings for tablets and PCs (Windows 10)
description: Enterprises can provision cellular settings for tablets and PC with built-in cellular modems or plug-in USB modem dongles.
-ms.assetid: 287706E5-063F-4AB5-902C-A0DF6D0730BC
ms.reviewer:
manager: dougeby
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.author: aaroncz
ms.topic: article
diff --git a/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md b/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md
index 9147bc6b90..b37a32b863 100644
--- a/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md
+++ b/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md
@@ -1,12 +1,9 @@
---
title: Configuration service providers for IT pros (Windows 10/11)
description: Describes how IT pros and system administrators can use configuration service providers (CSPs) to configure devices.
-ms.assetid: 25C1FDCA-0E10-42A1-A368-984FFDB2B7B6
ms.reviewer: gkomatsu
manager: dougeby
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.author: aaroncz
ms.topic: article
@@ -153,7 +150,6 @@ Here is a list of CSPs supported on Windows 10 Enterprise:
- [DMClient CSP](/windows/client-management/mdm/dmclient-csp)
- [Email2 CSP](/windows/client-management/mdm/email2-csp)
- [EnterpriseAPN CSP](/windows/client-management/mdm/enterpriseapn-csp)
-- [EnterpriseAppManagement CSP](/windows/client-management/mdm/enterpriseappmanagement-csp)
- [EnterpriseAssignedAccess CSP](/windows/client-management/mdm/enterpriseassignedaccess-csp)
- [EnterpriseDesktopAppManagement CSP](/windows/client-management/mdm/enterprisedesktopappmanagement-csp)
- [EnterpriseExt CSP](/windows/client-management/mdm/enterpriseext-csp)
diff --git a/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md b/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md
index 1305b2bb87..53591bd83f 100644
--- a/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md
+++ b/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md
@@ -1,13 +1,9 @@
---
title: Provision PCs with common settings (Windows 10/11)
description: Create a provisioning package to apply common settings to a PC running Windows 10.
-ms.assetid: 66D14E97-E116-4218-8924-E2A326C9367E
ms.reviewer: gkomatsu
manager: dougeby
-keywords: ["runtime provisioning", "provisioning package"]
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.author: aaroncz
ms.topic: article
@@ -143,12 +139,6 @@ After you're done, click **Create**. It only takes a few seconds. When the packa
**Next step**: [How to apply a provisioning package](provisioning-apply-package.md)
-
-## Learn more
-
-- Watch the video: [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921)
-
-
## Related articles
- [Provisioning packages for Windows client](provisioning-packages.md)
diff --git a/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md b/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md
index faad3522bb..45c362c928 100644
--- a/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md
+++ b/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md
@@ -1,10 +1,7 @@
---
title: Provision PCs with apps and certificates (Windows 10)
description: Create a provisioning package to apply settings to a PC running Windows 10.
-keywords: ["runtime provisioning", "provisioning package"]
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.author: aaroncz
ms.topic: article
@@ -177,13 +174,6 @@ For details about the settings you can customize in provisioning packages, see [
**Next step**: [How to apply a provisioning package](provisioning-apply-package.md)
-## Learn more
-
-- Watch the video: [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921)
-
-- Watch the video: [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](https://go.microsoft.com/fwlink/p/?LinkId=615922)
-
-
## Related topics
- [Provisioning packages for Windows 10](provisioning-packages.md)
diff --git a/windows/configuration/provisioning-packages/provision-pcs-with-apps.md b/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
index f1b8691117..b35c477258 100644
--- a/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
+++ b/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
@@ -1,10 +1,7 @@
---
title: Provision PCs with apps (Windows 10/11)
description: Learn how to install multiple Universal Windows Platform (UWP) apps and Windows desktop applications (Win32) in a provisioning package.
-keywords: ["runtime provisioning", "provisioning package"]
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -187,11 +184,6 @@ For details about the settings you can customize in provisioning packages, see [
**Next step**: [How to apply a provisioning package](provisioning-apply-package.md)
-## Learn more
-
-- Watch the video: [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921)
-
-
## Related articles
- [Provisioning packages for Windows client](provisioning-packages.md)
diff --git a/windows/configuration/provisioning-packages/provisioning-apply-package.md b/windows/configuration/provisioning-packages/provisioning-apply-package.md
index 230570bfa8..97a1f3bd50 100644
--- a/windows/configuration/provisioning-packages/provisioning-apply-package.md
+++ b/windows/configuration/provisioning-packages/provisioning-apply-package.md
@@ -1,9 +1,7 @@
---
title: Apply a provisioning package (Windows 10/11)
-description: Provisioning packages can be applied to a device during the first-run experience (OOBE) and after ("runtime").
+description: Provisioning packages can be applied to a device during initial setup (OOBE) and after ("runtime").
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.author: aaroncz
ms.topic: article
@@ -20,40 +18,82 @@ manager: dougeby
- Windows 10
- Windows 11
-Provisioning packages can be applied to client devices during the first-run experience (out-of-box experience or "OOBE") and after ("runtime").
+Provisioning packages can be applied to a device during initial setup (out-of-box experience or "OOBE") and after ("runtime").
->[!NOTE]
+> [!NOTE]
>
> - Applying a provisioning package to a desktop device requires administrator privileges on the device.
> - You can interrupt a long-running provisioning process by pressing ESC.
-## During initial setup, from a USB drive
+> [!TIP]
+> In addition to the following methods, you can use the PowerShell cmdlet [Install-ProvisioningPackage](/powershell/module/provisioning/Install-ProvisioningPackage) with `-LogsDirectoryPath` to get logs for the operation.
-1. Start with a computer on the first-run setup screen. If the PC has gone past this screen, reset the PC to start over. To reset the PC, go to **Settings** > **Update & security** > **Recovery** > **Reset this PC**.
+## During initial setup
- 
+To apply a provisioning package from a USB drive during initial setup:
-2. Insert the USB drive. Windows Setup will recognize the drive and ask if you want to set up the device. Select **Set up**.
+1. Start with a device on the initial setup screen. If the device has gone past this screen, reset the device to start over. To reset, go to **Settings** > **System** > [**Recovery**](ms-settings:recovery) > **Reset this PC**.
- 
+ :::image type="content" source="../images/oobe.png" alt-text="The first screen when setting up a new PC.":::
-3. The next screen asks you to select a provisioning source. Select **Removable Media** and select **Next**.
+2. Insert the USB drive. If nothing happens when you insert the USB drive, press the Windows key five times.
- 
+ - If there is only one provisioning package on the USB drive, the provisioning package is applied. See step 5.
+ - If there is more than one provisioning package on the USB drive, Windows setup will recognize the drive and ask how you want to provision the device. Select **Install provisioning package** and select **Next**.
-4. Select the provisioning package (`.ppkg`) that you want to apply, and select **Next**.
+ :::image type="content" source="../images/provisioning-oobe-choice.png" alt-text="What would you like to do?":::
- 
+3. Select the provisioning package (`.ppkg`) that you want to apply, and select **Yes**.
-5. Select **Yes, add it**.
+ :::image type="content" source="../images/provisioning-oobe-choose-package.png" alt-text="Choose a package.":::
- 
+4. The selected provisioning package will install and apply to the device.
-## After setup, from a USB drive, network folder, or SharePoint site
+ :::image type="content" source="../images/provisioning-oobe-installing.png" alt-text="Setting up your PC.":::
-Insert the USB drive to a desktop computer, navigate to **Settings** > **Accounts** > **Access work or school** > **Add or remove a provisioning package** > **Add a package**, and select the package to install. For a provisioning package stored on a network folder or on a SharePoint site, navigate to the provisioning package and double-click it to begin installation.
+5. Wait for the device to load and begin applying the provisioning package. Once you see "You can remove your removable media now!" you can remove your USB drive. Windows will continue provisioning the device.
-
+## After initial setup
+
+Provisioning packages can be applied after initial setup through Windows settings or by simply double-clicking a provisioning package.
+
+### Windows Settings
+
+1. Insert the USB drive, then navigate to **Settings** > **Accounts** > [**Access work or school**](ms-settings:workplace) > **Add or remove a provisioning package** > **Add a package**.
+
+ :::image type="content" source="../images/provisioning-runtime-manage-packages.png" alt-text="Add or remove a provisioning package.":::
+
+2. Choose the method you want to use, such as **Removable Media**.
+
+ :::image type="content" source="../images/provisioning-runtime-choose-package.png" alt-text="Choose a method.":::
+
+3. Select the provisioning package (`.ppkg`) that you want to apply, and select **Add**.
+
+ :::image type="content" source="../images/provisioning-runtime-add-package.png" alt-text="Select and add a package.":::
+
+4. Provisioning packages require administrator privileges as they can modify system policies and run scripts at the system level. Ensure you trust the package you are installing before accepting the UAC prompt. Select **Yes**.
+
+ :::image type="content" source="../images/provisioning-runtime-UAC.png" alt-text="Do you want to allow changes to your device?":::
+
+5. The provisioning runtime will ask if the package is from a source you trust. Verify that you are applying the correct package and that it is trusted. Select **Yes, add it**.
+
+ :::image type="content" source="../images/provisioning-runtime-trust.png" alt-text="Do you trust this package?":::
+
+### Apply Directly
+
+To apply a provisioning package directly, such as from a USB drive, folder, network, or SharePoint site:
+
+1. Navigate to the provisioning package and double-click it to begin the installation.
+
+ :::image type="content" source="../images/provisioning-runtime-click-to-install.png" alt-text="Double-click package to being installation.":::
+
+2. Provisioning packages require administrator privileges as they can modify system policies and run scripts at the system level. Ensure you trust the package you are installing before accepting the UAC prompt. Select **Yes**.
+
+ :::image type="content" source="../images/provisioning-runtime-UAC.png" alt-text="Do you want to allow changes to your device?":::
+
+3. The provisioning runtime will ask if the package is from a source you trust. Verify that you are applying the correct package and that it is trusted. Select **Yes, add it**.
+
+ :::image type="content" source="../images/provisioning-runtime-trust.png" alt-text="Do you trust this package?":::
## Related articles
diff --git a/windows/configuration/provisioning-packages/provisioning-command-line.md b/windows/configuration/provisioning-packages/provisioning-command-line.md
index 95e51c1316..fbe7aecde9 100644
--- a/windows/configuration/provisioning-packages/provisioning-command-line.md
+++ b/windows/configuration/provisioning-packages/provisioning-command-line.md
@@ -2,8 +2,6 @@
title: Windows Configuration Designer command-line interface (Windows 10/11)
description: Learn more about the ICD syntax, switches, and arguments that you can use in the Windows Configuration Designer command-line interface for Windows10/11 client devices.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.author: aaroncz
ms.topic: article
diff --git a/windows/configuration/provisioning-packages/provisioning-create-package.md b/windows/configuration/provisioning-packages/provisioning-create-package.md
index f926e57f98..3d88ee9da1 100644
--- a/windows/configuration/provisioning-packages/provisioning-create-package.md
+++ b/windows/configuration/provisioning-packages/provisioning-create-package.md
@@ -2,8 +2,6 @@
title: Create a provisioning package (Windows 10/11)
description: Learn how to create a provisioning package for Windows 10/11, which lets you quickly configure a device without having to install a new image.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.author: aaroncz
ms.topic: article
@@ -148,8 +146,6 @@ For details on each specific setting, see [Windows Provisioning settings referen
## Learn more
-- Watch the video: [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921)
-
- [How to bulk-enroll devices with On-premises Mobile Device Management in Microsoft Endpoint Configuration Manager](/configmgr/mdm/deploy-use/bulk-enroll-devices-on-premises-mdm)
## Related articles
diff --git a/windows/configuration/provisioning-packages/provisioning-how-it-works.md b/windows/configuration/provisioning-packages/provisioning-how-it-works.md
index cc1fff48d3..5d03c7ed2f 100644
--- a/windows/configuration/provisioning-packages/provisioning-how-it-works.md
+++ b/windows/configuration/provisioning-packages/provisioning-how-it-works.md
@@ -2,8 +2,6 @@
title: How provisioning works in Windows 10/11
description: Learn more about how provisioning package work on Windows client devices. A provisioning package (.ppkg) is a container for a collection of configuration settings.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.author: aaroncz
ms.topic: article
@@ -143,12 +141,6 @@ When applying multiple provisioning packages to a device, the provisioning engin
After a stand-alone provisioning package is applied to the device, the package is persisted in the `%ProgramData%\Microsoft\Provisioning` folder on the device. Provisioning packages can be removed by an administrator by using the **Add or remove a provisioning package** available under **Settings** > **Accounts** > **Access work or school**.
-
-## Learn more
-
-- Watch the video: [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921)
-
-
## Related articles
- [Provisioning packages for Windows client](provisioning-packages.md)
diff --git a/windows/configuration/provisioning-packages/provisioning-install-icd.md b/windows/configuration/provisioning-packages/provisioning-install-icd.md
index 1df2136104..bae03efaf1 100644
--- a/windows/configuration/provisioning-packages/provisioning-install-icd.md
+++ b/windows/configuration/provisioning-packages/provisioning-install-icd.md
@@ -2,8 +2,6 @@
title: Install Windows Configuration Designer (Windows 10/11)
description: Learn how to install and use Windows Configuration Designer so you can easily configure devices running Windows 10/11.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.author: aaroncz
ms.topic: article
@@ -80,10 +78,6 @@ On devices running Windows client, you can install [the Windows Configuration De
**Next step**: [How to create a provisioning package](provisioning-create-package.md)
-## Learn more
-
-- Watch the video: [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921)
-
## Related articles
- [Provisioning packages for Windows client](provisioning-packages.md)
diff --git a/windows/configuration/provisioning-packages/provisioning-multivariant.md b/windows/configuration/provisioning-packages/provisioning-multivariant.md
index 0987e3f720..65b4475739 100644
--- a/windows/configuration/provisioning-packages/provisioning-multivariant.md
+++ b/windows/configuration/provisioning-packages/provisioning-multivariant.md
@@ -2,8 +2,6 @@
title: Create a provisioning package with multivariant settings (Windows 10/11)
description: Create a provisioning package with multivariant settings to customize the provisioned settings for defined conditions.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.topic: article
ms.localizationpriority: medium
diff --git a/windows/configuration/provisioning-packages/provisioning-packages.md b/windows/configuration/provisioning-packages/provisioning-packages.md
index da386db801..b37ea19251 100644
--- a/windows/configuration/provisioning-packages/provisioning-packages.md
+++ b/windows/configuration/provisioning-packages/provisioning-packages.md
@@ -1,12 +1,9 @@
---
title: Provisioning packages overview on Windows 10/11
description: With Windows 10 and Windows 11, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image. Learn about what provisioning packages, are and what they do.
-ms.assetid: 287706E5-063F-4AB5-902C-A0DF6D0730BC
ms.reviewer: gkomatsu
manager: dougeby
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.author: aaroncz
ms.topic: article
@@ -16,7 +13,6 @@ ms.collection: highpri
# Provisioning packages for Windows
-
**Applies to**
- Windows 10
@@ -31,9 +27,6 @@ Provisioning packages are simple enough that with a short set of written instruc
Windows Configuration Designer is available as an [app in the Microsoft Store](https://www.microsoft.com/store/apps/9nblggh4tx22).
-
-
-
@@ -44,10 +37,8 @@ Windows Configuration Designer is available as an [app in the Microsoft Store](h
-
## Benefits of provisioning packages
-
Provisioning packages let you:
- Quickly configure a new device without going through the process of installing a new image.
@@ -79,7 +70,7 @@ The following table describes settings that you can configure using the wizards
| Set up device | Assign device name, enter product key to upgrade Windows, configure shared used, remove pre-installed software | ✔️ | ✔️ | ✔️ |
| Set up network | Connect to a Wi-Fi network | ✔️ | ✔️ | ✔️ |
| Account management | Enroll device in Active Directory, enroll device in Azure Active Directory, or create a local administrator account | ✔️ | ✔️ | ✔️ |
-| Bulk Enrollment in Azure AD | Enroll device in Azure Active Directory using Bulk Token [Set up Azure AD join in your organization](/azure/active-directory/active-directory-azureadjoin-setup), before you use Windows Configuration Designer wizard to configure bulk Azure AD enrollment,. | ✔️ | ✔️ | ✔️ |
+| Bulk Enrollment in Azure AD | Enroll device in Azure Active Directory using Bulk Token [Set up Azure AD join in your organization](/azure/active-directory/active-directory-azureadjoin-setup), before you use Windows Configuration Designer wizard to configure bulk Azure AD enrollment. | ✔️ | ✔️ | ✔️ |
| Add applications | Install applications using the provisioning package. | ✔️ | ✔️ | ❌ |
| Add certificates | Include a certificate file in the provisioning package. | ✔️ | ✔️ | ✔️ |
| Configure kiosk account and app | Create local account to run the kiosk mode app, specify the app to run in kiosk mode | ❌ | ✔️ | ❌ |
@@ -90,7 +81,6 @@ The following table describes settings that you can configure using the wizards
- [Instructions for the kiosk wizard](../kiosk-single-app.md#wizard)
- [Instructions for the HoloLens wizard](/hololens/hololens-provisioning#wizard)
-
>[!NOTE]
>After you start a project using a Windows Configuration Designer wizard, you can switch to the advanced editor to configure additional settings in the provisioning package.
@@ -98,7 +88,6 @@ The following table describes settings that you can configure using the wizards
The following table provides some examples of settings that you can configure using the Windows Configuration Designer advanced editor to create provisioning packages.
-
| Customization options | Examples |
|---|---|
| Bulk Active Directory join and device name | Join devices to Active Directory domain and assign device names using hardware-specific serial numbers or random characters |
@@ -140,12 +129,6 @@ WCD supports the following scenarios for IT administrators:
-## Learn more
-
-For more information about provisioning, watch the following video:
-
-- [Provisioning Windows client devices with new tools](https://go.microsoft.com/fwlink/p/?LinkId=615921)
-
## Related articles
- [How provisioning works in Windows client](provisioning-how-it-works.md)
diff --git a/windows/configuration/provisioning-packages/provisioning-powershell.md b/windows/configuration/provisioning-packages/provisioning-powershell.md
index 3b6e0300dc..0698178c23 100644
--- a/windows/configuration/provisioning-packages/provisioning-powershell.md
+++ b/windows/configuration/provisioning-packages/provisioning-powershell.md
@@ -2,8 +2,6 @@
title: PowerShell cmdlets for provisioning Windows 10/11 (Windows 10/11)
description: Learn more about the Windows PowerShell cmdlets that you can use with Provisioning packages on Windows10/11 client desktop devices.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.author: aaroncz
ms.topic: article
diff --git a/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md b/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md
index 0f1b11b953..e768666071 100644
--- a/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md
+++ b/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md
@@ -2,8 +2,6 @@
title: Use a script to install a desktop app in provisioning packages (Windows 10/11)
description: With Windows 10/11, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.author: aaroncz
ms.topic: article
diff --git a/windows/configuration/provisioning-packages/provisioning-uninstall-package.md b/windows/configuration/provisioning-packages/provisioning-uninstall-package.md
index 1a6f2d6af3..6dc35cd108 100644
--- a/windows/configuration/provisioning-packages/provisioning-uninstall-package.md
+++ b/windows/configuration/provisioning-packages/provisioning-uninstall-package.md
@@ -2,8 +2,6 @@
title: Uninstall a provisioning package - reverted settings (Windows 10/11)
description: This article lists the settings that are reverted when you uninstall a provisioning package on Windows 10/11 desktop client devices.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.author: aaroncz
ms.topic: article
@@ -64,13 +62,11 @@ Here is the list of revertible settings based on configuration service providers
[CMPolicyEnterprise CSP](/windows/client-management/mdm/cmpolicyenterprise-csp)
[EMAIL2 CSP](/windows/client-management/mdm/email2-csp)
[EnterpriseAPN CSP](/windows/client-management/mdm/enterpriseapn-csp)
-[EnterpriseAppManagement CSP](/windows/client-management/mdm/enterpriseappmanagement-csp)
[EnterpriseDesktopAppManagement CSP](/windows/client-management/mdm/enterprisedesktopappmanagement-csp)
[EnterpriseModernAppManagement CSP](/windows/client-management/mdm/enterprisemodernappmanagement-csp)
[NAP CSP](/windows/client-management/mdm/nap-csp)
[PassportForWork CSP](/windows/client-management/mdm/passportforwork-csp)
[Provisioning CSP](/windows/client-management/mdm/provisioning-csp)
-[PROXY CSP](/windows/client-management/mdm/proxy-csp)
[SecureAssessment CSP](/windows/client-management/mdm/secureassessment-csp)
[VPN CSP](/windows/client-management/mdm/vpn-csp)
[VPNv2 CSP](/windows/client-management/mdm/vpnv2-csp)
diff --git a/windows/configuration/set-up-shared-or-guest-pc.md b/windows/configuration/set-up-shared-or-guest-pc.md
index 92a57a02af..a9bfdbcfdf 100644
--- a/windows/configuration/set-up-shared-or-guest-pc.md
+++ b/windows/configuration/set-up-shared-or-guest-pc.md
@@ -1,10 +1,7 @@
---
title: Set up a shared or guest PC with Windows 10/11
description: Windows 10 and Windows has shared PC mode, which optimizes Windows client for shared use scenarios.
-keywords: ["shared pc mode"]
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.author: aaroncz
ms.topic: article
@@ -65,7 +62,7 @@ Shared PC mode exposes a set of customizations to tailor the behavior to your re
|:---|:---|
| EnableSharedPCMode | Set as **True**. If this is not set to **True**, shared PC mode is not turned on and none of the other settings apply. This setting controls this API: [IsEnabled](/uwp/api/windows.system.profile.sharedmodesettings) Some of the remaining settings in **SharedPC** are optional, but we strongly recommend that you also set `EnableAccountManager` to **True**. |
| AccountManagement: AccountModel | This option controls how users can sign-in on the PC. Choosing domain-joined will enable any user in the domain to sign-in.
Specifying the guest option will add the **Guest** option to the sign-in screen and enable anonymous guest access to the PC.
- **Only guest** allows anyone to use the PC as a local standard (non-admin) account. - **Domain-joined only** allows users to sign in with an Active Directory or Azure AD account. - **Domain-joined and guest** allows users to sign in with an Active Directory, Azure AD, or local standard account. |
-| AccountManagement: DeletionPolicy | - **Delete immediately** will delete the account on sign-out.
- **Delete at disk space threshold** will start deleting accounts when available disk space falls below the threshold you set for **DiskLevelDeletion**, and it will stop deleting accounts when the available disk space reaches the threshold you set for **DiskLevelCaching**. Accounts are deleted in order of oldest accessed to most recently accessed.
Example: The caching number is 50 and the deletion number is 25. Accounts will be cached while the free disk space is above 25%. When the free disk space is less than 25% (the deletion number) at a maintenance period, accounts will be deleted (oldest last used first) until the free disk space is above 50% (the caching number). Accounts will be deleted immediately at sign off of an account if free space is under the deletion threshold and disk space is very low, regardless if the PC is actively in use or not. - **Delete at disk space threshold and inactive threshold** will apply the same disk space checks as noted above, but also delete accounts if they have not signed in within the number of days specified by **InactiveThreshold** |
+| AccountManagement: DeletionPolicy | - **Delete immediately** will delete the account on sign-out.
- **Delete at disk space threshold** will start deleting accounts when available disk space falls below the threshold you set for **DiskLevelDeletion**, and it will stop deleting accounts when the available disk space reaches the threshold you set for **DiskLevelCaching**. Accounts are deleted in order of oldest accessed to most recently accessed.
Example: The caching number is 50 and the deletion number is 25. Accounts will be cached while the free disk space is above 25%. When the free disk space is less than 25% (the deletion number) at a maintenance period, accounts will be deleted (oldest last used first) until the free disk space is above 50% (the caching number). Accounts will be deleted immediately at sign-off of an account if free space is under the deletion threshold and disk space is very low, regardless if the PC is actively in use or not. - **Delete at disk space threshold and inactive threshold** will apply the same disk space checks as noted above, but also delete accounts if they have not signed in within the number of days specified by **InactiveThreshold** |
| AccountManagement: DiskLevelCaching | If you set **DeletionPolicy** to **Delete at disk space threshold**, set the percent of total disk space to be used as the disk space threshold for account caching. |
| AccountManagement: DiskLevelDeletion | If you set **DeletionPolicy** to **Delete at disk space threshold**, set the percent of total disk space to be used as the disk space threshold for account deletion. |
| AccountManagement: InactiveThreshold | If you set **DeletionPolicy** to **Delete at disk space threshold and inactive threshold**, set the number of days after which an account that has not signed in will be deleted. |
@@ -85,7 +82,7 @@ Shared PC mode exposes a set of customizations to tailor the behavior to your re
You can configure Windows to be in shared PC mode in a couple different ways:
-- Mobile device management (MDM): Shared PC mode is enabled by the [SharedPC configuration service provider (CSP)](/windows/client-management/mdm/sharedpc-csp). To setup a shared device policy for Windows client in Intune, complete the following steps:
+- Mobile device management (MDM): Shared PC mode is enabled by the [SharedPC configuration service provider (CSP)](/windows/client-management/mdm/sharedpc-csp). To set up a shared device policy for Windows client in Intune, complete the following steps:
1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
@@ -185,30 +182,7 @@ You can configure Windows to be in shared PC mode in a couple different ways:
### Apply the provisioning package
-You can apply the provisioning package to a PC during initial setup or to a PC that has already been set up.
-
-**During initial setup**
-
-1. Start with a PC on the setup screen.
-
- 
-
-2. Insert the USB drive. If nothing happens when you insert the USB drive, press the Windows key five times.
-
- - If there is only one provisioning package on the USB drive, the provisioning package is applied.
-
- - If there is more than one provisioning package on the USB drive, the **Set up device?** message displays. Click **Set up**, and select the provisioning package that you want to install.
-
- 
-
-3. Complete the setup process.
-
-
-**After setup**
-
-On a desktop computer, navigate to **Settings** > **Accounts** > **Work access** > **Add or remove a management package** > **Add a package**, and selects the package to install.
-
-
+Provisioning packages can be applied to a device during initial setup (out-of-box experience or "OOBE") and after ("runtime"). For more information, see [Apply a provisioning package](./provisioning-packages/provisioning-apply-package.md).
> [!NOTE]
> If you apply the setup file to a computer that has already been set up, existing accounts and data might be lost.
@@ -217,7 +191,7 @@ On a desktop computer, navigate to **Settings** > **Accounts** > **Work ac
* We recommend no local admin accounts on the PC to improve the reliability and security of the PC.
-* When a PC is set up in shared PC mode with the default deletion policy, accounts will be cached automatically until disk space is low. Then, accounts will be deleted to reclaim disk space. This account management happens automatically. Both Azure AD and Active Directory domain accounts are managed in this way. Any accounts created through **Guest** and **Kiosk** will be deleted automatically at sign out.
+* When a PC is set up in shared PC mode with the default deletion policy, accounts will be cached automatically until disk space is low. Then, accounts will be deleted to reclaim disk space. This account management happens automatically. Both Azure AD and Active Directory domain accounts are managed in this way. Any accounts created through **Guest** and **Kiosk** will be deleted automatically at sign-out.
* On a Windows PC joined to Azure Active Directory:
* By default, the account that joined the PC to Azure AD will have an admin account on that PC. Global administrators for the Azure AD domain will also have admin accounts on the PC.
* With Azure AD Premium, you can specify which accounts have admin accounts on a PC using the **Additional administrators on Azure AD Joined devices** setting on the Azure portal.
diff --git a/windows/configuration/setup-digital-signage.md b/windows/configuration/setup-digital-signage.md
index 921c556ecf..dff1da75a5 100644
--- a/windows/configuration/setup-digital-signage.md
+++ b/windows/configuration/setup-digital-signage.md
@@ -1,14 +1,10 @@
---
title: Set up digital signs on Windows 10/11
description: A single-use device such as a digital sign is easy to set up in Windows 10 and Windows 11 (Pro, Enterprise, and Education).
-ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC
ms.reviewer: sybruckm
manager: dougeby
ms.author: aaroncz
-keywords: ["assigned access", "kiosk", "lockdown", "digital sign", "digital signage", "kiosk browser", "browser"]
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.date: 09/20/2021
diff --git a/windows/configuration/start-layout-troubleshoot.md b/windows/configuration/start-layout-troubleshoot.md
index 4b0658894b..793a35d714 100644
--- a/windows/configuration/start-layout-troubleshoot.md
+++ b/windows/configuration/start-layout-troubleshoot.md
@@ -2,8 +2,6 @@
title: Troubleshoot Start menu errors
description: Learn how to troubleshoot common Start menu errors in Windows 10. For example, learn to troubleshoot errors related to deployment, crashes, and performance.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
ms.author: aaroncz
author: aczechowski
ms.localizationpriority: medium
diff --git a/windows/configuration/start-layout-xml-desktop.md b/windows/configuration/start-layout-xml-desktop.md
index a0d7a0b65a..ffcdeef194 100644
--- a/windows/configuration/start-layout-xml-desktop.md
+++ b/windows/configuration/start-layout-xml-desktop.md
@@ -1,10 +1,7 @@
---
title: Start layout XML for desktop editions of Windows 10 (Windows 10)
description: This article describes the options for customizing Start layout in LayoutModification.xml for Windows 10 desktop editions.
-keywords: ["start screen"]
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.author: aaroncz
ms.topic: article
diff --git a/windows/configuration/start-secondary-tiles.md b/windows/configuration/start-secondary-tiles.md
index 5699938be7..20c333fb2d 100644
--- a/windows/configuration/start-secondary-tiles.md
+++ b/windows/configuration/start-secondary-tiles.md
@@ -2,9 +2,6 @@
title: Add image for secondary Microsoft Edge tiles (Windows 10)
description: Add app tiles on Windows 10 that's a secondary tile.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: security
ms.localizationpriority: medium
author: aczechowski
ms.author: aaroncz
diff --git a/windows/configuration/stop-employees-from-using-microsoft-store.md b/windows/configuration/stop-employees-from-using-microsoft-store.md
index 40fc295016..ed2728abc4 100644
--- a/windows/configuration/stop-employees-from-using-microsoft-store.md
+++ b/windows/configuration/stop-employees-from-using-microsoft-store.md
@@ -1,13 +1,9 @@
---
title: Configure access to Microsoft Store (Windows 10)
description: Learn how to configure access to Microsoft Store for client computers and mobile devices in your organization.
-ms.assetid: 7AA60D3D-2A69-45E7-AAB0-B8AFC29C2E97
ms.reviewer:
manager: dougeby
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: store, mobile
author: aczechowski
ms.author: aaroncz
ms.topic: conceptual
diff --git a/windows/configuration/supported-csp-start-menu-layout-windows.md b/windows/configuration/supported-csp-start-menu-layout-windows.md
index 30c40db968..30ef22ea5a 100644
--- a/windows/configuration/supported-csp-start-menu-layout-windows.md
+++ b/windows/configuration/supported-csp-start-menu-layout-windows.md
@@ -1,14 +1,10 @@
---
title: Supported CSP policies to customize Start menu on Windows 11 | Microsoft Docs
description: See a list of the Policy CSP - Start items that are supported on Windows 11 to customize the Start menu.
-ms.assetid:
manager: dougeby
ms.author: aaroncz
ms.reviewer: ericpapa
ms.prod: w11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: mobile
author: aczechowski
ms.localizationpriority: medium
---
diff --git a/windows/configuration/supported-csp-taskbar-windows.md b/windows/configuration/supported-csp-taskbar-windows.md
index 0891f70e8c..40ada8b099 100644
--- a/windows/configuration/supported-csp-taskbar-windows.md
+++ b/windows/configuration/supported-csp-taskbar-windows.md
@@ -1,14 +1,10 @@
---
title: Supported CSP policies to customize the Taskbar on Windows 11 | Microsoft Docs
description: See a list of the Policy CSP - Start items that are supported on Windows 11 to customize the Taskbar.
-ms.assetid:
manager: dougeby
ms.author: aaroncz
ms.reviewer: chataylo
ms.prod: w11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: mobile
author: aczechowski
ms.localizationpriority: medium
---
diff --git a/windows/configuration/ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md b/windows/configuration/ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md
index 5c0961785e..4f970289fa 100644
--- a/windows/configuration/ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md
+++ b/windows/configuration/ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md
@@ -2,9 +2,6 @@
title: Administering UE-V with Windows PowerShell and WMI
description: Learn how User Experience Virtualization (UE-V) provides Windows PowerShell cmdlets to help administrators perform various UE-V tasks.
author: aczechowski
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.reviewer:
@@ -13,7 +10,6 @@ ms.author: aaroncz
ms.topic: article
---
-
# Administering UE-V with Windows PowerShell and WMI
**Applies to**
diff --git a/windows/configuration/ue-v/uev-administering-uev.md b/windows/configuration/ue-v/uev-administering-uev.md
index f2456dee1a..7bf2b82260 100644
--- a/windows/configuration/ue-v/uev-administering-uev.md
+++ b/windows/configuration/ue-v/uev-administering-uev.md
@@ -2,9 +2,6 @@
title: Administering UE-V
description: Learn how to perform administrative tasks for User Experience Virtualization (UE-V). These tasks include configuring the UE-V service and recovering lost settings.
author: aczechowski
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.reviewer:
@@ -13,7 +10,6 @@ ms.author: aaroncz
ms.topic: article
---
-
# Administering UE-V
**Applies to**
diff --git a/windows/configuration/ue-v/uev-application-template-schema-reference.md b/windows/configuration/ue-v/uev-application-template-schema-reference.md
index 50a4533c63..a3d3387c57 100644
--- a/windows/configuration/ue-v/uev-application-template-schema-reference.md
+++ b/windows/configuration/ue-v/uev-application-template-schema-reference.md
@@ -2,9 +2,6 @@
title: Application Template Schema Reference for UE-V
description: Learn details about the XML structure of the UE-V settings location templates and learn how to edit these files.
author: aczechowski
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.reviewer:
@@ -13,7 +10,6 @@ ms.author: aaroncz
ms.topic: article
---
-
# Application Template Schema Reference for UE-V
**Applies to**
@@ -433,8 +429,8 @@ Application is a container for settings that apply to a particular application.
|LocalizedNames|An optional name displayed in the UI, localized by a language locale.|
|LocalizedDescriptions|An optional template description localized by a language locale.|
|Version|Identifies the version of the settings location template for administrative tracking of changes. For more information, see [Version](#version21).|
-|DeferToMSAccount|Controls whether this template is enabled in conjunction with a Microsoft account or not. If MSA syncing is enabled for a user on a machine, then this template will automatically be disabled.|
-|DeferToOffice365|Similar to MSA, this controls whether this template is enabled in conjunction with Office365. If Office 365 is being used to sync settings, this template will automatically be disabled.|
+|DeferToMSAccount|Controls whether this template is enabled in conjunction with a Microsoft account or not. If Microsoft account syncing is enabled for a user on a machine, then this template will automatically be disabled.|
+|DeferToOffice365|Similar to Microsoft account, this controls whether this template is enabled in conjunction with Office365. If Office 365 is being used to sync settings, this template will automatically be disabled.|
|FixedProfile|Specifies that this template can only be associated with the profile specified within this element, and cannot be changed via WMI or PowerShell.|
|Processes|A container for a collection of one or more Process elements. For more information, see [Processes](#processes21).|
|Settings|A container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings. For more information, see **Settings** in [Data types](#data21)".|
@@ -452,8 +448,8 @@ Common is similar to an Application element, but it is always associated with tw
|LocalizedNames|An optional name displayed in the UI, localized by a language locale.|
|LocalizedDescriptions|An optional template description localized by a language locale.|
|Version|Identifies the version of the settings location template for administrative tracking of changes. For more information, see [Version](#version21).|
-|DeferToMSAccount|Controls whether this template is enabled in conjunction with a Microsoft account or not. If MSA syncing is enabled for a user on a machine, then this template will automatically be disabled.|
-|DeferToOffice365|Similar to MSA, this controls whether this template is enabled in conjunction with Office365. If Office 365 is being used to sync settings, this template will automatically be disabled.|
+|DeferToMSAccount|Controls whether this template is enabled in conjunction with a Microsoft account or not. If Microsoft account syncing is enabled for a user on a machine, then this template will automatically be disabled.|
+|DeferToOffice365|Similar to Microsoft account, this controls whether this template is enabled in conjunction with Office365. If Office 365 is being used to sync settings, this template will automatically be disabled.|
|FixedProfile|Specifies that this template can only be associated with the profile specified within this element, and cannot be changed via WMI or PowerShell.|
|Settings|A container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings. For more information, see **Settings** in [Data types](#data21).|
diff --git a/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md b/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md
index 7b1980ded7..61ca2b8c88 100644
--- a/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md
+++ b/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md
@@ -2,9 +2,6 @@
title: Changing the Frequency of UE-V Scheduled Tasks
description: Learn how to create a script that uses the Schtasks.exe command-line options so you can change the frequency of UE-V scheduled tasks.
author: aczechowski
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.reviewer:
@@ -13,7 +10,6 @@ ms.author: aaroncz
ms.topic: article
---
-
# Changing the Frequency of UE-V Scheduled Tasks
**Applies to**
diff --git a/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md b/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md
index 8aa4719d90..249336440f 100644
--- a/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md
+++ b/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md
@@ -2,9 +2,6 @@
title: Configuring UE-V with Group Policy Objects
description: In this article, learn how to configure User Experience Virtualization (UE-V) with Group Policy objects.
author: aczechowski
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.reviewer:
@@ -13,7 +10,6 @@ ms.author: aaroncz
ms.topic: article
---
-
# Configuring UE-V with Group Policy Objects
**Applies to**
diff --git a/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md b/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md
index fa9dda05ab..b8e6955c3d 100644
--- a/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md
+++ b/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md
@@ -2,9 +2,6 @@
title: Configuring UE-V with Microsoft Endpoint Configuration Manager
description: Learn how to configure User Experience Virtualization (UE-V) with Microsoft Endpoint Configuration Manager.
author: aczechowski
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.reviewer:
@@ -13,7 +10,6 @@ ms.author: aaroncz
ms.topic: article
---
-
# Configuring UE-V with Microsoft Endpoint Manager
**Applies to**
diff --git a/windows/configuration/ue-v/uev-deploy-required-features.md b/windows/configuration/ue-v/uev-deploy-required-features.md
index 1b6513b56d..b41463da76 100644
--- a/windows/configuration/ue-v/uev-deploy-required-features.md
+++ b/windows/configuration/ue-v/uev-deploy-required-features.md
@@ -2,9 +2,6 @@
title: Deploy required UE-V features
description: Learn how to install and configure User Experience Virtualization (UE-V) features, for example a network share that stores and retrieves user settings.
author: aczechowski
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.reviewer:
@@ -52,7 +49,7 @@ The settings storage location is defined by setting the SettingsStoragePath conf
- Through [Group Policy](uev-configuring-uev-with-group-policy-objects.md) settings
-- With the [System Center Configuration Pack](uev-configuring-uev-with-system-center-configuration-manager.md) for UE-V
+- With the [Configuration Manager Pack](uev-configuring-uev-with-system-center-configuration-manager.md) for UE-V
- With [Windows PowerShell or Windows Management Instrumentation (WMI)](uev-administering-uev-with-windows-powershell-and-wmi.md)
diff --git a/windows/configuration/ue-v/uev-deploy-uev-for-custom-applications.md b/windows/configuration/ue-v/uev-deploy-uev-for-custom-applications.md
index 21f2749843..fad99aed73 100644
--- a/windows/configuration/ue-v/uev-deploy-uev-for-custom-applications.md
+++ b/windows/configuration/ue-v/uev-deploy-uev-for-custom-applications.md
@@ -2,9 +2,6 @@
title: Use UE-V with custom applications
description: Use User Experience Virtualization (UE-V) to create your own custom settings location templates with the UE-V template generator.
author: aczechowski
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.reviewer:
diff --git a/windows/configuration/ue-v/uev-for-windows.md b/windows/configuration/ue-v/uev-for-windows.md
index 9074ddc234..75fab30ab1 100644
--- a/windows/configuration/ue-v/uev-for-windows.md
+++ b/windows/configuration/ue-v/uev-for-windows.md
@@ -2,9 +2,6 @@
title: User Experience Virtualization for Windows 10, version 1607
description: Overview of User Experience Virtualization for Windows 10, version 1607
author: aczechowski
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.prod: w10
ms.date: 05/02/2017
ms.reviewer:
diff --git a/windows/configuration/ue-v/uev-getting-started.md b/windows/configuration/ue-v/uev-getting-started.md
index 2bb02af5e6..39bbfe1418 100644
--- a/windows/configuration/ue-v/uev-getting-started.md
+++ b/windows/configuration/ue-v/uev-getting-started.md
@@ -2,9 +2,6 @@
title: Get Started with UE-V
description: Use the steps in this article to deploy User Experience Virtualization (UE-V) for the first time in a test environment.
author: aczechowski
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.prod: w10
ms.date: 03/08/2018
ms.reviewer:
diff --git a/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md b/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md
index 9ed8904dec..1aa6e9f43e 100644
--- a/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md
+++ b/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md
@@ -2,9 +2,6 @@
title: Manage Administrative Backup and Restore in UE-V
description: Learn how an administrator of User Experience Virtualization (UE-V) can back up and restore application and Windows settings to their original state.
author: aczechowski
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.reviewer:
@@ -13,7 +10,6 @@ ms.author: aaroncz
ms.topic: article
---
-
# Manage Administrative Backup and Restore in UE-V
**Applies to**
diff --git a/windows/configuration/ue-v/uev-manage-configurations.md b/windows/configuration/ue-v/uev-manage-configurations.md
index 4533fb9eb7..a8f2d63d6f 100644
--- a/windows/configuration/ue-v/uev-manage-configurations.md
+++ b/windows/configuration/ue-v/uev-manage-configurations.md
@@ -2,9 +2,6 @@
title: Manage Configurations for UE-V
description: Learn to manage the configuration of the User Experience Virtualization (UE-V) service and also learn to manage storage locations for UE-V resources.
author: aczechowski
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.reviewer:
@@ -13,7 +10,6 @@ ms.author: aaroncz
ms.topic: article
---
-
# Manage Configurations for UE-V
**Applies to**
diff --git a/windows/configuration/ue-v/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md b/windows/configuration/ue-v/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md
index b36faf10c5..ba5bebadea 100644
--- a/windows/configuration/ue-v/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md
+++ b/windows/configuration/ue-v/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md
@@ -2,9 +2,6 @@
title: Managing UE-V Settings Location Templates Using Windows PowerShell and WMI
description: Managing UE-V Settings Location Templates Using Windows PowerShell and WMI
author: aczechowski
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.reviewer:
@@ -13,7 +10,6 @@ ms.author: aaroncz
ms.topic: article
---
-
# Managing UE-V Settings Location Templates Using Windows PowerShell and WMI
**Applies to**
diff --git a/windows/configuration/ue-v/uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md b/windows/configuration/ue-v/uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md
index d111d768eb..ab70b3209a 100644
--- a/windows/configuration/ue-v/uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md
+++ b/windows/configuration/ue-v/uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md
@@ -2,9 +2,6 @@
title: Manage UE-V Service and Packages with Windows PowerShell and WMI
description: Managing the UE-V service and packages with Windows PowerShell and WMI
author: aczechowski
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.reviewer:
@@ -13,7 +10,6 @@ ms.author: aaroncz
ms.topic: article
---
-
# Managing the UE-V service and packages with Windows PowerShell and WMI
**Applies to**
diff --git a/windows/configuration/ue-v/uev-migrating-settings-packages.md b/windows/configuration/ue-v/uev-migrating-settings-packages.md
index 026b5fd10f..eaa34a41eb 100644
--- a/windows/configuration/ue-v/uev-migrating-settings-packages.md
+++ b/windows/configuration/ue-v/uev-migrating-settings-packages.md
@@ -2,9 +2,6 @@
title: Migrating UE-V settings packages
description: Learn to relocate User Experience Virtualization (UE-V) user settings packages either when you migrate to a new server or when you perform backups.
author: aczechowski
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.reviewer:
@@ -13,7 +10,6 @@ ms.author: aaroncz
ms.topic: article
---
-
# Migrating UE-V settings packages
**Applies to**
diff --git a/windows/configuration/ue-v/uev-prepare-for-deployment.md b/windows/configuration/ue-v/uev-prepare-for-deployment.md
index b2b109d6b6..38b78b9d47 100644
--- a/windows/configuration/ue-v/uev-prepare-for-deployment.md
+++ b/windows/configuration/ue-v/uev-prepare-for-deployment.md
@@ -2,9 +2,6 @@
title: Prepare a UE-V Deployment
description: Learn about the types of User Experience Virtualization (UE-V) deployment you can execute and what preparations you can make beforehand to be successful.
author: aczechowski
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.reviewer:
diff --git a/windows/configuration/ue-v/uev-release-notes-1607.md b/windows/configuration/ue-v/uev-release-notes-1607.md
index fdc838991d..67badc0dbf 100644
--- a/windows/configuration/ue-v/uev-release-notes-1607.md
+++ b/windows/configuration/ue-v/uev-release-notes-1607.md
@@ -2,9 +2,6 @@
title: User Experience Virtualization (UE-V) Release Notes
description: Read the latest information required to successfully install and use User Experience Virtualization (UE-V) that is not included in the UE-V documentation.
author: aczechowski
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.reviewer:
diff --git a/windows/configuration/ue-v/uev-security-considerations.md b/windows/configuration/ue-v/uev-security-considerations.md
index d692ba9f46..b7dc73d2d0 100644
--- a/windows/configuration/ue-v/uev-security-considerations.md
+++ b/windows/configuration/ue-v/uev-security-considerations.md
@@ -2,9 +2,6 @@
title: Security Considerations for UE-V
description: Learn about accounts and groups, log files, and other security-related considerations for User Experience Virtualization (UE-V).
author: aczechowski
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.reviewer:
@@ -13,7 +10,6 @@ ms.author: aaroncz
ms.topic: article
---
-
# Security Considerations for UE-V
**Applies to**
diff --git a/windows/configuration/ue-v/uev-sync-methods.md b/windows/configuration/ue-v/uev-sync-methods.md
index 6eea46080c..47ddb1c82a 100644
--- a/windows/configuration/ue-v/uev-sync-methods.md
+++ b/windows/configuration/ue-v/uev-sync-methods.md
@@ -2,9 +2,6 @@
title: Sync Methods for UE-V
description: Learn how User Experience Virtualization (UE-V) service sync methods let you synchronize users’ application and Windows settings with the settings storage location.
author: aczechowski
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.reviewer:
@@ -34,7 +31,7 @@ You can configure the sync method in these ways:
- Through [Group Policy](uev-configuring-uev-with-group-policy-objects.md) settings
-- With the [System Center Configuration Pack](uev-configuring-uev-with-system-center-configuration-manager.md) for UE-V
+- With the [Configuration Manager Pack](uev-configuring-uev-with-system-center-configuration-manager.md) for UE-V
- With [Windows PowerShell or Windows Management Instrumentation (WMI)](uev-administering-uev-with-windows-powershell-and-wmi.md)
diff --git a/windows/configuration/ue-v/uev-sync-trigger-events.md b/windows/configuration/ue-v/uev-sync-trigger-events.md
index 414b095f83..a396907df5 100644
--- a/windows/configuration/ue-v/uev-sync-trigger-events.md
+++ b/windows/configuration/ue-v/uev-sync-trigger-events.md
@@ -2,9 +2,6 @@
title: Sync Trigger Events for UE-V
description: Learn how User Experience Virtualization (UE-V) lets you synchronize your application and Windows settings across all your domain-joined devices.
author: aczechowski
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.reviewer:
diff --git a/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md b/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md
index ea4f3d49bd..c2a81519f1 100644
--- a/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md
+++ b/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md
@@ -2,9 +2,6 @@
title: Synchronizing Microsoft Office with UE-V
description: Learn how User Experience Virtualization (UE-V) supports the synchronization of Microsoft Office application settings.
author: aczechowski
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.reviewer:
@@ -13,7 +10,6 @@ ms.author: aaroncz
ms.topic: article
---
-
# Synchronizing Office with UE-V
**Applies to**
diff --git a/windows/configuration/ue-v/uev-technical-reference.md b/windows/configuration/ue-v/uev-technical-reference.md
index cac53df19c..f5a9059d3e 100644
--- a/windows/configuration/ue-v/uev-technical-reference.md
+++ b/windows/configuration/ue-v/uev-technical-reference.md
@@ -2,9 +2,6 @@
title: Technical Reference for UE-V
description: Use this technical reference to learn about the various features of User Experience Virtualization (UE-V).
author: aczechowski
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.reviewer:
@@ -13,7 +10,6 @@ ms.author: aaroncz
ms.topic: article
---
-
# Technical Reference for UE-V
**Applies to**
diff --git a/windows/configuration/ue-v/uev-troubleshooting.md b/windows/configuration/ue-v/uev-troubleshooting.md
index a940df7833..3bf804b17d 100644
--- a/windows/configuration/ue-v/uev-troubleshooting.md
+++ b/windows/configuration/ue-v/uev-troubleshooting.md
@@ -2,9 +2,6 @@
title: Troubleshooting UE-V
description: Use this technical reference to find resources for troubleshooting User Experience Virtualization (UE-V) for Windows 10.
author: aczechowski
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.reviewer:
@@ -13,7 +10,6 @@ ms.author: aaroncz
ms.topic: article
---
-
# Troubleshooting UE-V
**Applies to**
diff --git a/windows/configuration/ue-v/uev-upgrade-uev-from-previous-releases.md b/windows/configuration/ue-v/uev-upgrade-uev-from-previous-releases.md
index 7cae468ca9..226fe3c440 100644
--- a/windows/configuration/ue-v/uev-upgrade-uev-from-previous-releases.md
+++ b/windows/configuration/ue-v/uev-upgrade-uev-from-previous-releases.md
@@ -2,9 +2,6 @@
title: Upgrade to UE-V for Windows 10
description: Use these few adjustments to upgrade from User Experience Virtualization (UE-V) 2.x to the latest version of UE-V.
author: aczechowski
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.reviewer:
diff --git a/windows/configuration/ue-v/uev-using-uev-with-application-virtualization-applications.md b/windows/configuration/ue-v/uev-using-uev-with-application-virtualization-applications.md
index fb8d02a2a7..59e4e1d213 100644
--- a/windows/configuration/ue-v/uev-using-uev-with-application-virtualization-applications.md
+++ b/windows/configuration/ue-v/uev-using-uev-with-application-virtualization-applications.md
@@ -2,9 +2,6 @@
title: Using UE-V with Application Virtualization applications
description: Learn how to use User Experience Virtualization (UE-V) with Microsoft Application Virtualization (App-V).
author: aczechowski
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.reviewer:
diff --git a/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md b/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md
index 3240b7bcfa..89fb778fef 100644
--- a/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md
+++ b/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md
@@ -2,9 +2,6 @@
title: What's New in UE-V for Windows 10, version 1607
description: Learn about what's new in User Experience Virtualization (UE-V) for Windows 10, including new features and capabilities.
author: aczechowski
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.reviewer:
diff --git a/windows/configuration/ue-v/uev-working-with-custom-templates-and-the-uev-generator.md b/windows/configuration/ue-v/uev-working-with-custom-templates-and-the-uev-generator.md
index bbbe078c55..d0f06bd548 100644
--- a/windows/configuration/ue-v/uev-working-with-custom-templates-and-the-uev-generator.md
+++ b/windows/configuration/ue-v/uev-working-with-custom-templates-and-the-uev-generator.md
@@ -2,9 +2,6 @@
title: Working with Custom UE-V Templates and the UE-V Template Generator
description: Create your own custom settings location templates by working with Custom User Experience Virtualization (UE-V) Templates and the UE-V Template Generator.
author: aczechowski
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.reviewer:
diff --git a/windows/configuration/wcd/wcd-accountmanagement.md b/windows/configuration/wcd/wcd-accountmanagement.md
index ac4bac4e80..98aa47fcb1 100644
--- a/windows/configuration/wcd/wcd-accountmanagement.md
+++ b/windows/configuration/wcd/wcd-accountmanagement.md
@@ -2,8 +2,6 @@
title: AccountManagement (Windows 10)
description: This section describes the account management settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-accounts.md b/windows/configuration/wcd/wcd-accounts.md
index 25d47941a7..94e31def8a 100644
--- a/windows/configuration/wcd/wcd-accounts.md
+++ b/windows/configuration/wcd/wcd-accounts.md
@@ -2,8 +2,6 @@
title: Accounts (Windows 10)
description: This section describes the account settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-admxingestion.md b/windows/configuration/wcd/wcd-admxingestion.md
index ae172dc1c5..80e83844b0 100644
--- a/windows/configuration/wcd/wcd-admxingestion.md
+++ b/windows/configuration/wcd/wcd-admxingestion.md
@@ -2,8 +2,6 @@
title: ADMXIngestion (Windows 10)
description: This section describes the ADMXIngestion settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-assignedaccess.md b/windows/configuration/wcd/wcd-assignedaccess.md
index 68825227e9..f7c184e359 100644
--- a/windows/configuration/wcd/wcd-assignedaccess.md
+++ b/windows/configuration/wcd/wcd-assignedaccess.md
@@ -2,8 +2,6 @@
title: AssignedAccess (Windows 10)
description: This section describes the AssignedAccess setting that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-browser.md b/windows/configuration/wcd/wcd-browser.md
index 5df5b2dfcd..5ebc1cccde 100644
--- a/windows/configuration/wcd/wcd-browser.md
+++ b/windows/configuration/wcd/wcd-browser.md
@@ -2,8 +2,6 @@
title: Browser (Windows 10)
description: This section describes the Browser settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-cellcore.md b/windows/configuration/wcd/wcd-cellcore.md
index 6c94aa8796..615458a1b5 100644
--- a/windows/configuration/wcd/wcd-cellcore.md
+++ b/windows/configuration/wcd/wcd-cellcore.md
@@ -2,8 +2,6 @@
title: CellCore (Windows 10)
description: This section describes the CellCore settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -15,7 +13,7 @@ manager: dougeby
# CellCore (Windows Configuration Designer reference)
->Setting documentation is provided for Windows 10, version 1803 and earlier. CellCore is not available in Windows 10, version 1809.
+Setting documentation is provided for Windows 10, version 1803 and earlier. CellCore is not available in Windows 10, version 1809.
Use to configure settings for cellular data.
@@ -23,109 +21,103 @@ Use to configure settings for cellular data.
>These settings are intended to be used only by manufacturers, mobile operators, and solution providers when configuring devices, and are not intended for use by administrators in the enterprise.
## Applies to
-
- Setting groups | Windows client | Surface Hub | HoloLens | IoT Core
- --- | :---: | :---: | :---: | :---:
- PerDevice: [CellConfigurations](#cellconfigurations) | | | | |
- PerDevice: [CellData](#celldata) | ✔️ | ✔️ | |
- PerDevice: [CellUX](#cellux) | ✔️ | ✔️ | |
- PerDevice: [CGDual](#cgdual) | | | |
- PerDevice: [eSim](#esim) | ✔️ | ✔️ | |
- PerDevice: [External](#external) | | | |
- PerDevice: [General](#general) | | | |
- PerDevice: [RCS](#rcs) | | | |
- PerDevice: [SMS](#sms) | ✔️ | ✔️ | |
- PerDevice: [UIX](#uix) | | | |
- PerDevice: [UTK](#utk) | | | |
- PerlMSI: [CellData](#celldata2) | | | |
- PerIMSI: [CellUX](#cellux2) | | | |
- PerIMSI: [General](#general2) | | | |
- PerIMSI: [RCS](#rcs2) | | | |
- PerIMSI: [SMS](#sms2) | ✔️ | ✔️ | |
- PerIMSI: [UTK](#utk2) | | | |
- PerIMSI: [VoLTE](#volte) | | | |
-
+|Setting groups | Windows client | Surface Hub | HoloLens | IoT Core|
+|:---|:---:|:---:|:---:|:---:|
+|PerDevice: [CellConfigurations](#cellconfigurations)| | | | |
+|PerDevice: [CellData](#celldata) |✔️|✔️| | |
+|PerDevice: [CellUX](#cellux)| ✔️ |✔️| | |
+|PerDevice: [CGDual](#cgdual)| | | | |
+|PerDevice: [eSim](#esim) | ✔️ | ✔️ | | |
+|PerDevice: [External](#external) | | | | |
+|PerDevice: [General](#general) | | | | |
+|PerDevice: [RCS](#rcs)| | | | |
+|PerDevice: [SMS](#sms)| ✔️ | ✔️ | |
+|PerDevice: [UIX](#uix)| | | | |
+|PerDevice: [UTK](#utk)| | | | |
+|PerIMSI: [CellData](#celldata2)| | | | |
+|PerIMSI: [CellUX](#cellux2)| | | | |
+|PerIMSI: [General](#general2)| | | | |
+|PerIMSI: [RCS](#rcs2)| | | | |
+|PerIMSI: [SMS](#sms2)|✔️|✔️| | |
+|PerIMSI: [UTK](#utk2)| | | | |
+|PerIMSI: [VoLTE](#volte)| | | | |
## PerDevice
### CellConfigurations
-
-
1. In **CellConfiguration** > **PropertyGroups**, enter a name for the property group.
2. Select the **PropertyGroups** you just created in the **Available customizations** pane and then enter a **PropertyName**.
3. Select the **PropertyName** you just created in the **Available customizations** pane, and then select one of the following data types for the property:
- - Binary
- - Boolean
- - Integer
- - String
+ - Binary
+ - Boolean
+ - Integer
+ - String
4. The data type that you selected is added in **Available customizations**. Select it to enter a value for the property.
### CellData
-Setting | Description
---- | ---
-CellularFailover | Allow or disallow cellular data failover when in limited Wi-Fi connectivity. By default, if the phone is connected to a Wi-Fi network and the data connection to a site is unsuccessful due to limited Wi-Fi connectivity, the phone will complete the connection to the site using available cellular data networks (when possible) to provide an optimal user experience. When the customization is enabled, a user option to use or not use cellular data for limited Wi-Fi connectivity becomes visible in the **Settings** > **cellular+SIM** screen. This option is automatically set to **don’t use cellular data** when the customization is enabled.
-MaxNumberOfPDPContexts | Set a maximum value (1 through 4, inclusive, or 0x1 through 0x4 hexadecimal) for the number of simultaneous packet data protocol (PDP) contexts for 3GPP connections. By default, the OS enforces a maximum of four (4) simultaneous packet data protocol (PDP) contexts for 3GPP connections, and one (1) PDP context for 3GPP2 connections. You can set a different maximum value if required by their mobile operator. The same maximums apply for both roaming and non-roaming scenarios. This maximum does not include packet contexts used internally by the modem.
-ModemProfiles > LTEAttachGuids | Set the value for LTEAttachGuid to the OemConnectionId GUID used for the LTE attach profile in the modem. The value is a GUID in the string format *XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX*.
-PersistAtImaging > DisableAoAc | Enable or disable Always-on/Always-connected (AoAc) on the WWAN adapter.
-
+|Setting | Description|
+|:--- |:---|
+|CellularFailover | Allow or disallow cellular data failover when in limited Wi-Fi connectivity. By default, if the phone is connected to a Wi-Fi network and the data connection to a site is unsuccessful due to limited Wi-Fi connectivity, the phone will complete the connection to the site using available cellular data networks (when possible) to provide an optimal user experience. When the customization is enabled, a user option to use or not use cellular data for limited Wi-Fi connectivity becomes visible in the **Settings** > **cellular+SIM** screen. This option is automatically set to **don’t use cellular data** when the customization is enabled.|
+|MaxNumberOfPDPContexts | Set a maximum value (1 through 4, inclusive, or 0x1 through 0x4 hexadecimal) for the number of simultaneous packet data protocol (PDP) contexts for 3GPP connections. By default, the OS enforces a maximum of four (4) simultaneous packet data protocol (PDP) contexts for 3GPP connections, and one (1) PDP context for 3GPP2 connections. You can set a different maximum value if required by their mobile operator. The same maximums apply for both roaming and non-roaming scenarios. This maximum does not include packet contexts used internally by the modem.|
+|ModemProfiles > LTEAttachGuids | Set the value for LTEAttachGuid to the OemConnectionId GUID used for the LTE attach profile in the modem. The value is a GUID in the string format *XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX*.|
+|PersistAtImaging > DisableAoAc | Enable or disable Always-on/Always-connected (AoAc) on the WWAN adapter.|
### CellUX
-Setting | Description
---- | ---
-APNAuthTypeDefault | Select between **Pap** and **Chap** for default APN authentication type.
-APNIPTypeIfHidden | Select between **IPV4**, **IPV6**, **IPV4V6**, and **IPV4V6XLAT** for default APN IP type.
-Critical > ShowVoLTERoaming | Select **Yes** to show the VoLTE roaming control in the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to hide the control.
-Critical > ShowVoLTEToggle | Select **Yes** to show the VoLTE toggle in the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to hide the toggle.
-Disable2GByDefault | Select **Yes** to disable 2G by default. Select **No** to enable 2G.
-Disabled2GNoticeDescription | Enter text to customize the notification for disabled 2G.
-EmbeddedUiccSlotId | ID for embedded UICC (eUICC) slot.
-GenericWifiCallingErrorMessage | Enter text to customize the generic error message when a Wi-Fi calling error occurs.
-Hide3GPP2ModeSelection | Select **Yes** to hide the **CDMA** option in the network **Mode** selection drop-down menu. Select **No** to show the **CDMA** option.
-Hide3GPP2Selection | For 3GPP2 or CDMA phones, select **Yes** to hide the **Network Type** drop-down menu in the **SIM** settings screen. Select **No** to show **Network Type**.
-Hide3GPPNetworks | For 3GPP or GSM phones, select **Yes** to hide the **Network Type** drop-down menu in the **SIM settings** screen. Select **No** to show **Network Type**.
-HideAPN | Select **Yes** to hide the **add internet APN** button in the **SIM settings** screen. Select **No** to show **add internet APN**.
-HideAPNAuthType | Select **Yes** to hide the APN authentication selector. Select **No** to show the APN authentication selector.
-HideAPNIPType | Select **Yes** to hide the **IP type** list in the **internet APN** settings screen. Select **No** to show **IP type**.
-HideDisabled2GNotice | Select **Yes** to hide the notification for disabled 2G. Select **No** to show the notification for disabled 2G.
-HideHighestSpeed | Select **Yes** to hide the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show **Highest connection speed**.
-HideHighestSpeed2G | Select **Yes** to hide the 2G option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 2G option.
-HideHighestSpeed3GOnly | Select **Yes** to hide the 3G option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 3G option.
-HideHighestSpeed4G | Select **Yes** to hide the 4G option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 4G option.
-HideHighestSpeed4G3GOnly | Select **Yes** to hide the 4G or 3G Only option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 4G or 3G Only option.
-HideHighestSpeed4GOnly | Select **Yes** to hide the 4G Only option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 4G Only option.
-HideLTEAttachAPN | Select **Yes** to hide the **LTE attach APN** button on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the **LTE attach APN** button.
-HideMMSAPN | Select **Yes** to hide the **add mms apn** button on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the **add mms apn** button.
-HideMMSAPNAuthType | Select **Yes** to hide the APN authentication type selector on the MMS APN page. Select **No** to show APN authentication selector.
-HideMMSAPNIPType | Select **Yes** to hide the APN IP type selector on the MMS APN page. Select **No** to show the APN IP type selector.
-HideModeSelection | Select **Yes** to hide the **Network Mode selection** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the **Network Mode selection**.
-HidePersoUnlock | Select **Yes** to hide the Perso unlock UI. Select **No** to show the Perso unlock UI.
-HighestSpeed2G | You can customize the listed names of the connection speeds with their own character codes. To modify "2G" to another character code, change the value of HighestSpeed2G. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.
-HighestSpeed3G | You can customize the listed names of the connection speeds with their own character codes. To modify "3G" to another character code, change the value of HighestSpeed3G. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.
-HighestSpeed3GOnly | You can customize the listed names of the connection speeds with their own character codes. To modify "3G Only" to another character code, change the value of HighestSpeed3GOnly. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.
-HighestSpeed3GPreferred | You can customize the listed names of the connection speeds with their own character codes. To modify "3G Preferred" to another character code, change the value of HighestSpeed3GPreferred. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.
-HighestSpeed4G | You can customize the listed names of the connection speeds with their own character codes. To modify "4G" to another character code, change the value of HighestSpeed4G. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.
-HighestSpeed4G3GOnly | You can customize the listed names of the connection speeds with their own character codes. To modify "4G or 3G Only" to another character code, change the value of HighestSpeed4G3GOnly. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.
-HighestSpeed4GOnly | You can customize the listed names of the connection speeds with their own character codes. To modify "4G Only" to another character code, change the value of HighestSpeed4GOnly. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.
-HighestSpeedTitle | You can customize the **Highest connection speed** drop-down label in the **Settings** > **Cellular+SIM** > **SIM** settings page. To change the Highest connection speed drop-down label, set HighestSpeedTitle to another string. For example, you can set this to "Preferred connection speed".
-IsATTSpecific | Control the roaming text for AT&T devices. AT&T requires the phone to show a particular roaming text to meet their legal and marketing guidelines. By default, if the user chooses **roam** under **Data roaming options** in the **Settings** > **Cellular+SIM** screen, they will see the following text: *Depending on your service agreement, you might pay more when using data roaming.* If you set IsATTSpecific to **Yes**, the following roaming text will be displayed instead: *International data roaming charges apply for data usage outside the United States, Puerto Rico, and United States Virgin Islands. Don’t allow roaming to avoid international data roaming charges.*
-LTEAttachGUID | Set the value for LTEAttachGuid to the OemConnectionId GUID used for the LTE attach profile in the modem. The value is a GUID in the string format *XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX*.
-MMSAPNAuthTypeDefault | Select between **Pap** and **Chap** for default MMS APN authentication type.
-MMSAPNIPTypeIfHidden | Select between **IPV4**, **IPV6**, **IPV4V6**, and **IPV4V6XLAT** for default MMS APN IP type.
-ShowExtendedRejectCodes | When a reject code is sent by the network, partners can specify that extended error messages should be displayed instead of the standard simple error messages. This customization is only intended for use when required by the mobile operator’s network. The short versions of the extended reject message are shown in the following screens:- Phone tile in Start- Call History screen- Dialer- Call Progress screen- Incoming Call screen- As the status string under Settings > cellular+SIMThe long version of the extended reject message is shown under the Active Network label in **Settings** > **cellular+SIM**. Select **Yes** to show the extended error message. Select **No** to hide the extended error message. See [Error messages for reject codes](#errorreject) to see the versions of the message.
-ShowHighestSpeed3GPreferred | Select **Yes** to show the **3G Preferred** option in the **Highest connection speed** drop-down menu. Select **No** to hide **3G Preferred**.
-ShowManualAvoidance | Select **Yes** to show the **Switch to next network manually** button in SIM settings when Mode Selection is CDMA on a C+G dual SIM phone. Select **No** to hide the **Switch to next network manually** button
-ShowPreferredPLMNPage | Select **Yes** to show the preferred public land mobile network (PLMN) page in SIM settings.
-ShowSpecificWifiCallingError | Select **Yes** to show a specific error message based on operator requirements.
-ShowViewAPN | Select **Yes** to show the **View Internet APN** button in **Settings** > **cellular+SIM**.
-ShowWifiCallingEmergencyCallWarning | Select **Yes** to show Wi-Fi emergency call warning.
-ShowWifiCallingError | Select **Yes** to show Wi-Fi calling error message.
-SlotSelectionSim1Name | Enter text for the name of SIM 1 in slot selection UI.
-SlotSelectionSim2Name | Enter text for the name of SIM 2 in slot selection UI.
-SuppressDePersoUI | Select **Yes** to hide the Perso unlock UI.
-
+|Setting | Description|
+|:- |:-|
+|APNAuthTypeDefault | Select between **Pap** and **Chap** for default APN authentication type.|
+|APNIPTypeIfHidden | Select between **IPV4**, **IPV6**, **IPV4V6**, and **IPV4V6XLAT** for default APN IP type.|
+|Critical > ShowVoLTERoaming | Select **Yes** to show the VoLTE roaming control in the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to hide the control.|
+|Critical > ShowVoLTEToggle | Select **Yes** to show the VoLTE toggle in the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to hide the toggle.|
+|Disable2GByDefault | Select **Yes** to disable 2G by default. Select **No** to enable 2G.|
+|Disabled2GNoticeDescription | Enter text to customize the notification for disabled 2G.|
+|EmbeddedUiccSlotId | ID for embedded UICC (eUICC) slot.|
+|GenericWifiCallingErrorMessage | Enter text to customize the generic error message when a Wi-Fi calling error occurs.|
+|Hide3GPP2ModeSelection | Select **Yes** to hide the **CDMA** option in the network **Mode** selection drop-down menu. Select **No** to show the **CDMA** option.|
+|Hide3GPP2Selection | For 3GPP2 or CDMA phones, select **Yes** to hide the **Network Type** drop-down menu in the **SIM** settings screen. Select **No** to show **Network Type**.|
+|Hide3GPPNetworks | For 3GPP or GSM phones, select **Yes** to hide the **Network Type** drop-down menu in the **SIM settings** screen. Select **No** to show **Network Type**.|
+|HideAPN | Select **Yes** to hide the **add internet APN** button in the **SIM settings** screen. Select **No** to show **add internet APN**.|
+|HideAPNAuthType | Select **Yes** to hide the APN authentication selector. Select **No** to show the APN authentication selector.|
+|HideAPNIPType | Select **Yes** to hide the **IP type** list in the **internet APN** settings screen. Select **No** to show **IP type**.|
+|HideDisabled2GNotice | Select **Yes** to hide the notification for disabled 2G. Select **No** to show the notification for disabled 2G.|
+|HideHighestSpeed | Select **Yes** to hide the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show **Highest connection speed**.|
+|HideHighestSpeed2G | Select **Yes** to hide the 2G option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 2G option.|
+|HideHighestSpeed3GOnly | Select **Yes** to hide the 3G option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 3G option.|
+|HideHighestSpeed4G | Select **Yes** to hide the 4G option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 4G option.|
+|HideHighestSpeed4G3GOnly | Select **Yes** to hide the 4G or 3G Only option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 4G or 3G Only option.|
+|HideHighestSpeed4GOnly | Select **Yes** to hide the 4G Only option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 4G Only option.|
+|HideLTEAttachAPN | Select **Yes** to hide the **LTE attach APN** button on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the **LTE attach APN** button.|
+|HideMMSAPN | Select **Yes** to hide the **add mms apn** button on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the **add mms apn** button.|
+|HideMMSAPNAuthType | Select **Yes** to hide the APN authentication type selector on the MMS APN page. Select **No** to show APN authentication selector.|
+|HideMMSAPNIPType | Select **Yes** to hide the APN IP type selector on the MMS APN page. Select **No** to show the APN IP type selector.|
+|HideModeSelection | Select **Yes** to hide the **Network Mode selection** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the **Network Mode selection**.|
+|HidePersoUnlock | Select **Yes** to hide the Perso unlock UI. Select **No** to show the Perso unlock UI.|
+|HighestSpeed2G | You can customize the listed names of the connection speeds with their own character codes. To modify "2G" to another character code, change the value of HighestSpeed2G. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.|
+|HighestSpeed3G | You can customize the listed names of the connection speeds with their own character codes. To modify "3G" to another character code, change the value of HighestSpeed3G. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.|
+|HighestSpeed3GOnly | You can customize the listed names of the connection speeds with their own character codes. To modify "3G Only" to another character code, change the value of HighestSpeed3GOnly. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.|
+|HighestSpeed3GPreferred | You can customize the listed names of the connection speeds with their own character codes. To modify "3G Preferred" to another character code, change the value of HighestSpeed3GPreferred. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.|
+|HighestSpeed4G | You can customize the listed names of the connection speeds with their own character codes. To modify "4G" to another character code, change the value of HighestSpeed4G. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.|
+|HighestSpeed4G3GOnly | You can customize the listed names of the connection speeds with their own character codes. To modify "4G or 3G Only" to another character code, change the value of HighestSpeed4G3GOnly. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.|
+|HighestSpeed4GOnly | You can customize the listed names of the connection speeds with their own character codes. To modify "4G Only" to another character code, change the value of HighestSpeed4GOnly. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.|
+|HighestSpeedTitle | You can customize the **Highest connection speed** drop-down label in the **Settings** > **Cellular+SIM** > **SIM** settings page. To change the Highest connection speed drop-down label, set HighestSpeedTitle to another string. For example, you can set this to "Preferred connection speed".|
+|IsATTSpecific | Control the roaming text for AT&T devices. AT&T requires the phone to show a particular roaming text to meet their legal and marketing guidelines. By default, if the user chooses **roam** under **Data roaming options** in the **Settings** > **Cellular+SIM** screen, they will see the following text: *Depending on your service agreement, you might pay more when using data roaming.* If you set IsATTSpecific to **Yes**, the following roaming text will be displayed instead: *International data roaming charges apply for data usage outside the United States, Puerto Rico, and United States Virgin Islands. Don’t allow roaming to avoid international data roaming charges.*|
+|LTEAttachGUID | Set the value for LTEAttachGuid to the OemConnectionId GUID used for the LTE attach profile in the modem. The value is a GUID in the string format *XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX*.|
+|MMSAPNAuthTypeDefault | Select between **Pap** and **Chap** for default MMS APN authentication type.|
+|MMSAPNIPTypeIfHidden | Select between **IPV4**, **IPV6**, **IPV4V6**, and **IPV4V6XLAT** for default MMS APN IP type.|
+|ShowExtendedRejectCodes | When a reject code is sent by the network, partners can specify that extended error messages should be displayed instead of the standard simple error messages. This customization is only intended for use when required by the mobile operator’s network. The short versions of the extended reject message are shown in the following screens:- Phone tile in Start- Call History screen- Dialer- Call Progress screen- Incoming Call screen- As the status string under Settings > cellular+SIMThe long version of the extended reject message is shown under the Active Network label in **Settings** > **cellular+SIM**. Select **Yes** to show the extended error message. Select **No** to hide the extended error message. See [Error messages for reject codes](#errorreject) to see the versions of the message.|
+|ShowHighestSpeed3GPreferred | Select **Yes** to show the **3G Preferred** option in the **Highest connection speed** drop-down menu. Select **No** to hide **3G Preferred**.|
+|ShowManualAvoidance | Select **Yes** to show the **Switch to next network manually** button in SIM settings when Mode Selection is CDMA on a C+G dual SIM phone. Select **No** to hide the **Switch to next network manually** button.|
+|ShowPreferredPLMNPage | Select **Yes** to show the preferred public land mobile network (PLMN) page in SIM settings.|
+|ShowSpecificWifiCallingError | Select **Yes** to show a specific error message based on operator requirements.|
+|ShowViewAPN | Select **Yes** to show the **View Internet APN** button in **Settings** > **cellular+SIM**.|
+|ShowWifiCallingEmergencyCallWarning | Select **Yes** to show Wi-Fi emergency call warning.|
+|ShowWifiCallingError | Select **Yes** to show Wi-Fi calling error message.|
+|SlotSelectionSim1Name | Enter text for the name of SIM 1 in slot selection UI.|
+|SlotSelectionSim2Name | Enter text for the name of SIM 2 in slot selection UI.|
+|SuppressDePersoUI | Select **Yes** to hide the Perso unlock UI.|
### CGDual
@@ -143,286 +135,261 @@ Configure **FwUpdate** > **AllowedAppIdList** to list apps that are allowed to u
### External
-Setting | Description
---- | ---
-CallSupplementaryService > OTASPNonStandardDialString | Enter a list of all desired non-standard OTASP dial strings.
-CarrierSpecific > FallBackMode | Select between **GWCSFB** and **1xCSFB** for fallback mode.
-CarrierSpecific > VZW > ActSeq | Enables activation for 4G VZW card. Do not configure this setting for non-VZW devices.
-EnableLTESnrReporting | Select between **Use only RSRP** and **Use both RSRP and ECNO** to check if SNR needs to be used for LTE Signal Quality calculations.
-EnableUMTSEcnoReporting | Select between **Use only RSSI** and **Use both RSSI and SNR** to check if SNR needs to be used for UMTS Signal Quality calculations.
-ImageOnly > ERI > AlgorithmMBB0 | Select between **Sprint** and **Verizon** to specify the ERI algorithm in MBB for subscription 0.
-ImageOnly > ERI > AlgorithmMBB1 | Select between **Sprint** and **Verizon** to specify the ERI algorithm in MBB for subscription 1.
-ImageOnly > ERI > AlgorithmWmRil | Select between **Sprint** and **Verizon** to specify the ERI-based notification algorithm.
-ImageOnly > ERI > DataFileNameWmRil | Specify the location of the ERI file on the device; for example, `C:\Windows\System32\SPCS_en.eri`. *SPCS_en.eri* is a placeholder. Obtain the ERI file name from the mobile operator and replace this filename with it.
-ImageOnly > ERI > EnabledWmRil | Enable or disable ERI-based notifications.
-ImageOnly > ERI > ERIDataFileNameMBB0 | Specify the ERI data file name with international roaming list for Verizon in MBB for subscription 0.
-ImageOnly > ERI > ERIDataFileNameMBB1 | Specify the ERI data file name with international roaming list for Verizon in MBB for subscription 1.
-ImageOnly > ERI > ERISprintIntlRoamDataFileNameMBB0 | Specify the ERI data file name with international roaming list for Sprint in MBB for subscription 0.
-ImageOnly > ERI > ERISprintIntlRoamDataFileNameMBB1 | Specify the ERI data file name with international roaming list for Sprint in MBB for subscription 1.
-ImageOnly > ERI > SprintInternationalERIValuesWmRil | Specify the international ERI values for Sprint as `to 4A,7C,7D,7E,9D,9E,9F,C1,C2,C3,C4,C5,C6,E4,E5,E6,E7,E8.`.
-ImageOnly > MTU > DormancyTimeout0 | Enter the number of milliseconds to wait after dormancy hint before telling the modem to make the air interface dormant for subscription 0. Minimum value is 1703, and maximum value is 5000.
-ImageOnly > MTU > DormancyTimeout1 | Enter the number of milliseconds to wait after dormancy hint before telling the modem to make the air interface dormant for subscription 1. Minimum value is 1703, and maximum value is 5000.
-ImageOnly > MTU > MTUDataSize | Customize the TCP maximum segment size (MSS) by setting the maximum transmission unit (MTU) data size if the MSS does not meet the requirements of the mobile operator network. For TCP, the default maximum transmission unit (MTU) is set to 1500 bytes, which makes the maximum segment size (MSS) 1460 bytes. In general, this value should not be changed, as the user experience will degrade if low values are set. However, if the MSS does not meet the requirements of the mobile operator network, OEMs can customize it by setting the MTU data size. This customization configures the MTU, so the size should be set to the required MSS size plus 40 bytes.
-ImageOnly > MTU > RoamingMTUDataSize | Customize the TCP maximum segment size (MSS) for roaming by setting the maximum transmission unit (MTU) data size if the MSS does not meet the requirements of the mobile operator network. For TCP, the default maximum transmission unit (MTU) is set to 1500 bytes, which makes the maximum segment size (MSS) 1460 bytes. In general, this value should not be changed, as the user experience will degrade if low values are set. However, if the MSS does not meet the requirements of the mobile operator network, OEMs can customize it for roaming by setting the MTU data size. This customization configures the MTU, so the size should be set to the required MSS size plus 40 bytes.
-ImageOnly > SuppressNwPSDetach | Configure whether to suppress reporting of network-initiated PS detach (appear attached to OS) until deregistered.
-SignalBarMapping Table | You can modify the percentage values used for the signal strength in the status bar per filter.
-SRVCCAutoToggleWmRil | Configure whether to link SRVCC to VOLTE on/off.
-
-
+|Setting |Description|
+|:--- |:---|
+|CallSupplementaryService > OTASPNonStandardDialString | Enter a list of all desired non-standard OTASP dial strings.|
+|CarrierSpecific > FallBackMode | Select between **GWCSFB** and **1xCSFB** for fallback mode.|
+|CarrierSpecific > VZW > ActSeq | Enables activation for 4G VZW card. Do not configure this setting for non-VZW devices.|
+|EnableLTESnrReporting | Select between **Use only RSRP** and **Use both RSRP and ECNO** to check if SNR needs to be used for LTE Signal Quality calculations.|
+|EnableUMTSEcnoReporting | Select between **Use only RSSI** and **Use both RSSI and SNR** to check if SNR needs to be used for UMTS Signal Quality calculations.|
+|ImageOnly > ERI > AlgorithmMBB0 | Select between **Sprint** and **Verizon** to specify the ERI algorithm in MBB for subscription 0.|
+|ImageOnly > ERI > AlgorithmMBB1 | Select between **Sprint** and **Verizon** to specify the ERI algorithm in MBB for subscription 1.|
+|ImageOnly > ERI > AlgorithmWmRil | Select between **Sprint** and **Verizon** to specify the ERI-based notification algorithm.|
+|ImageOnly > ERI > DataFileNameWmRil | Specify the location of the ERI file on the device; for example, `C:\Windows\System32\SPCS_en.eri`. *SPCS_en.eri* is a placeholder. Obtain the ERI file name from the mobile operator and replace this filename with it.|
+|ImageOnly > ERI > EnabledWmRil | Enable or disable ERI-based notifications.|
+|ImageOnly > ERI > ERIDataFileNameMBB0 | Specify the ERI data file name with international roaming list for Verizon in MBB for subscription 0.|
+|ImageOnly > ERI > ERIDataFileNameMBB1 | Specify the ERI data file name with international roaming list for Verizon in MBB for subscription 1.|
+|ImageOnly > ERI > ERISprintIntlRoamDataFileNameMBB0 | Specify the ERI data file name with international roaming list for Sprint in MBB for subscription 0.|
+|ImageOnly > ERI > ERISprintIntlRoamDataFileNameMBB1 | Specify the ERI data file name with international roaming list for Sprint in MBB for subscription 1.
+|ImageOnly > ERI > SprintInternationalERIValuesWmRil | Specify the international ERI values for Sprint as `to 4A,7C,7D,7E,9D,9E,9F,C1,C2,C3,C4,C5,C6,E4,E5,E6,E7,E8.`.|
+|ImageOnly > MTU > DormancyTimeout0 | Enter the number of milliseconds to wait after dormancy hint before telling the modem to make the air interface dormant for subscription 0. Minimum value is 1703, and maximum value is 5000.|
+|ImageOnly > MTU > DormancyTimeout1 | Enter the number of milliseconds to wait after dormancy hint before telling the modem to make the air interface dormant for subscription 1. Minimum value is 1703, and maximum value is 5000.|
+|ImageOnly > MTU > MTUDataSize | Customize the TCP maximum segment size (MSS) by setting the maximum transmission unit (MTU) data size if the MSS does not meet the requirements of the mobile operator network. For TCP, the default maximum transmission unit (MTU) is set to 1500 bytes, which makes the maximum segment size (MSS) 1460 bytes. In general, this value should not be changed, as the user experience will degrade if low values are set. However, if the MSS does not meet the requirements of the mobile operator network, OEMs can customize it by setting the MTU data size. This customization configures the MTU, so the size should be set to the required MSS size plus 40 bytes.|
+|ImageOnly > MTU > RoamingMTUDataSize | Customize the TCP maximum segment size (MSS) for roaming by setting the maximum transmission unit (MTU) data size if the MSS does not meet the requirements of the mobile operator network. For TCP, the default maximum transmission unit (MTU) is set to 1500 bytes, which makes the maximum segment size (MSS) 1460 bytes. In general, this value should not be changed, as the user experience will degrade if low values are set. However, if the MSS does not meet the requirements of the mobile operator network, OEMs can customize it for roaming by setting the MTU data size. This customization configures the MTU, so the size should be set to the required MSS size plus 40 bytes.|
+|ImageOnly > SuppressNwPSDetach | Configure whether to suppress reporting of network-initiated PS detach (appear attached to OS) until deregistered.|
+|SignalBarMapping Table | You can modify the percentage values used for the signal strength in the status bar per filter.|
+|SRVCCAutoToggleWmRil | Configure whether to link SRVCC to VOLTE on/off.|
### General
-Setting | Description
---- | ---
-atomicRoamingTableSettings3GPP | If you enable 3GPP roaming, configure the following settings:- **Exceptions** maps the SerialNumber key to the Exceptions value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "Exceptions" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (Exceptions). The data in the regvalue is a string representing an MCC-MNC pair, such as "410510" where 410 is the MCC and 510 is the MNC.- **HomePLMN** maps the SerialNumber key to the HomePLMN value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "HomePLMN" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (HomePLMN). The data in the regvalue is a string representing an MCC-MNC pair, such as "410510" where 410 is the MCC and 510 is the MNC.- **TargetImsi** maps the SerialNubmer key to the TargetIMSI value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "TargetImsi" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (TargetImsi). The data in the regvalue is a string representing an MCC-MNC pair, such as "410510" where 410 is the MCC and 510 is the MNC.
-atomicRoamingTableSettings3GPP2 | If you enable 3GPP2 roaming, configure the following settings:- **Home** maps the SerialNumber key to the Home value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "Home" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (Home). The data in the regvalue is a DWORD representing the Roaming Indicator. - **Roaming** maps the SerialNumber key to the Roaming value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "Roaming" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (Roaming). The data in the regvalue is a DWORD representing the Roaming Indicator.
-AvoidStayingInManualSelection | You can enable permanent automatic mode for mobile networks that require the cellular settings to revert to automatic network selection after the user has manually selected another network when roaming or out of range of the home network.
-CardAllowList | Define the list of SIM cards allowed in the first slot of a C+G dual SIM phone. This setting is used only if **CardLock** is set to allow it. If **CardLock** is not set, this list is ignored. To configure the list of SIM cards allowed in the first slot, set the value for CardAllowList to a comma-separated MCC:MNC list. You can also use wild cards, represented by an asterisk, to accept any value. For example, you can set the value to `310:410,311:*,404:012,310:70`.
-CardBlockList | Define the list of SIM cards that are not allowed in the first slot of a C+G dual SIM phone. This setting is used only if **CardLock** is set to allow it. If **CardLock** is not set, this list is ignored. To configure the list of SIM cards that are not allowed in the first slot, set the value for CardBlockList to a comma separated MCC:MNC list. You can also use wild cards, represented by an asterisk, to accept any value. For example, you can set the value to `310:410,311:*,404:012,310:70`.
-CardLock | Used to enforce either the card allow list or both the card allow and block lists on a C+G dual SIM phone.
-DefaultSlotAffinity | Set the data connection preference for:- **SlotAffinityForInternetData_Automatic**: data connection preference is automatically set- **SlotAffinityForInternetData_Slot0**: sets the data connection preference to Slot 0. The data connection cannot be edited by the user.- **SlotAffinityForInternetData_Slot1**: Sets the data connection preference to Slot 1. The data connection cannot be edited by the user.
-DisableLTESupportWhenRoaming | Set to **Yes** to disable LTE support when roaming.
-DisableSystemTypeSupport | Enter the system types to be removed.
-DTMFOffTime | Sets the length of time, in milliseconds (between 64 and 1000 inclusive), of the pause between DTMF digits. For example, a value of 120 specifies 0.12 seconds.
-DTMFOnTime | Sets the length of time, in milliseconds (between 64 and 1000 inclusive), to generate the DTMF tone when a key is pressed. For example, a value of 120 specifies 0.12 seconds.
-EnableIMSWhenRoaming | Set to **Yes** to enable IMS when roaming.
-ExcludedSystemTypesByDefault | Set the default value for **Highest connection speed** in the **Settings** > **Cellular & SIM** > **SIM** screen by specifying the bitmask for any combination of radio technology to be excluded from the default value. The connection speed that has not been excluded will show up as the highest connection speed. On dual SIM phones that only support up to 3G connection speeds, the **Highest connection speed** option is replaced by a 3G on/off toggle based on the per-device setting. Enter the binary setting to exclude 4G (`10000`) or 3G (`01000`).
-ExcludedSystemTypesPerOperator | Exclude specified system types from SIM cards that match the MCC:MNC pairs listed in **OperatorListForExcludedSystemTypes**. This setting is used only for China. Set the value to match the system type to be excluded. For more information about the RIL system types, see [RILSYSTEMTYPE](/previous-versions/windows/hardware/cellular/dn931143(v=vs.85)). For example, a value of 0x8 specifies RIL_SYSTEMTYPE_UMTS (3G) while 0x10 specifies RIL_SYSTEMTYPE_LTE (4G). To exclude more than one system type, perform a bitwise OR operation on the radio technologies you want to exclude. For example, a bitwise OR operation on RIL_SYSTEMTYPE_LTE (4G) and RIL_SYSTEMTYPE_UMTS (3G) results in the value 11000 (binary) or 0x18 (hexadecimal). In this case, the ExcludedSystemTypesPerOperator value must be set to 0x18 to limit the matching MCC:MNC pairs to 2G.
-LTEEnabled | Select **Yes** to enable LTE, and **No** to disable LTE.
-LTEForced | Select **Yes** to force LTE.
-ManualNetworkSelectionTimeout | Set the default network selection timeout value, in a range of 1-600 seconds. By default, the OS allows the phone to attempt registration on the manually selected network for 60 seconds (or 1 minute) before it switches back to automatic mode. This value is the amount of time that the OS will wait for the modem to register on the manually selected network. If the time lapses and the modem was not able to register on the network that was manually selected by the user, the OS will either switch back to the automatic network selection mode if Permanent automatic mode is enabled, and the user has manually selected a network or the modem was turned on, or display a dialog that notifies the user that the phone was unable to connect to the manually selected network after the phone was turned on or after airplane mode was turned off.
-NetworkSuffix | To meet branding requirements for some mobile operators, you can add a suffix to the network name that is displayed on the phone. For example, you can change from ABC to ABC 3G when under 3G coverage. This feature can be applied for any radio access technology (RAT). For TD-SCDMA RAT, a 3G suffix is always appended by default, but partners can also customize this the same way as with any other RAT. In the setting name, set SYSTEMTYPE to the network type that you want to append the network name to and click **Add**:- system type 4: 2G (GSM)- system type 8: 3G (UMTS)- system type 16: LTE- system type 32: 3G (TS-SCDMA)Select the system type that you added, and enter the network name and suffix that you want displayed.
-NitzFiltering | For mobile networks that can receive Network Identity and Time Zone (NITZ) information from multiple sources, partners can set the phone to ignore the time received from an LTE network. Time received from a CDMA network is not affected. Set the value of NitzFiltering to `0x10`.
-OperatorListForExcludedSystemTypes | Enter a comma-separated list of MCC and MNC (MCC:MNC) for which system types should be restricted. For mobile operators that require more control over the system types that their phones use to connect to the mobile operators' networks, OEMs can specify the MCC and MNC of other specific operators that the main mobile operator wishes to limit. If the UICC's MCC and MNC matches any of the pairs that OEMs can specify for the operator, a specified RIL system type will be removed from the UICC regardless of its app types, slot position, or executor mapping. This setting is used only for China. OEMs should not use this setting unless required by the mobile operator. Set the value of the OperatorListForExcludedSystemTypes setting a comma separated list of MCC:MNC pairs for which the system types should be restricted. For example, the value can be set to 310:026,310:030 to restrict operators with an MCC:MNC of 310:026 and 310:030.
-OperatorPreferredForFasterRadio | Set Issuer Identification Number (IIN) or partial ICCID of preferred operator for the faster radio. For mobile operators that require more control over the system types that their phones use to connect to the mobile operators' networks, OEMs can map a partial ICCID or an Industry Identification Number (IIN) to the faster radio regardless of which SIM card is chosen for data connectivity. This setting is used only for China. OEMs should not use this setting unless required by the mobile operator. To map a partial ICCID or an IIN to the faster radio regardless of which SIM card is chosen for data connectivity, set the value of OperatorPreferredForFasterRadio to match the IIN or the ICCID, up to 7 digits, of the preferred operator.
-PreferredDataProviderList | OEMs can set a list of MCC/MNC pairs for the purchase order (PO) carrier or primary operator. For mobile operators that require it, OEMs can set a list of MCC/MNC pairs for the purchase order (PO) carrier or primary operator so that it can be set as the default data line for phones that have a dual SIM. When the PO SIM is inserted into the phone, the OS picks the PO SIM as the data line and shows a notification to the user that the SIM has been selected for Internet data. If two PO SIMs are inserted, the OS will choose the first PO SIM that was detected as the default data line and the mobile operator action required dialogue (ARD) is shown. If two non-PO SIMs are inserted, the user is prompted to choose the SIM to use as the default data line. Note OEMs should not set this customization unless required by the mobile operator. To enumerate the MCC/MNC value pairs to use for data connections, set the value for **PreferredDataProviderList**. The value must be a comma-separated list of preferred MCC:MNC values. For example, the value can be 301:026,310:030 and so on.
-Slot2DisableAppsList | Disable specified apps from slot 2 on a C+G dual SIM phone. To disable a list of specified apps from Slot 2, set Slot2DisableAppsList to a comma-separated list of values representing the apps. For example, `4,6`.
-Slot2ExcludedSystemTypes | Exclude specified system types from SIM cards inserted in Slot 2. For mobile operators that require more control over the system types that their phones use to connect to the mobile operators' networks, OEMs can restrict the second slot in a dual-SIM phone regardless of what apps or executor mapping the second slot is associated with. Note This setting is used only for China. OEMs should not use this setting unless required by the mobile operator. To allow an operator to simply restrict the second slot in a dual SIM phone regardless of what apps or executor mapping the second slot is associated with, set the value of Slot2ExcludedSystemTypes to the system types to be excluded from the SIM cards inserted in Slot 2. For example, a value of 0x8 specifies RIL_SYSTEMTYPE_UMTS (3G) while 0x10 specifies RIL_SYSTEMTYPE_LTE (4G). To exclude more than one system type, perform a bitwise OR operation on the radio technologies you want to exclude. For example, a bitwise OR operation on RIL_SYSTEMTYPE_LTE (4G) and RIL_SYSTEMTYPE_UMTS (3G) results in the value 11000 (binary) or 0x18 (hexadecimal). In this case, any SIM inserted in Slot 2 will be limited to 2G. For more information about the RIL system types, see [RILSYSTEMTYPE](/previous-versions/windows/hardware/cellular/dn931143(v=vs.85)).
-SuggestDataRoamingARD | Use to show the data roaming suggestion dialog when roaming and the data roaming setting is set to no roaming.
-SuggestGlobalModeARD | Define whether Global Mode is suggested on a C+G dual SIM phone.
-SuggestGlobalModeTimeout | To specify the number of seconds to wait for network registration before suggesting global mode, set SuggestGlobalModeTimeout to a value between 1 and 600, inclusive. For example, to set the timeout to 60 seconds, set the value to 60 (decimal) or 0x3C (hexadecimal).
+|Setting | Description|
+|:---|:---|
+|atomicRoamingTableSettings3GPP | If you enable 3GPP roaming, configure the following settings:- **Exceptions** maps the SerialNumber key to the Exceptions value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "Exceptions" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (Exceptions). The data in the regvalue is a string representing an MCC-MNC pair, such as "410510" where 410 is the MCC and 510 is the MNC.- **HomePLMN** maps the SerialNumber key to the HomePLMN value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "HomePLMN" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (HomePLMN). The data in the regvalue is a string representing an MCC-MNC pair, such as "410510" where 410 is the MCC and 510 is the MNC.- **TargetImsi** maps the SerialNubmer key to the TargetIMSI value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "TargetImsi" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (TargetImsi). The data in the regvalue is a string representing an MCC-MNC pair, such as "410510" where 410 is the MCC and 510 is the MNC.|
+|atomicRoamingTableSettings3GPP2 | If you enable 3GPP2 roaming, configure the following settings:- **Home** maps the SerialNumber key to the Home value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "Home" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (Home). The data in the regvalue is a DWORD representing the Roaming Indicator. - **Roaming** maps the SerialNumber key to the Roaming value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "Roaming" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (Roaming). The data in the regvalue is a DWORD representing the Roaming Indicator.|
+|AvoidStayingInManualSelection | You can enable permanent automatic mode for mobile networks that require the cellular settings to revert to automatic network selection after the user has manually selected another network when roaming or out of range of the home network.|
+|CardAllowList | Define the list of SIM cards allowed in the first slot of a C+G dual SIM phone. This setting is used only if **CardLock** is set to allow it. If **CardLock** is not set, this list is ignored. To configure the list of SIM cards allowed in the first slot, set the value for CardAllowList to a comma-separated MCC:MNC list. You can also use wild cards, represented by an asterisk, to accept any value. For example, you can set the value to `310:410,311:*,404:012,310:70`.|
+|CardBlockList | Define the list of SIM cards that are not allowed in the first slot of a C+G dual SIM phone. This setting is used only if **CardLock** is set to allow it. If **CardLock** is not set, this list is ignored. To configure the list of SIM cards that are not allowed in the first slot, set the value for CardBlockList to a comma separated MCC:MNC list. You can also use wild cards, represented by an asterisk, to accept any value. For example, you can set the value to `310:410,311:*,404:012,310:70`. |
+|CardLock | Used to enforce either the card allow list or both the card allow and block lists on a C+G dual SIM phone. |
+|DefaultSlotAffinity | Set the data connection preference for:- **SlotAffinityForInternetData_Automatic**: data connection preference is automatically set- **SlotAffinityForInternetData_Slot0**: sets the data connection preference to Slot 0. The data connection cannot be edited by the user.- **SlotAffinityForInternetData_Slot1**: Sets the data connection preference to Slot 1. The data connection cannot be edited by the user.|
+|DisableLTESupportWhenRoaming | Set to **Yes** to disable LTE support when roaming.|
+|DisableSystemTypeSupport | Enter the system types to be removed.|
+|DTMFOffTime | Sets the length of time, in milliseconds (between 64 and 1000 inclusive), of the pause between DTMF digits. For example, a value of 120 specifies 0.12 seconds.|
+|DTMFOnTime | Sets the length of time, in milliseconds (between 64 and 1000 inclusive), to generate the DTMF tone when a key is pressed. For example, a value of 120 specifies 0.12 seconds.|
+|EnableIMSWhenRoaming | Set to **Yes** to enable IMS when roaming.|
+|ExcludedSystemTypesByDefault | Set the default value for **Highest connection speed** in the **Settings** > **Cellular & SIM** > **SIM** screen by specifying the bitmask for any combination of radio technology to be excluded from the default value. The connection speed that has not been excluded will show up as the highest connection speed. On dual SIM phones that only support up to 3G connection speeds, the **Highest connection speed** option is replaced by a 3G on/off toggle based on the per-device setting. Enter the binary setting to exclude 4G (`10000`) or 3G (`01000`).|
+|ExcludedSystemTypesPerOperator | Exclude specified system types from SIM cards that match the MCC:MNC pairs listed in **OperatorListForExcludedSystemTypes**. This setting is used only for China. Set the value to match the system type to be excluded. For more information about the RIL system types, see [RILSYSTEMTYPE](/previous-versions/windows/hardware/cellular/dn931143(v=vs.85)). For example, a value of 0x8 specifies RIL_SYSTEMTYPE_UMTS (3G) while 0x10 specifies RIL_SYSTEMTYPE_LTE (4G). To exclude more than one system type, perform a bitwise OR operation on the radio technologies you want to exclude. For example, a bitwise OR operation on RIL_SYSTEMTYPE_LTE (4G) and RIL_SYSTEMTYPE_UMTS (3G) results in the value 11000 (binary) or 0x18 (hexadecimal). In this case, the ExcludedSystemTypesPerOperator value must be set to 0x18 to limit the matching MCC:MNC pairs to 2G.|
+|LTEEnabled | Select **Yes** to enable LTE, and **No** to disable LTE.|
+|LTEForced | Select **Yes** to force LTE.|
+|ManualNetworkSelectionTimeout | Set the default network selection timeout value, in a range of 1-600 seconds. By default, the OS allows the phone to attempt registration on the manually selected network for 60 seconds (or 1 minute) before it switches back to automatic mode. This value is the amount of time that the OS will wait for the modem to register on the manually selected network. If the time lapses and the modem was not able to register on the network that was manually selected by the user, the OS will either switch back to the automatic network selection mode if Permanent automatic mode is enabled, and the user has manually selected a network or the modem was turned on, or display a dialog that notifies the user that the phone was unable to connect to the manually selected network after the phone was turned on or after airplane mode was turned off.|
+|NetworkSuffix | To meet branding requirements for some mobile operators, you can add a suffix to the network name that is displayed on the phone. For example, you can change from ABC to ABC 3G when under 3G coverage. This feature can be applied for any radio access technology (RAT). For TD-SCDMA RAT, a 3G suffix is always appended by default, but partners can also customize this the same way as with any other RAT. In the setting name, set SYSTEMTYPE to the network type that you want to append the network name to and click **Add**:- system type 4: 2G (GSM)- system type 8: 3G (UMTS)- system type 16: LTE- system type 32: 3G (TS-SCDMA)Select the system type that you added, and enter the network name and suffix that you want displayed.|
+|NitzFiltering | For mobile networks that can receive Network Identity and Time Zone (NITZ) information from multiple sources, partners can set the phone to ignore the time received from an LTE network. Time received from a CDMA network is not affected. Set the value of NitzFiltering to `0x10`. |
+|OperatorListForExcludedSystemTypes | Enter a comma-separated list of MCC and MNC (MCC:MNC) for which system types should be restricted. For mobile operators that require more control over the system types that their phones use to connect to the mobile operators' networks, OEMs can specify the MCC and MNC of other specific operators that the main mobile operator wishes to limit. If the UICC's MCC and MNC matches any of the pairs that OEMs can specify for the operator, a specified RIL system type will be removed from the UICC regardless of its app types, slot position, or executor mapping. This setting is used only for China. OEMs should not use this setting unless required by the mobile operator. Set the value of the OperatorListForExcludedSystemTypes setting a comma separated list of MCC:MNC pairs for which the system types should be restricted. For example, the value can be set to 310:026,310:030 to restrict operators with an MCC:MNC of 310:026 and 310:030.|
+|OperatorPreferredForFasterRadio | Set Issuer Identification Number (IIN) or partial ICCID of preferred operator for the faster radio. For mobile operators that require more control over the system types that their phones use to connect to the mobile operators' networks, OEMs can map a partial ICCID or an Industry Identification Number (IIN) to the faster radio regardless of which SIM card is chosen for data connectivity. This setting is used only for China. OEMs should not use this setting unless required by the mobile operator. To map a partial ICCID or an IIN to the faster radio regardless of which SIM card is chosen for data connectivity, set the value of OperatorPreferredForFasterRadio to match the IIN or the ICCID, up to 7 digits, of the preferred operator.|
+|PreferredDataProviderList | OEMs can set a list of MCC/MNC pairs for the purchase order (PO) carrier or primary operator. For mobile operators that require it, OEMs can set a list of MCC/MNC pairs for the purchase order (PO) carrier or primary operator so that it can be set as the default data line for phones that have a dual SIM. When the PO SIM is inserted into the phone, the OS picks the PO SIM as the data line and shows a notification to the user that the SIM has been selected for Internet data. If two PO SIMs are inserted, the OS will choose the first PO SIM that was detected as the default data line and the mobile operator action required dialogue (ARD) is shown. If two non-PO SIMs are inserted, the user is prompted to choose the SIM to use as the default data line. Note OEMs should not set this customization unless required by the mobile operator. To enumerate the MCC/MNC value pairs to use for data connections, set the value for **PreferredDataProviderList**. The value must be a comma-separated list of preferred MCC:MNC values. For example, the value can be 301:026,310:030 and so on.|
+|Slot2DisableAppsList | Disable specified apps from slot 2 on a C+G dual SIM phone. To disable a list of specified apps from Slot 2, set Slot2DisableAppsList to a comma-separated list of values representing the apps. For example, `4,6`.|
+|Slot2ExcludedSystemTypes | Exclude specified system types from SIM cards inserted in Slot 2. For mobile operators that require more control over the system types that their phones use to connect to the mobile operators' networks, OEMs can restrict the second slot in a dual-SIM phone regardless of what apps or executor mapping the second slot is associated with. Note This setting is used only for China. OEMs should not use this setting unless required by the mobile operator. To allow an operator to simply restrict the second slot in a dual SIM phone regardless of what apps or executor mapping the second slot is associated with, set the value of Slot2ExcludedSystemTypes to the system types to be excluded from the SIM cards inserted in Slot 2. For example, a value of 0x8 specifies RIL_SYSTEMTYPE_UMTS (3G) while 0x10 specifies RIL_SYSTEMTYPE_LTE (4G). To exclude more than one system type, perform a bitwise OR operation on the radio technologies you want to exclude. For example, a bitwise OR operation on RIL_SYSTEMTYPE_LTE (4G) and RIL_SYSTEMTYPE_UMTS (3G) results in the value 11000 (binary) or 0x18 (hexadecimal). In this case, any SIM inserted in Slot 2 will be limited to 2G. For more information about the RIL system types, see [RILSYSTEMTYPE](/previous-versions/windows/hardware/cellular/dn931143(v=vs.85)).|
+|SuggestDataRoamingARD | Use to show the data roaming suggestion dialog when roaming and the data roaming setting is set to no roaming.|
+|SuggestGlobalModeARD | Define whether Global Mode is suggested on a C+G dual SIM phone.|
+|SuggestGlobalModeTimeout | To specify the number of seconds to wait for network registration before suggesting global mode, set SuggestGlobalModeTimeout to a value between 1 and 600, inclusive. For example, to set the timeout to 60 seconds, set the value to 60 (decimal) or 0x3C (hexadecimal).|
### RCS
-Setting | Description
---- | ---
-SystemEnabled | Select **Yes** to specify that the system is RCS-enabled.
-UserEnabled | Select **Yes** to show the user setting if RCS is enabled on the device.
+|Setting | Description|
+|:---|:---|
+|SystemEnabled | Select **Yes** to specify that the system is RCS-enabled.|
+|UserEnabled | Select **Yes** to show the user setting if RCS is enabled on the device.|
### SMS
-| Setting | Description |
-|----------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| AckExpirySeconds | Set the value, in seconds, for how long to wait for a client ACK before trying to deliver. |
-| DefaultMCC | Set the default mobile country code (MCC). |
-| Encodings > GSM7BitEncodingPage | Enter the code page value for the 7-bit GSM default alphabet encoding. Values:- Code page value: 55000 (Setting value: 0xD6D8)(Code page: default alphabet)- Code page value: 55001 (Setting value: 0xD6D9)(Code page: GSM with single shift for Spanish)- Code page value: 55002 (Setting value: 0xD6DA)(Code page: GSM with single shift for Portuguese)- Code page value: 55003 (Setting value: 0xD6DB)(Code page: GSM with single shift for Turkish)- Code page value: 55004 (Setting value: 0xD6DC)(Code page: SMS Greek Reduction) |
-| Encodings > GSM8BitEncodingPage | Enter the code page value for GSM 8-bit encoding (OEM set). OEM-created code page IDs should be in the range 55050–55099. |
-| Encodings > OctetEncodingPage | Set the octet (binary) encoding. |
-| Encodings > SendUDHNLSS | Set the 7 bit GSM shift table encoding. |
-| Encodings > UseASCII | Set the 7 bit ASCII encoding. Used only for CDMA carriers that use 7-bit ASCII encoding instead of GSM 7-bit encoding. |
-| Encodings > UseKeyboardLangague | Set whether to use the keyboard language (Portuguese, Spanish, or Turkish) based encoding (set shift table based on keyboard language). |
-| IncompleteMsgDeliverySeconds | Set the value, in seconds, for long to wait for all parts of multisegment Sprint messages for concatenation. |
-| MessageExpirySeconds | Partners can set the expiration time before the phone deletes the received parts of a long SMS message. For example, if the phone is waiting for a three-part SMS message and the first part has been received, the first part will be deleted when the time expires and the other part of the message has not arrived. If the second part of the message arrives before the time expires, the first and second parts of the message will be deleted if the last part does not arrive after the time expires. The expiration time is reset whenever the next part of the long message is received. Set MessageExpirySeconds to the number seconds that the phone should wait before deleting the received parts of a long SMS messages. This value should be in hexadecimal and must be prefixed with 0x. The default value is 0x15180, which is equivalent to 1 day or 86,400 seconds. |
-| SmsFragmentLimit | Partners can specify a maximum length for SMS messages. This requires setting both the maximum number of SMS fragments per SMS message, from 1 to 255, and the maximum size in bytes of each SMS fragment, from 16 to 140 bytes. Use SmsFragmentLimit to set the maximum number of bytes in the user data body of an SMS message. You must set the value between 16 (0x10) and 140 (0x8C). You must also use SmsPageLimit to set the maximum number of segments in a concatenated SMS message. |
-| SmsPageLimit | Partners can specify a maximum length for SMS messages. This requires setting both the maximum number of SMS fragments per SMS message, from 1 to 255, and the maximum size in bytes of each SMS fragment, from 16 to 140 bytes. Use SmsPageLimit to set the maximum number of segments in a concatenated SMS message. You must set the value to 255 (0xFF) or smaller. You must also use SmsFragmentLimit to set the maximum number of bytes in the body of the SMS message. |
-| SmsStoreDeleteSize | Set the number of messages that can be deleted when a "message full" indication is received from the modem. |
-| SprintFragmentInfoInBody | Partners can enable the messaging client to allow users to enter more than 160 characters per message. Messages longer than 160 characters are sent as multiple SMS messages that contain a tag at the beginning of the message in the form "(1/2)", where the first number represents the segment or part number and the second number represents the total number of segments or parts. Multiple messages are limited to 6 total segments. When enabled, the user cannot enter more characters after the 6 total segments limit is reached. Any message received with tags at the beginning is recombined with its corresponding segments and shown as one composite message. |
-| Type3GPP > ErrorHandling > ErrorType | Enter a name for ERRORCODE3GPP, and click **Add**. Configure the error type that you added as **Transient Failure** or **Permanent Failure**. |
-| Type3GPP > ErrorHandling > FriendlyErrorClass | Enter a name for ERRORCODE3GPP, and click **Add**. Configure the error class that you added as **generic error**, **invalid recipient address**, or **network connectivity trouble**. |
-| Type3GPP > IMS > AttemptThresholdForIMS | Set the maximum number of tries to send SMS on IMS. |
-| Type3GPP > IMS > RetryEnabled | Configure whether to enable one automatic retry after failure to send over IMS. |
-| Type 3GPP > SmsUse16BitReferenceNumbers | Configure whether to use 8-bit or 16-bit message ID (reference number) in the UDH. |
-| Type3GPP2 > ErrorHandling > FriendlyErrorClass | Enter a name for ERRORCODE3GPP2, and click **Add**. Configure the error class that you added as **generic error**, **invalid recipient address**, or **network connectivity trouble**. |
-| Type3GPP2 > ErrorHandling > UseReservedAsPermanent | Set the 3GPP2 permanent error type. |
+|Setting |Description|
+|:--|:--|
+|AckExpirySeconds |Set the value, in seconds, for how long to wait for a client ACK before trying to deliver. |
+|DefaultMCC |Set the default mobile country code (MCC).|
+|Encodings > GSM7BitEncodingPage |Enter the code page value for the 7-bit GSM default alphabet encoding. Values:- Code page value: 55000 (Setting value: 0xD6D8)(Code page: default alphabet)- Code page value: 55001 (Setting value: 0xD6D9)(Code page: GSM with single shift for Spanish)- Code page value: 55002 (Setting value: 0xD6DA)(Code page: GSM with single shift for Portuguese)- Code page value: 55003 (Setting value: 0xD6DB)(Code page: GSM with single shift for Turkish)- Code page value: 55004 (Setting value: 0xD6DC)(Code page: SMS Greek Reduction)|
+|Encodings > GSM8BitEncodingPage|Enter the code page value for GSM 8-bit encoding (OEM set). OEM-created code page IDs should be in the range 55050–55099. |
+|Encodings > OctetEncodingPage |Set the octet (binary) encoding.|
+|Encodings > SendUDHNLSS |Set the 7 bit GSM shift table encoding.|
+|Encodings > UseASCII |Set the 7 bit ASCII encoding. Used only for CDMA carriers that use 7-bit ASCII encoding instead of GSM 7-bit encoding.|
+|Encodings > UseKeyboardLangague |Set whether to use the keyboard language (Portuguese, Spanish, or Turkish) based encoding (set shift table based on keyboard language).|
+|IncompleteMsgDeliverySeconds |Set the value, in seconds, for long to wait for all parts of multisegment Sprint messages for concatenation.|
+|MessageExpirySeconds|Partners can set the expiration time before the phone deletes the received parts of a long SMS message. For example, if the phone is waiting for a three-part SMS message and the first part has been received, the first part will be deleted when the time expires and the other part of the message has not arrived. If the second part of the message arrives before the time expires, the first and second parts of the message will be deleted if the last part does not arrive after the time expires. The expiration time is reset whenever the next part of the long message is received. Set MessageExpirySeconds to the number seconds that the phone should wait before deleting the received parts of a long SMS messages. This value should be in hexadecimal and must be prefixed with 0x. The default value is 0x15180, which is equivalent to 1 day or 86,400 seconds. |
+|SmsFragmentLimit |Partners can specify a maximum length for SMS messages. This requires setting both the maximum number of SMS fragments per SMS message, from 1 to 255, and the maximum size in bytes of each SMS fragment, from 16 to 140 bytes. Use SmsFragmentLimit to set the maximum number of bytes in the user data body of an SMS message. You must set the value between 16 (0x10) and 140 (0x8C). You must also use SmsPageLimit to set the maximum number of segments in a concatenated SMS message.|
+|SmsPageLimit |Partners can specify a maximum length for SMS messages. This requires setting both the maximum number of SMS fragments per SMS message, from 1 to 255, and the maximum size in bytes of each SMS fragment, from 16 to 140 bytes. Use SmsPageLimit to set the maximum number of segments in a concatenated SMS message. You must set the value to 255 (0xFF) or smaller. You must also use SmsFragmentLimit to set the maximum number of bytes in the body of the SMS message.|
+|SmsStoreDeleteSize |Set the number of messages that can be deleted when a "message full" indication is received from the modem. |
+|SprintFragmentInfoInBody |Partners can enable the messaging client to allow users to enter more than 160 characters per message. Messages longer than 160 characters are sent as multiple SMS messages that contain a tag at the beginning of the message in the form "(1/2)", where the first number represents the segment or part number and the second number represents the total number of segments or parts. Multiple messages are limited to 6 total segments. When enabled, the user cannot enter more characters after the 6 total segments limit is reached. Any message received with tags at the beginning is recombined with its corresponding segments and shown as one composite message. |
+|Type3GPP > ErrorHandling > ErrorType |Enter a name for ERRORCODE3GPP, and click **Add**. Configure the error type that you added as **Transient Failure** or **Permanent Failure**.|
+|Type3GPP > ErrorHandling > FriendlyErrorClass|Enter a name for ERRORCODE3GPP, and click **Add**. Configure the error class that you added as **generic error**, **invalid recipient address**, or **network connectivity trouble**.|
+|Type3GPP > IMS > AttemptThresholdForIMS |Set the maximum number of tries to send SMS on IMS.|
+|Type3GPP > IMS > RetryEnabled |Configure whether to enable one automatic retry after failure to send over IMS.|
+|Type 3GPP > SmsUse16BitReferenceNumbers |Configure whether to use 8-bit or 16-bit message ID (reference number) in the UDH.|
+|Type3GPP2 > ErrorHandling > FriendlyErrorClass |Enter a name for ERRORCODE3GPP2, and click **Add**. Configure the error class that you added as **generic error**, **invalid recipient address**, or **network connectivity trouble**.|
+|Type3GPP2 > ErrorHandling > UseReservedAsPermanent |Set the 3GPP2 permanent error type.|
### UIX
Setting | Description
---- | ---
-SIM1ToUIM1 | Used to show UIM1 as an alternate string instead of SIM1 for the first SIM on C+G dual SIM phones.
-SIMToSIMUIM | Partners can change the string "SIM" to "SIM/UIM" to accommodate scenarios such as Dual Mode cards of SIM cards on the phone. This can provide a better user experience for users in some markets. Enabling this customization changes all "SIM" strings to "SIM/UIM".
-
-
+|:-|:--|
+|SIM1ToUIM1 |Used to show UIM1 as an alternate string instead of SIM1 for the first SIM on C+G dual SIM phones.|
+|SIMToSIMUIM |Partners can change the string "SIM" to "SIM/UIM" to accommodate scenarios such as Dual Mode cards of SIM cards on the phone. This can provide a better user experience for users in some markets. Enabling this customization changes all "SIM" strings to "SIM/UIM".|
### UTK
-Setting | Description
---- | ---
-UIDefaultDuration | Specifies the default time, in milliseconds, that the DISPLAY TEXT, GET INKEY, PLAY TONE, or SELECT ITEM dialog should be displayed. The default value is 60000 milliseconds (60 seconds). The valid value range is 1-120000.
-UIGetInputDuration | Specifies the default time, in milliseconds, that the GET INPUT dialog should be displayed. The default value is 120000 milliseconds (120 seconds). The valid value range is 1-120000.
+|Setting |Description|
+|:-|:-|
+|UIDefaultDuration |Specifies the default time, in milliseconds, that the DISPLAY TEXT, GET INKEY, PLAY TONE, or SELECT ITEM dialog should be displayed. The default value is 60000 milliseconds (60 seconds). The valid value range is 1-120000.|
+|UIGetInputDuration |Specifies the default time, in milliseconds, that the GET INPUT dialog should be displayed. The default value is 120000 milliseconds (120 seconds). The valid value range is 1-120000.|
-
-
-
-## PerlMSI
+## PerIMSI
Enter an IMSI, click **Add**, and then select the IMSI that you added to configure the following settings.
+### CellData
-
-### CellData
+|Setting |Description|
+|:--- |:---|
+|MaxNumberOfPDPContexts |OEMs can set a maximum value for the number of simultaneous packet data protocol (PDP) contexts for 3GPP connections. By default, the OS enforces a maximum of four (4) simultaneous packet data protocol (PDP) contexts for 3GPP connections, and one (1) PDP context for 3GPP2 connections. OEMs can set a different maximum value if required by their mobile operator. The same maximums apply for both roaming and non-roaming scenarios. This maximum does not include packet contexts used internally by the modem.|
-Setting | Description
---- | ---
-MaxNumberOfPDPContexts | OEMs can set a maximum value for the number of simultaneous packet data protocol (PDP) contexts for 3GPP connections. By default, the OS enforces a maximum of four (4) simultaneous packet data protocol (PDP) contexts for 3GPP connections, and one (1) PDP context for 3GPP2 connections. OEMs can set a different maximum value if required by their mobile operator. The same maximums apply for both roaming and non-roaming scenarios. This maximum does not include packet contexts used internally by the modem.
+### CellUX
+|Setting |Description|
+|:--- |:---|
+|APNIPTypeIfHidden |Used to set the default IP type shown in the **IP type** listbox on the **internet APN** settings screen.|
+|Critical > ShowVoLTERoaming | Use to show the IMS roaming control in the cellular settings page|
+|Critical > ShowVoLTEToggle | Show or hide VoLTE toggle.|
+|Critical > SwitchIMS | Switch IMS on or off with a toggle. OEMs can configure the default settings and toggle for IMS services to meet mobile operator requirements. Users can later manually change the default values for these settings if they choose to do so.|
+|Critical > SwitchSMSOverIMS | Switch SMS over IMS on or off when VoLTE is toggled.|
+|Critical > SwitchVideoOverIMS | Use to switch video over IMS when VoLTE is switched.|
+|Critical > SwitchVoiceOverIMS | Switch voice over IMS when VoLTE is toggled.|
+|Critical > SwitchXCAP | Use to switch the XML Configuration Access Protocol (XCAP) when VoLTE is enabled.|
+|Critical > VoLTERoamingOffDescription | Use to customize the description string that appears under IMS roaming control when IMS roaming is turned off. The string must not be longer than 127 characters. |
+|Critical > VoLTERoamingOnDescription | Use to customize the description string that appears under IMS roaming control when IMS roaming is turned on. The string must not be longer than 127 characters. |
+|Critical > VoLTERoamingSettingDisableDuringCall | Use to specify whether to grey out VoLTE roaming settings during an active VoLTE call.|
+|Critical > VoLTERoamingTitle | Use to customize the description string for the IMS roaming control. The string must not be longer than 127 characters. |
+|Critical > VoLTESectionTitle | Use to customize the section title for the IMS settings. he string must not be longer than 127 characters.|
+|Critical > VoLTESettingDisableDuringCall | Use to specify whether to grey out VoLTE-related settings during an active VoLTE call.|
+|Critical > VoLTEToggleDescription | Use to customize the VoLTE toggle description. To customize the VoLTE toggle description, set VoLTEToggleDescription to the name of the resource-only .dll file, specifying the string offset. For example: @DisplayStrings.dll,-101.|
+|Critical > VoLTEToggleSettingDisableDuringCall | Use to specify whether to grey out the VoLTE toggle during an active VoLTE call.|
+|Critical > VoLTEToggleTitle | Use to customize the VoLTE toggle label. To customize the VoLTE toggle label, set VoLTEToggleTitle to the name of the resource-only .dll file, specifying the string offset. For example: @DisplayStrings.dll,-102.|
+|Critical > WFCSettingDisableDuringCall | Use to specify whether to grey out the Wi-Fi calling settings during an active VoLTE call.|
+|Disable2GByDefault | Select **Yes** to disable 2G by default. Select **No** to enable 2G.|
+|Disabled2GNoticeDescription | Enter text to customize the notification for disabled 2G.|
+|GenericWifiCallingErrorMessage | Enter text to customize the generic error message when a Wi-Fi calling error occurs.|
+|Hide3GPP2ModeSelection | Select **Yes** to hide the **CDMA** option in the network **Mode** selection drop-down menu. Select **No** to show the **CDMA** option.|
+|Hide3GPP2Selection | For 3GPP2 or CDMA phones, select **Yes** to hide the **Network Type** drop-down menu in the **SIM** settings screen. Select **No** to show **Network Type**.|
+|Hide3GPPNetworks | For 3GPP or GSM phones, select **Yes** to hide the **Network Type** drop-down menu in the **SIM settings** screen. Select **No** to show **Network Type**.|
+|HideAPN | Select **Yes** to hide the **add internet APN** button in the **SIM settings** screen. Select **No** to show **add internet APN**.|
+|HideAPNIPType | Select **Yes** to hide the **IP type** list in the **internet APN** settings screen. Select **No** to show **IP type**.|
+|HideDisabled2GNotice | Select **Yes** to hide the notification for disabled 2G. Select **No** to show the notification for disabled 2G.|
+|HideHighestSpeed | Select **Yes** to hide the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show **Highest connection speed**.|
+|HideHighestSpeed2G | Select **Yes** to hide the 2G option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 2G option.|
+|HideHighestSpeed3GOnly | Select **Yes** to hide the 3G option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 3G option.|
+|HideHighestSpeed4G | Select **Yes** to hide the 4G option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 4G option.|
+|HideHighestSpeed4G3GOnly | Select **Yes** to hide the 4G or 3G Only option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 4G or 3G Only option.|
+|HideHighestSpeed4GOnly | Select **Yes** to hide the 4G Only option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 4G Only option.|
+|HideLTEAttachAPN | Select **Yes** to hide the **LTE attach APN** button on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the **LTE attach APN** button.|
+|HideMMSAPN | Select **Yes** to hide the **add mms apn** button on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the **add mms apn** button.|
+|HideMMSAPNIPType | Select **Yes** to hide the APN IP type selector on the MMS APN page. Select **No** to show the APN IP type selector.|
+|HideModeSelection | Select **Yes** to hide the **Network Mode selection** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the **Network Mode selection**.|
+|HidePersoUnlock | Select **Yes** to hide the Perso unlock UI. Select **No** to show the Perso unlock UI. (Removed in Windows 10, version 1803.)|
+|HighestSpeed2G | You can customize the listed names of the connection speeds with their own character codes. To modify "2G" to another character code, change the value of HighestSpeed2G. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.|
+|HighestSpeed3G | You can customize the listed names of the connection speeds with their own character codes. To modify "3G" to another character code, change the value of HighestSpeed3G. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.|
+|HighestSpeed3GOnly | You can customize the listed names of the connection speeds with their own character codes. To modify "3G Only" to another character code, change the value of HighestSpeed3GOnly. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.|
+|HighestSpeed3GPreferred | You can customize the listed names of the connection speeds with their own character codes. To modify "3G Preferred" to another character code, change the value of HighestSpeed3GPreferred. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.|
+|HighestSpeed4G | You can customize the listed names of the connection speeds with their own character codes. To modify "4G" to another character code, change the value of HighestSpeed4G. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.|
+|HighestSpeed4G3GOnly | You can customize the listed names of the connection speeds with their own character codes. To modify "4G or 3G Only" to another character code, change the value of HighestSpeed4G3GOnly. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.|
+|HighestSpeed4GOnly | You can customize the listed names of the connection speeds with their own character codes. To modify "4G Only" to another character code, change the value of HighestSpeed4GOnly. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.|
+|HighestSpeedTitle | You can customize the **Highest connection speed** drop-down label in the **Settings** > **Cellular+SIM** > **SIM** settings page. To change the Highest connection speed drop-down label, set HighestSpeedTitle to another string. For example, you can set this to "Preferred connection speed".|
+|IsATTSpecific | Control the roaming text for AT&T devices. AT&T requires the phone to show a particular roaming text to meet their legal and marketing guidelines. By default, if the user chooses **roam** under **Data roaming options** in the **Settings** > **Cellular+SIM** screen, they will see the following text: *Depending on your service agreement, you might pay more when using data roaming.* If you set IsATTSpecific to **Yes**, the following roaming text will be displayed instead: *International data roaming charges apply for data usage outside the United States, Puerto Rico, and United States Virgin Islands. Don’t allow roaming to avoid international data roaming charges.*|
+|LTEAttachGUID | Set the value for LTEAttachGuid to the OemConnectionId GUID used for the LTE attach profile in the modem. The value is a GUID in the string format *XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX*.|
+|MMSAPNIPTypeIfHidden | Select between **IPV4**, **IPV6**, **IPV4V6**, and **IPV4V6XLAT** for default MMS APN IP type.|
+|ShowExtendedRejectCodes | When a reject code is sent by the network, partners can specify that extended error messages should be displayed instead of the standard simple error messages. This customization is only intended for use when required by the mobile operator’s network. The short versions of the extended reject message are shown in the following screens:- Phone tile in Start- Call History screen- Dialer- Call Progress screen- Incoming Call screen- As the status string under Settings > cellular+SIMThe long version of the extended reject message is shown under the Active Network label in **Settings** > **cellular+SIM**. Select **Yes** to show the extended error message. Select **No** to hide the extended error message. See [Error messages for reject codes](#errorreject) to see the versions of the message.|
+|ShowHighestSpeed3GPreferred | Select **Yes** to show the **3G Preferred** option in the **Highest connection speed** drop-down menu. Select **No** to hide **3G Preferred**.|
+|ShowManualAvoidance | Select **Yes** to show the **Switch to next network manually** button in SIM settings when Mode Selection is CDMA on a C+G dual SIM phone. Select **No** to hide the **Switch to next network manually** button.|
+|ShowPreferredPLMNPage | Select **Yes** to show the preferred public land mobile network (PLMN) page in SIM settings.|
+|ShowSpecificWifiCallingError | Select **Yes** to show a specific error message based on operator requirements.|
+|ShowViewAPN | Select **Yes** to show the **View Internet APN** button in **Settings** > **cellular+SIM**.|
+|ShowWifiCallingEmergencyCallWarning | Select **Yes** to show Wi-Fi emergency call warning.|
+|ShowWifiCallingError | Select **Yes** to show Wi-Fi calling error message.|
+|SlotSelectionSim1Name | Enter text for the name of SIM 1 in slot selection UI. (Removed in Windows 10, version 1803.)|
+|SlotSelectionSim2Name | Enter text for the name of SIM 2 in slot selection UI. (Removed in Windows 10, version 1803.)|
+|SuppressDePersoUI | Suppress DePerso UI to unlock Perso. (Removed in Windows 10, version 1803.)|
-
-### CellUX
+### General
-Setting | Description
---- | ---
-APNIPTypeIfHidden | Used to set the default IP type shown in the **IP type** listbox on the **internet APN** settings screen.
-Critical > ShowVoLTERoaming | Use to show the IMS roaming control in the cellular settings page
-Critical > ShowVoLTEToggle | Show or hide VoLTE toggle.
-Critical > SwitchIMS | Switch IMS on or off with a toggle. OEMs can configure the default settings and toggle for IMS services to meet mobile operator requirements. Users can later manually change the default values for these settings if they choose to do so.
-Critical > SwitchSMSOverIMS | Switch SMS over IMS on or off when VoLTE is toggled.
-Critical > SwitchVideoOverIMS | Use to switch video over IMS when VoLTE is switched.
-Critical > SwitchVoiceOverIMS | Switch voice over IMS when VoLTE is toggled.
-Critical > SwitchXCAP | Use to switch the XML Configuration Access Protocol (XCAP) when VoLTE is enabled.
-Critical > VoLTERoamingOffDescription | Use to customize the description string that appears under IMS roaming control when IMS roaming is turned off. The string must not be longer than 127 characters.
-Critical > VoLTERoamingOnDescription | Use to customize the description string that appears under IMS roaming control when IMS roaming is turned on. The string must not be longer than 127 characters.
-Critical > VoLTERoamingSettingDisableDuringCall | Use to specify whether to grey out VoLTE roaming settings during an active VoLTE call.
-Critical > VoLTERoamingTitle | Use to customize the description string for the IMS roaming control. The string must not be longer than 127 characters.
-Critical > VoLTESectionTitle | Use to customize the section title for the IMS settings. he string must not be longer than 127 characters.
-Critical > VoLTESettingDisableDuringCall | Use to specify whether to grey out VoLTE-related settings during an active VoLTE call.
-Critical > VoLTEToggleDescription | Use to customize the VoLTE toggle description. To customize the VoLTE toggle description, set VoLTEToggleDescription to the name of the resource-only .dll file, specifying the string offset. For example: @DisplayStrings.dll,-101.
-Critical > VoLTEToggleSettingDisableDuringCall | Use to specify whether to grey out the VoLTE toggle during an active VoLTE call.
-Critical > VoLTEToggleTitle | Use to customize the VoLTE toggle label. To customize the VoLTE toggle label, set VoLTEToggleTitle to the name of the resource-only .dll file, specifying the string offset. For example: @DisplayStrings.dll,-102.
-Critical > WFCSettingDisableDuringCall | Use to specify whether to grey out the Wi-Fi calling settings during an active VoLTE call.
-Disable2GByDefault | Select **Yes** to disable 2G by default. Select **No** to enable 2G.
-Disabled2GNoticeDescription | Enter text to customize the notification for disabled 2G.
-GenericWifiCallingErrorMessage | Enter text to customize the generic error message when a Wi-Fi calling error occurs.
-Hide3GPP2ModeSelection | Select **Yes** to hide the **CDMA** option in the network **Mode** selection drop-down menu. Select **No** to show the **CDMA** option.
-Hide3GPP2Selection | For 3GPP2 or CDMA phones, select **Yes** to hide the **Network Type** drop-down menu in the **SIM** settings screen. Select **No** to show **Network Type**.
-Hide3GPPNetworks | For 3GPP or GSM phones, select **Yes** to hide the **Network Type** drop-down menu in the **SIM settings** screen. Select **No** to show **Network Type**.
-HideAPN | Select **Yes** to hide the **add internet APN** button in the **SIM settings** screen. Select **No** to show **add internet APN**.
-HideAPNIPType | Select **Yes** to hide the **IP type** list in the **internet APN** settings screen. Select **No** to show **IP type**.
-HideDisabled2GNotice | Select **Yes** to hide the notification for disabled 2G. Select **No** to show the notification for disabled 2G.
-HideHighestSpeed | Select **Yes** to hide the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show **Highest connection speed**.
-HideHighestSpeed2G | Select **Yes** to hide the 2G option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 2G option.
-HideHighestSpeed3GOnly | Select **Yes** to hide the 3G option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 3G option.
-HideHighestSpeed4G | Select **Yes** to hide the 4G option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 4G option.
-HideHighestSpeed4G3GOnly | Select **Yes** to hide the 4G or 3G Only option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 4G or 3G Only option.
-HideHighestSpeed4GOnly | Select **Yes** to hide the 4G Only option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 4G Only option.
-HideLTEAttachAPN | Select **Yes** to hide the **LTE attach APN** button on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the **LTE attach APN** button.
-HideMMSAPN | Select **Yes** to hide the **add mms apn** button on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the **add mms apn** button.
-HideMMSAPNIPType | Select **Yes** to hide the APN IP type selector on the MMS APN page. Select **No** to show the APN IP type selector.
-HideModeSelection | Select **Yes** to hide the **Network Mode selection** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the **Network Mode selection**.
-HidePersoUnlock | Select **Yes** to hide the Perso unlock UI. Select **No** to show the Perso unlock UI. (Removed in Windows 10, version 1803.)
-HighestSpeed2G | You can customize the listed names of the connection speeds with their own character codes. To modify "2G" to another character code, change the value of HighestSpeed2G. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.
-HighestSpeed3G | You can customize the listed names of the connection speeds with their own character codes. To modify "3G" to another character code, change the value of HighestSpeed3G. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.
-HighestSpeed3GOnly | You can customize the listed names of the connection speeds with their own character codes. To modify "3G Only" to another character code, change the value of HighestSpeed3GOnly. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.
-HighestSpeed3GPreferred | You can customize the listed names of the connection speeds with their own character codes. To modify "3G Preferred" to another character code, change the value of HighestSpeed3GPreferred. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.
-HighestSpeed4G | You can customize the listed names of the connection speeds with their own character codes. To modify "4G" to another character code, change the value of HighestSpeed4G. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.
-HighestSpeed4G3GOnly | You can customize the listed names of the connection speeds with their own character codes. To modify "4G or 3G Only" to another character code, change the value of HighestSpeed4G3GOnly. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.
-HighestSpeed4GOnly | You can customize the listed names of the connection speeds with their own character codes. To modify "4G Only" to another character code, change the value of HighestSpeed4GOnly. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.
-HighestSpeedTitle | You can customize the **Highest connection speed** drop-down label in the **Settings** > **Cellular+SIM** > **SIM** settings page. To change the Highest connection speed drop-down label, set HighestSpeedTitle to another string. For example, you can set this to "Preferred connection speed".
-IsATTSpecific | Control the roaming text for AT&T devices. AT&T requires the phone to show a particular roaming text to meet their legal and marketing guidelines. By default, if the user chooses **roam** under **Data roaming options** in the **Settings** > **Cellular+SIM** screen, they will see the following text: *Depending on your service agreement, you might pay more when using data roaming.* If you set IsATTSpecific to **Yes**, the following roaming text will be displayed instead: *International data roaming charges apply for data usage outside the United States, Puerto Rico, and United States Virgin Islands. Don’t allow roaming to avoid international data roaming charges.*
-LTEAttachGUID | Set the value for LTEAttachGuid to the OemConnectionId GUID used for the LTE attach profile in the modem. The value is a GUID in the string format *XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX*.
-MMSAPNIPTypeIfHidden | Select between **IPV4**, **IPV6**, **IPV4V6**, and **IPV4V6XLAT** for default MMS APN IP type.
-ShowExtendedRejectCodes | When a reject code is sent by the network, partners can specify that extended error messages should be displayed instead of the standard simple error messages. This customization is only intended for use when required by the mobile operator’s network. The short versions of the extended reject message are shown in the following screens:- Phone tile in Start- Call History screen- Dialer- Call Progress screen- Incoming Call screen- As the status string under Settings > cellular+SIMThe long version of the extended reject message is shown under the Active Network label in **Settings** > **cellular+SIM**. Select **Yes** to show the extended error message. Select **No** to hide the extended error message. See [Error messages for reject codes](#errorreject) to see the versions of the message.
-ShowHighestSpeed3GPreferred | Select **Yes** to show the **3G Preferred** option in the **Highest connection speed** drop-down menu. Select **No** to hide **3G Preferred**.
-ShowManualAvoidance | Select **Yes** to show the **Switch to next network manually** button in SIM settings when Mode Selection is CDMA on a C+G dual SIM phone. Select **No** to hide the **Switch to next network manually** button
-ShowPreferredPLMNPage | Select **Yes** to show the preferred public land mobile network (PLMN) page in SIM settings.
-ShowSpecificWifiCallingError | Select **Yes** to show a specific error message based on operator requirements.
-ShowViewAPN | Select **Yes** to show the **View Internet APN** button in **Settings** > **cellular+SIM**.
-ShowWifiCallingEmergencyCallWarning | Select **Yes** to show Wi-Fi emergency call warning.
-ShowWifiCallingError | Select **Yes** to show Wi-Fi calling error message.
-SlotSelectionSim1Name | Enter text for the name of SIM 1 in slot selection UI. (Removed in Windows 10, version 1803.)
-SlotSelectionSim2Name | Enter text for the name of SIM 2 in slot selection UI. (Removed in Windows 10, version 1803.)
-SuppressDePersoUI | Suppress DePerso UI to unlock Perso. (Removed in Windows 10, version 1803.)
+|Setting |Description|
+|:--|:--|
+|atomicRoamingTableSettings3GPP |If you enable 3GPP roaming, configure the following settings:- **Exceptions** maps the SerialNumber key to the Exceptions value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "Exceptions" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (Exceptions). The data in the regvalue is a string representing an MCC-MNC pair, such as "410510" where 410 is the MCC and 510 is the MNC.- **HomePLMN** maps the SerialNumber key to the HomePLMN value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "HomePLMN" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (HomePLMN). The data in the regvalue is a string representing an MCC-MNC pair, such as "410510" where 410 is the MCC and 510 is the MNC.- **TargetImsi** maps the SerialNubmer key to the TargetIMSI value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "TargetImsi" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (TargetImsi). The data in the regvalue is a string representing an MCC-MNC pair, such as "410510" where 410 is the MCC and 510 is the MNC. |
+|atomicRoamingTableSettings3GPP2 |If you enable 3GPP2 roaming, configure the following settings:- **Home** maps the SerialNumber key to the Home value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "Home" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (Home). The data in the regvalue is a DWORD representing the Roaming Indicator. - **Roaming** maps the SerialNumber key to the Roaming value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "Roaming" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (Roaming). The data in the regvalue is a DWORD representing the Roaming Indicator. |
+|AvoidStayingInManualSelection |You can enable permanent automatic mode for mobile networks that require the cellular settings to revert to automatic network selection after the user has manually selected another network when roaming or out of range of the home network. |
+|CardAllowList |Define the list of SIM cards allowed in the first slot of a C+G dual SIM phone. This setting is used only if **CardLock** is set to allow it. If **CardLock** is not set, this list is ignored. To configure the list of SIM cards allowed in the first slot, set the value for CardAllowList to a comma-separated MCC:MNC list. You can also use wild cards, represented by an asterisk (*), to accept any value. For example, you can set the value to \`310:410,311:*,404:012,310:70\`.|
+|CardBlockList |Define the list of SIM cards that are not allowed in the first slot of a C+G dual SIM phone. This setting is used only if **CardLock** is set to allow it. If **CardLock** is not set, this list is ignored. To configure the list of SIM cards that are not allowed in the first slot, set the value for CardBlockList to a comma separated MCC:MNC list. You can also use wild cards, represented by an asterisk (*), to accept any value. For example, you can set the value to \`310:410,311:*,404:012,310:70\`. |
+|CardLock |Used to enforce either the card allow list or both the card allow and block lists on a C+G dual SIM phone. |
+|Critical > MultivariantProvisionedSPN |Used to change the default friendly SIM names in dual SIM phones. By default, the OS displays SIM 1 or SIM 2 as the default friendly name for the SIM in slot 1 or slot 2 if the service provider name (SPN) or mobile operator name has not been set. Partners can use this setting to change the default name read from the SIM to define the SPN for SIM cards that do not contain this information or to generate the default friendly name for the SIM. The OS uses the default value as the display name for the SIM or SPN in the Start screen and other parts of the UI including the SIM settings screen. For dual SIM phones that contain SIMs from the same mobile operator, the names that appear in the UI may be similar. See [Values for MultivariantProvisionedSPN](#spn).|
+|Critical > SimNameWithoutMSISDNENabled |Use this setting to remove the trailing MSISDN digits from the service provider name (SPN) in the phone UI. By default, the OS appends the trailing MSISDN digits to the service provider name (SPN) in the phone UI, including on the phone and messaging apps. If required by mobile operators, OEMs can use the SimNameWithoutMSISDNEnabled setting to remove the trailing MSISDN digits. However, you must use this setting together with **MultivariantProvisionedSPN** to suppress the MSISDN digits. |
+|DisableLTESupportWhenRoaming |Set to **Yes** to disable LTE support when roaming.|
+|EnableIMSWhenRoaming|Set to **Yes** to enable IMS when roaming.|
+|ExcludedSystemTypesByDefault |Set the default value for **Highest connection speed** in the **Settings** > **Cellular & SIM** > **SIM** screen by specifying the bitmask for any combination of radio technology to be excluded from the default value. The connection speed that has not been excluded will show up as the highest connection speed. On dual SIM phones that only support up to 3G connection speeds, the **Highest connection speed** option is replaced by a 3G on/off toggle based on the per-device setting. Enter the binary setting to exclude 4G (`10000`) or 3G (`01000`). |
+|LTEEnabled |Select **Yes** to enable LTE, and **No** to disable LTE. |
+|LTEForced |Select **Yes** to force LTE. |
+|NetworkSuffix |To meet branding requirements for some mobile operators, you can add a suffix to the network name that is displayed on the phone. For example, you can change from ABC to ABC 3G when under 3G coverage. This feature can be applied for any radio access technology (RAT). For TD-SCDMA RAT, a 3G suffix is always appended by default, but partners can also customize this the same way as with any other RAT. In the setting name, set SYSTEMTYPE to the network type that you want to append the network name to and click **Add**:- system type 4: 2G (GSM)- system type 8: 3G (UMTS)- system type 16: LTE- system type 32: 3G (TS-SCDMA)Select the system type that you added, and enter the network name and suffix that you want displayed.|
+|NitzFiltering |For mobile networks that can receive Network Identity and Time Zone (NITZ) information from multiple sources, partners can set the phone to ignore the time received from an LTE network. Time received from a CDMA network is not affected. Set the value of NitzFiltering to `0x10`.|
+|OperatorListForExcludedSystemTypes |Enter a comma-separated list of MCC and MNC (MCC:MNC) for which system types should be restricted. For mobile operators that require more control over the system types that their phones use to connect to the mobile operators' networks, OEMs can specify the MCC and MNC of other specific operators that the main mobile operator wishes to limit. If the UICC's MCC and MNC matches any of the pairs that OEMs can specify for the operator, a specified RIL system type will be removed from the UICC regardless of its app types, slot position, or executor mapping. This setting is used only for China. OEMs should not use this setting unless required by the mobile operator. Set the value of the OperatorListForExcludedSystemTypes setting a comma separated list of MCC:MNC pairs for which the system types should be restricted. For example, the value can be set to 310:026,310:030 to restrict operators with an MCC:MNC of 310:026 and 310:030. (Removed in Windows 10, version 1803.)|
+|OperatorPreferredForFasterRadio |Set Issuer Identification Number (IIN) or partial ICCID of preferred operator for the faster radio. For mobile operators that require more control over the system types that their phones use to connect to the mobile operators' networks, OEMs can map a partial ICCID or an Industry Identification Number (IIN) to the faster radio regardless of which SIM card is chosen for data connectivity. This setting is used only for China. OEMs should not use this setting unless required by the mobile operator. To map a partial ICCID or an IIN to the faster radio regardless of which SIM card is chosen for data connectivity, set the value of OperatorPreferredForFasterRadio to match the IIN or the ICCID, up to 7 digits, of the preferred operator. (Removed in Windows 10, version 1803.) |
+|SuggestDataRoamingARD |Use to show the data roaming suggestion dialog when roaming and the data roaming setting is set to no roaming. |
-
-
-
-
-### General
-
-| Setting | Description |
-|----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| atomicRoamingTableSettings3GPP | If you enable 3GPP roaming, configure the following settings:- **Exceptions** maps the SerialNumber key to the Exceptions value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "Exceptions" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (Exceptions). The data in the regvalue is a string representing an MCC-MNC pair, such as "410510" where 410 is the MCC and 510 is the MNC.- **HomePLMN** maps the SerialNumber key to the HomePLMN value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "HomePLMN" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (HomePLMN). The data in the regvalue is a string representing an MCC-MNC pair, such as "410510" where 410 is the MCC and 510 is the MNC.- **TargetImsi** maps the SerialNubmer key to the TargetIMSI value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "TargetImsi" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (TargetImsi). The data in the regvalue is a string representing an MCC-MNC pair, such as "410510" where 410 is the MCC and 510 is the MNC. |
-| atomicRoamingTableSettings3GPP2 | If you enable 3GPP2 roaming, configure the following settings:- **Home** maps the SerialNumber key to the Home value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "Home" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (Home). The data in the regvalue is a DWORD representing the Roaming Indicator. - **Roaming** maps the SerialNumber key to the Roaming value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "Roaming" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (Roaming). The data in the regvalue is a DWORD representing the Roaming Indicator. |
-| AvoidStayingInManualSelection | You can enable permanent automatic mode for mobile networks that require the cellular settings to revert to automatic network selection after the user has manually selected another network when roaming or out of range of the home network. |
-| CardAllowList | Define the list of SIM cards allowed in the first slot of a C+G dual SIM phone. This setting is used only if **CardLock** is set to allow it. If **CardLock** is not set, this list is ignored. To configure the list of SIM cards allowed in the first slot, set the value for CardAllowList to a comma-separated MCC:MNC list. You can also use wild cards, represented by an asterisk (*), to accept any value. For example, you can set the value to \`310:410,311:*,404:012,310:70\`. |
-| CardBlockList | Define the list of SIM cards that are not allowed in the first slot of a C+G dual SIM phone. This setting is used only if **CardLock** is set to allow it. If **CardLock** is not set, this list is ignored. To configure the list of SIM cards that are not allowed in the first slot, set the value for CardBlockList to a comma separated MCC:MNC list. You can also use wild cards, represented by an asterisk (*), to accept any value. For example, you can set the value to \`310:410,311:*,404:012,310:70\`. |
-| CardLock | Used to enforce either the card allow list or both the card allow and block lists on a C+G dual SIM phone. |
-| Critical > MultivariantProvisionedSPN | Used to change the default friendly SIM names in dual SIM phones. By default, the OS displays SIM 1 or SIM 2 as the default friendly name for the SIM in slot 1 or slot 2 if the service provider name (SPN) or mobile operator name has not been set. Partners can use this setting to change the default name read from the SIM to define the SPN for SIM cards that do not contain this information or to generate the default friendly name for the SIM. The OS uses the default value as the display name for the SIM or SPN in the Start screen and other parts of the UI including the SIM settings screen. For dual SIM phones that contain SIMs from the same mobile operator, the names that appear in the UI may be similar. See [Values for MultivariantProvisionedSPN](#spn). |
-| Critical > SimNameWithoutMSISDNENabled | Use this setting to remove the trailing MSISDN digits from the service provider name (SPN) in the phone UI. By default, the OS appends the trailing MSISDN digits to the service provider name (SPN) in the phone UI, including on the phone and messaging apps. If required by mobile operators, OEMs can use the SimNameWithoutMSISDNEnabled setting to remove the trailing MSISDN digits. However, you must use this setting together with **MultivariantProvisionedSPN** to suppress the MSISDN digits. |
-| DisableLTESupportWhenRoaming | Set to **Yes** to disable LTE support when roaming. |
-| EnableIMSWhenRoaming | Set to **Yes** to enable IMS when roaming. |
-| ExcludedSystemTypesByDefault | Set the default value for **Highest connection speed** in the **Settings** > **Cellular & SIM** > **SIM** screen by specifying the bitmask for any combination of radio technology to be excluded from the default value. The connection speed that has not been excluded will show up as the highest connection speed. On dual SIM phones that only support up to 3G connection speeds, the **Highest connection speed** option is replaced by a 3G on/off toggle based on the per-device setting. Enter the binary setting to exclude 4G (`10000`) or 3G (`01000`). |
-| LTEEnabled | Select **Yes** to enable LTE, and **No** to disable LTE. |
-| LTEForced | Select **Yes** to force LTE. |
-| NetworkSuffix | To meet branding requirements for some mobile operators, you can add a suffix to the network name that is displayed on the phone. For example, you can change from ABC to ABC 3G when under 3G coverage. This feature can be applied for any radio access technology (RAT). For TD-SCDMA RAT, a 3G suffix is always appended by default, but partners can also customize this the same way as with any other RAT. In the setting name, set SYSTEMTYPE to the network type that you want to append the network name to and click **Add**:- system type 4: 2G (GSM)- system type 8: 3G (UMTS)- system type 16: LTE- system type 32: 3G (TS-SCDMA)Select the system type that you added, and enter the network name and suffix that you want displayed. |
-| NitzFiltering | For mobile networks that can receive Network Identity and Time Zone (NITZ) information from multiple sources, partners can set the phone to ignore the time received from an LTE network. Time received from a CDMA network is not affected. Set the value of NitzFiltering to `0x10`. |
-| OperatorListForExcludedSystemTypes | Enter a comma-separated list of MCC and MNC (MCC:MNC) for which system types should be restricted. For mobile operators that require more control over the system types that their phones use to connect to the mobile operators' networks, OEMs can specify the MCC and MNC of other specific operators that the main mobile operator wishes to limit. If the UICC's MCC and MNC matches any of the pairs that OEMs can specify for the operator, a specified RIL system type will be removed from the UICC regardless of its app types, slot position, or executor mapping. This setting is used only for China. OEMs should not use this setting unless required by the mobile operator. Set the value of the OperatorListForExcludedSystemTypes setting a comma separated list of MCC:MNC pairs for which the system types should be restricted. For example, the value can be set to 310:026,310:030 to restrict operators with an MCC:MNC of 310:026 and 310:030. (Removed in Windows 10, version 1803.) |
-| OperatorPreferredForFasterRadio | Set Issuer Identification Number (IIN) or partial ICCID of preferred operator for the faster radio. For mobile operators that require more control over the system types that their phones use to connect to the mobile operators' networks, OEMs can map a partial ICCID or an Industry Identification Number (IIN) to the faster radio regardless of which SIM card is chosen for data connectivity. This setting is used only for China. OEMs should not use this setting unless required by the mobile operator. To map a partial ICCID or an IIN to the faster radio regardless of which SIM card is chosen for data connectivity, set the value of OperatorPreferredForFasterRadio to match the IIN or the ICCID, up to 7 digits, of the preferred operator. (Removed in Windows 10, version 1803.) |
-| SuggestDataRoamingARD | Use to show the data roaming suggestion dialog when roaming and the data roaming setting is set to no roaming. |
-
-
-### RCS
+## RCS
See descriptions in Windows Configuration Designer.
-
+## SMS
-
-### SMS
+|Setting |Description|
+|:--|:--|
+|AckExpirySeconds |Set the value, in seconds, for how long to wait for a client ACK before trying to deliver.|
+|DefaultMCC |Set the default mobile country code (MCC). |
+|Encodings > GSM7BitEncodingPage |Enter the code page value for the 7-bit GSM default alphabet encoding. Values:- Code page value: 55000 (Setting value: 0xD6D8)(Code page: default alphabet)- Code page value: 55001 (Setting value: 0xD6D9)(Code page: GSM with single shift for Spanish)- Code page value: 55002 (Setting value: 0xD6DA)(Code page: GSM with single shift for Portuguese)- Code page value: 55003 (Setting value: 0xD6DB)(Code page: GSM with single shift for Turkish)- Code page value: 55004 (Setting value: 0xD6DC)(Code page: SMS Greek Reduction)|
+|Encodings > GSM8BitEncodingPage |Enter the code page value for GSM 8-bit encoding (OEM set). OEM-created code page IDs should be in the range 55050–55099.|
+|Encodings > OctetEncodingPage |Set the octet (binary) encoding.|
+|Encodings > SendUDHNLSS |Set the 7 bit GSM shift table encoding. |
+|Encodings > UseASCII |Set the 7 bit ASCII encoding. Used only for CDMA carriers that use 7-bit ASCII encoding instead of GSM 7-bit encoding.|
+|Encodings > UseKeyboardLangague |Set whether to use the keyboard language (Portuguese, Spanish, or Turkish) based encoding (set shift table based on keyboard language).|
+|IncompleteMsgDeliverySeconds |Set the value, in seconds, for long to wait for all parts of multisegment Sprint messages for concatenation. |
+|MessageExpirySeconds |Partners can set the expiration time before the phone deletes the received parts of a long SMS message. For example, if the phone is waiting for a three-part SMS message and the first part has been received, the first part will be deleted when the time expires and the other part of the message has not arrived. If the second part of the message arrives before the time expires, the first and second parts of the message will be deleted if the last part does not arrive after the time expires. The expiration time is reset whenever the next part of the long message is received. Set MessageExpirySeconds to the number seconds that the phone should wait before deleting the received parts of a long SMS messages. This value should be in hexadecimal and must be prefixed with 0x. The default value is 0x15180, which is equivalent to 1 day or 86,400 seconds. |
+|SmsFragmentLimit|Partners can specify a maximum length for SMS messages. This requires setting both the maximum number of SMS fragments per SMS message, from 1 to 255, and the maximum size in bytes of each SMS fragment, from 16 to 140 bytes. Use SmsFragmentLimit to set the maximum number of bytes in the user data body of an SMS message. You must set the value between 16 (0x10) and 140 (0x8C). You must also use SmsPageLimit to set the maximum number of segments in a concatenated SMS message. |
+|SmsPageLimit|Partners can specify a maximum length for SMS messages. This requires setting both the maximum number of SMS fragments per SMS message, from 1 to 255, and the maximum size in bytes of each SMS fragment, from 16 to 140 bytes. Use SmsPageLimit to set the maximum number of segments in a concatenated SMS message. You must set the value to 255 (0xFF) or smaller. You must also use SmsFragmentLimit to set the maximum number of bytes in the body of the SMS message.|
+|SprintFragmentInfoInBody |Partners can enable the messaging client to allow users to enter more than 160 characters per message. Messages longer than 160 characters are sent as multiple SMS messages that contain a tag at the beginning of the message in the form "(1/2)", where the first number represents the segment or part number and the second number represents the total number of segments or parts. Multiple messages are limited to 6 total segments. When enabled, the user cannot enter more characters after the 6 total segments limit is reached. Any message received with tags at the beginning is recombined with its corresponding segments and shown as one composite message.|
+|Type3GPP > ErrorHandling > ErrorType |Enter a name for ERRORCODE3GPP, and click **Add**. Configure the error type that you added as **Transient Failure** or **Permanent Failure**.|
+|Type3GPP > ErrorHandling > FriendlyErrorClass |Enter a name for ERRORCODE3GPP, and click **Add**. Configure the error class that you added as **generic error**, **invalid recipient address**, or **network connectivity trouble**.|
+|Type3GPP > IMS > SmsUse16BitReferenceNumbers |Configure whether to use 8-bit or 16-bit message ID (reference number) in the UDH.|
+|Type3GPP2 > ErrorHandling > FriendlyErrorClass |Enter a name for ERRORCODE3GPP2, and click **Add**. Configure the error class that you added as **generic error**, **invalid recipient address**, or **network connectivity trouble**.|
+| Type3GPP2 > ErrorHandling > UseReservedAsPermanent |Set the 3GPP2 permanent error type.|
-| Setting | Description |
-|----------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| AckExpirySeconds | Set the value, in seconds, for how long to wait for a client ACK before trying to deliver. |
-| DefaultMCC | Set the default mobile country code (MCC). |
-| Encodings > GSM7BitEncodingPage | Enter the code page value for the 7-bit GSM default alphabet encoding. Values:- Code page value: 55000 (Setting value: 0xD6D8)(Code page: default alphabet)- Code page value: 55001 (Setting value: 0xD6D9)(Code page: GSM with single shift for Spanish)- Code page value: 55002 (Setting value: 0xD6DA)(Code page: GSM with single shift for Portuguese)- Code page value: 55003 (Setting value: 0xD6DB)(Code page: GSM with single shift for Turkish)- Code page value: 55004 (Setting value: 0xD6DC)(Code page: SMS Greek Reduction) |
-| Encodings > GSM8BitEncodingPage | Enter the code page value for GSM 8-bit encoding (OEM set). OEM-created code page IDs should be in the range 55050–55099. For more information, see [Add encoding extension tables for SMS](/windows-hardware/customize/mobile/mcsf/add-encoding-extension-tables-for-sms). |
-| Encodings > OctetEncodingPage | Set the octet (binary) encoding. |
-| Encodings > SendUDHNLSS | Set the 7 bit GSM shift table encoding. |
-| Encodings > UseASCII | Set the 7 bit ASCII encoding. Used only for CDMA carriers that use 7-bit ASCII encoding instead of GSM 7-bit encoding. |
-| Encodings > UseKeyboardLangague | Set whether to use the keyboard language (Portuguese, Spanish, or Turkish) based encoding (set shift table based on keyboard language). |
-| IncompleteMsgDeliverySeconds | Set the value, in seconds, for long to wait for all parts of multisegment Sprint messages for concatenation. |
-| MessageExpirySeconds | Partners can set the expiration time before the phone deletes the received parts of a long SMS message. For example, if the phone is waiting for a three-part SMS message and the first part has been received, the first part will be deleted when the time expires and the other part of the message has not arrived. If the second part of the message arrives before the time expires, the first and second parts of the message will be deleted if the last part does not arrive after the time expires. The expiration time is reset whenever the next part of the long message is received. Set MessageExpirySeconds to the number seconds that the phone should wait before deleting the received parts of a long SMS messages. This value should be in hexadecimal and must be prefixed with 0x. The default value is 0x15180, which is equivalent to 1 day or 86,400 seconds. |
-| SmsFragmentLimit | Partners can specify a maximum length for SMS messages. This requires setting both the maximum number of SMS fragments per SMS message, from 1 to 255, and the maximum size in bytes of each SMS fragment, from 16 to 140 bytes. Use SmsFragmentLimit to set the maximum number of bytes in the user data body of an SMS message. You must set the value between 16 (0x10) and 140 (0x8C). You must also use SmsPageLimit to set the maximum number of segments in a concatenated SMS message. |
-| SmsPageLimit | Partners can specify a maximum length for SMS messages. This requires setting both the maximum number of SMS fragments per SMS message, from 1 to 255, and the maximum size in bytes of each SMS fragment, from 16 to 140 bytes. Use SmsPageLimit to set the maximum number of segments in a concatenated SMS message. You must set the value to 255 (0xFF) or smaller. You must also use SmsFragmentLimit to set the maximum number of bytes in the body of the SMS message. |
-| SprintFragmentInfoInBody | Partners can enable the messaging client to allow users to enter more than 160 characters per message. Messages longer than 160 characters are sent as multiple SMS messages that contain a tag at the beginning of the message in the form "(1/2)", where the first number represents the segment or part number and the second number represents the total number of segments or parts. Multiple messages are limited to 6 total segments. When enabled, the user cannot enter more characters after the 6 total segments limit is reached. Any message received with tags at the beginning is recombined with its corresponding segments and shown as one composite message. |
-| Type3GPP > ErrorHandling > ErrorType | Enter a name for ERRORCODE3GPP, and click **Add**. Configure the error type that you added as **Transient Failure** or **Permanent Failure**. |
-| Type3GPP > ErrorHandling > FriendlyErrorClass | Enter a name for ERRORCODE3GPP, and click **Add**. Configure the error class that you added as **generic error**, **invalid recipient address**, or **network connectivity trouble**. |
-| Type3GPP > IMS > SmsUse16BitReferenceNumbers | Configure whether to use 8-bit or 16-bit message ID (reference number) in the UDH. |
-| Type3GPP2 > ErrorHandling > FriendlyErrorClass | Enter a name for ERRORCODE3GPP2, and click **Add**. Configure the error class that you added as **generic error**, **invalid recipient address**, or **network connectivity trouble**. |
-| Type3GPP2 > ErrorHandling > UseReservedAsPermanent | Set the 3GPP2 permanent error type. |
-
-
-### UTK
-
-Setting | Description
---- | ---
-UIDefaultDuration | Specifies the default time, in milliseconds, that the DISPLAY TEXT, GET INKEY, PLAY TONE, or SELECT ITEM dialog should be displayed. The default value is 60000 milliseconds (60 seconds). The valid value range is 1-120000.
-UIGetInputDuration | Specifies the default time, in milliseconds, that the GET INPUT dialog should be displayed. The default value is 120000 milliseconds (120 seconds). The valid value range is 1-120000.
+### UTK
+|Setting |Description|
+|:---|:---|
+|UIDefaultDuration | Specifies the default time, in milliseconds, that the DISPLAY TEXT, GET INKEY, PLAY TONE, or SELECT ITEM dialog should be displayed. The default value is 60000 milliseconds (60 seconds). The valid value range is 1-120000. |
+|UIGetInputDuration |Specifies the default time, in milliseconds, that the GET INPUT dialog should be displayed. The default value is 120000 milliseconds (120 seconds). The valid value range is 1-120000.|
### VoLTE
-Setting | Description
---- | ---
-IMSOMADMServices | Allows configuration of OMA DM Services Mask. The value is mapped directly to RIL_IMS_NW_ENABLED_FLAGS on the modem side. To configure the OMA DM services mask, set the IMSOMADMServices setting to one of the following values:- None, Flag: 0, Bitmask: 00000- OMA DM, Flag: 1, Bitmask: 00001- Voice, Flag: 2, Bitmask: 00010- Video, Flag: 4, Bitmask: 00100- EAB presence, Flag: 8, Bitmask: 01000- Enable all services, Flag: 15, Bitmask: 10000
-IMSServices | Identifies which IMS services are enabled (if any). The value is any combination of flags 1 (IMS), 2 (SMS over IMS), 4 (Voice over IMS) and 8 (Video Over IMS). Set the value for the IMSServices setting to any combination of the following flags or bitmasks:- IMS, Flag: 1, Bitmask: 0001- SMS over IMS, Flag: 2, Bitmask: 0010- Voice over IMS, Flag: 4, Bitmask: 0100Video over IMS, Flag: 8, Bitmask: 1000
+|Setting | Description|
+|:---|:---|
+|IMSOMADMServices |Allows configuration of OMA DM Services Mask. The value is mapped directly to RIL_IMS_NW_ENABLED_FLAGS on the modem side. To configure the OMA DM services mask, set the IMSOMADMServices setting to one of the following values:- None, Flag: 0, Bitmask: 00000- OMA DM, Flag: 1, Bitmask: 00001- Voice, Flag: 2, Bitmask: 00010- Video, Flag: 4, Bitmask: 00100- EAB presence, Flag: 8, Bitmask: 01000- Enable all services, Flag: 15, Bitmask: 10000|
+|IMSServices |Identifies which IMS services are enabled (if any). The value is any combination of flags 1 (IMS), 2 (SMS over IMS), 4 (Voice over IMS) and 8 (Video Over IMS). Set the value for the IMSServices setting to any combination of the following flags or bitmasks:- IMS, Flag: 1, Bitmask: 0001- SMS over IMS, Flag: 2, Bitmask: 0010- Voice over IMS, Flag: 4, Bitmask: 0100Video over IMS, Flag: 8, Bitmask: 1000|
+## Error messages for reject codes
-
-## Error messages for reject codes
+|Reject code |Extended error message |Short error message|
+|:---|:---|:---|
+|2 (The SIM card hasn't been activated or has been deactivated) | SIM not set up MM#2 | Invalid SIM|
+|3 (The SIM card fails authentication or one of the identity check procedures. This can also happen due to a duplication of the TMSI across different MSCs.) |Can't verify SIM MM#3 |Invalid SIM|
+|6 (The device has been put on a block list, such as when the phone has been stolen or the IMEI is restricted.) | Phone not allowed MM#6 | No service|
-
-Reject code | Extended error message | Short error message
---- | --- | ---
-2 (The SIM card hasn't been activated or has been deactivated) | SIM not set up MM#2 | Invalid SIM
-3 (The SIM card fails authentication or one of the identity check procedures. This can also happen due to a duplication of the TMSI across different MSCs.) | Can't verify SIM MM#3 | Invalid SIM
-6 (The device has been put on a block list, such as when the phone has been stolen or the IMEI is restricted.) | Phone not allowed MM#6 | No service
-
-
-## Values for MultivariantProvisionedSPN
+## Values for MultivariantProvisionedSPN
Set the MultivariantProvisionedSPN value to the name of the SPN or mobile operator.
-The following table shows the scenarios supported by this customization:
+The following table shows the scenarios supported by this customization.
>[!NOTE]
>In the Default SIM name column:
@@ -431,14 +398,13 @@ The following table shows the scenarios supported by this customization:
>- MultivariantProvisionedSPN means the value that you set for the MultivariantProvisionedSPN setting.
>- SIM 1 or SIM 2 is the default friendly name for the SIM in slot 1 or slot 2.
-
-Multivariant setting set?|SPN provisioned?|MSISDN (last 4 digits: 1234, for example) provisioned?|Default SIM name
---- | --- | --- | ---
-Yes|Yes|Yes|*MultivariantProvisionedSPN*1234 or *MultivariantProvisionedSPN*" "1234
-Yes|No|No|*MultivariantProvisionedSPN* (up to 16 characters)
-Yes|Yes|No|*MultivariantProvisionedSPN* (up to 16 characters)
-Yes|No|Yes|*MultivariantProvisionedSPN*1234 or *MultivariantProvisionedSPN*" "1234
-No|Yes|Yes|If SPN string >= 12: *SPN*1234If SPN string < 12: *SPN*" "1234
-No|No|No|*SIM 1* or *SIM 2*
-No|Yes|No|SPN (up to 16 characters)
-No|No|Yes|*SIM 1* or *SIM 2*
+|Multivariant setting set?|SPN provisioned?|MSISDN (last 4 digits: 1234, for example) provisioned?|Default SIM name|
+|:---|:---|:---|:---|
+|Yes|Yes|Yes|*MultivariantProvisionedSPN*1234 or *MultivariantProvisionedSPN*" "1234|
+|Yes|No|No|*MultivariantProvisionedSPN* (up to 16 characters)|
+|Yes|Yes|No|*MultivariantProvisionedSPN* (up to 16 characters)|
+|Yes|No|Yes|*MultivariantProvisionedSPN*1234 or *MultivariantProvisionedSPN*" "1234|
+|No|Yes|Yes|If SPN string >= 12: *SPN*1234If SPN string < 12: *SPN*" "1234|
+|No|No|No|*SIM 1* or *SIM 2*|
+|No|Yes|No|SPN (up to 16 characters)|
+|No|No|Yes|*SIM 1* or *SIM 2*|
diff --git a/windows/configuration/wcd/wcd-cellular.md b/windows/configuration/wcd/wcd-cellular.md
index f2ba57eae2..d0a091f53f 100644
--- a/windows/configuration/wcd/wcd-cellular.md
+++ b/windows/configuration/wcd/wcd-cellular.md
@@ -4,8 +4,6 @@ ms.reviewer:
manager: dougeby
description: This section describes the Cellular settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-certificates.md b/windows/configuration/wcd/wcd-certificates.md
index 668d0bb304..a83e01ed1d 100644
--- a/windows/configuration/wcd/wcd-certificates.md
+++ b/windows/configuration/wcd/wcd-certificates.md
@@ -2,8 +2,6 @@
title: Certificates (Windows 10)
description: This section describes the Certificates settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-changes.md b/windows/configuration/wcd/wcd-changes.md
index d196972424..7fae1e2c06 100644
--- a/windows/configuration/wcd/wcd-changes.md
+++ b/windows/configuration/wcd/wcd-changes.md
@@ -4,8 +4,6 @@ ms.reviewer:
manager: dougeby
description: This section describes the changes to settings in Windows Configuration Designer in Windows 10, version 1809.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-cleanpc.md b/windows/configuration/wcd/wcd-cleanpc.md
index 090081972f..fdcbf1dd2a 100644
--- a/windows/configuration/wcd/wcd-cleanpc.md
+++ b/windows/configuration/wcd/wcd-cleanpc.md
@@ -2,8 +2,6 @@
title: CleanPC (Windows 10)
description: This section describes the CleanPC settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-connections.md b/windows/configuration/wcd/wcd-connections.md
index e71332a303..24465ae5a5 100644
--- a/windows/configuration/wcd/wcd-connections.md
+++ b/windows/configuration/wcd/wcd-connections.md
@@ -2,8 +2,6 @@
title: Connections (Windows 10)
description: This section describes the Connections settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-connectivityprofiles.md b/windows/configuration/wcd/wcd-connectivityprofiles.md
index 4f9bd01b6e..307aab14ca 100644
--- a/windows/configuration/wcd/wcd-connectivityprofiles.md
+++ b/windows/configuration/wcd/wcd-connectivityprofiles.md
@@ -2,8 +2,6 @@
title: ConnectivityProfiles (Windows 10)
description: This section describes the ConnectivityProfile settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-countryandregion.md b/windows/configuration/wcd/wcd-countryandregion.md
index e09bfedbeb..2d326165c7 100644
--- a/windows/configuration/wcd/wcd-countryandregion.md
+++ b/windows/configuration/wcd/wcd-countryandregion.md
@@ -2,8 +2,6 @@
title: CountryAndRegion (Windows 10)
description: This section describes the CountryAndRegion settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-desktopbackgroundandcolors.md b/windows/configuration/wcd/wcd-desktopbackgroundandcolors.md
index e8ea46b7dc..dccfa2bfd8 100644
--- a/windows/configuration/wcd/wcd-desktopbackgroundandcolors.md
+++ b/windows/configuration/wcd/wcd-desktopbackgroundandcolors.md
@@ -2,8 +2,6 @@
title: DesktopBackgroundAndColors (Windows 10)
description: This section describes the DesktopBackgrounAndColors settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-developersetup.md b/windows/configuration/wcd/wcd-developersetup.md
index 6d1c176a3d..62715da105 100644
--- a/windows/configuration/wcd/wcd-developersetup.md
+++ b/windows/configuration/wcd/wcd-developersetup.md
@@ -2,8 +2,6 @@
title: DeveloperSetup (Windows 10)
description: This section describes the DeveloperSetup settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-deviceformfactor.md b/windows/configuration/wcd/wcd-deviceformfactor.md
index 8a4fe3064e..6a101c9fd1 100644
--- a/windows/configuration/wcd/wcd-deviceformfactor.md
+++ b/windows/configuration/wcd/wcd-deviceformfactor.md
@@ -2,8 +2,6 @@
title: DeviceFormFactor (Windows 10)
description: This section describes the DeviceFormFactor setting that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-devicemanagement.md b/windows/configuration/wcd/wcd-devicemanagement.md
index 32484edbd9..a5bb59742b 100644
--- a/windows/configuration/wcd/wcd-devicemanagement.md
+++ b/windows/configuration/wcd/wcd-devicemanagement.md
@@ -2,8 +2,6 @@
title: DeviceManagement (Windows 10)
description: This section describes the DeviceManagement setting that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-deviceupdatecenter.md b/windows/configuration/wcd/wcd-deviceupdatecenter.md
index 440ed6459b..83bb19007c 100644
--- a/windows/configuration/wcd/wcd-deviceupdatecenter.md
+++ b/windows/configuration/wcd/wcd-deviceupdatecenter.md
@@ -2,8 +2,6 @@
title: DeviceUpdateCenter (Windows 10)
description: This section describes the DeviceUpdateCenter settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-dmclient.md b/windows/configuration/wcd/wcd-dmclient.md
index ed596c0b34..1154e1643c 100644
--- a/windows/configuration/wcd/wcd-dmclient.md
+++ b/windows/configuration/wcd/wcd-dmclient.md
@@ -2,8 +2,6 @@
title: DMClient (Windows 10)
description: This section describes the DMClient setting that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-editionupgrade.md b/windows/configuration/wcd/wcd-editionupgrade.md
index 9c2e199008..114234aa5d 100644
--- a/windows/configuration/wcd/wcd-editionupgrade.md
+++ b/windows/configuration/wcd/wcd-editionupgrade.md
@@ -2,8 +2,6 @@
title: EditionUpgrade (Windows 10)
description: This section describes the EditionUpgrade settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-firewallconfiguration.md b/windows/configuration/wcd/wcd-firewallconfiguration.md
index 574f4d2a0d..a31d1cddcb 100644
--- a/windows/configuration/wcd/wcd-firewallconfiguration.md
+++ b/windows/configuration/wcd/wcd-firewallconfiguration.md
@@ -2,8 +2,6 @@
title: FirewallConfiguration (Windows 10)
description: This section describes the FirewallConfiguration setting that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-firstexperience.md b/windows/configuration/wcd/wcd-firstexperience.md
index a830d6925b..025c70a9b5 100644
--- a/windows/configuration/wcd/wcd-firstexperience.md
+++ b/windows/configuration/wcd/wcd-firstexperience.md
@@ -2,8 +2,6 @@
title: FirstExperience (Windows 10)
description: This section describes the FirstExperience settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-folders.md b/windows/configuration/wcd/wcd-folders.md
index 1008dd3172..e45a67e31a 100644
--- a/windows/configuration/wcd/wcd-folders.md
+++ b/windows/configuration/wcd/wcd-folders.md
@@ -2,8 +2,6 @@
title: Folders (Windows 10)
description: This section describes the Folders settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-hotspot.md b/windows/configuration/wcd/wcd-hotspot.md
index cf3eb21000..db0317ff32 100644
--- a/windows/configuration/wcd/wcd-hotspot.md
+++ b/windows/configuration/wcd/wcd-hotspot.md
@@ -2,8 +2,6 @@
title: HotSpot (Windows 10)
description: This section describes the HotSpot settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-kioskbrowser.md b/windows/configuration/wcd/wcd-kioskbrowser.md
index 9e653528de..0f38069d39 100644
--- a/windows/configuration/wcd/wcd-kioskbrowser.md
+++ b/windows/configuration/wcd/wcd-kioskbrowser.md
@@ -2,8 +2,6 @@
title: KioskBrowser (Windows 10)
description: This section describes the KioskBrowser settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-licensing.md b/windows/configuration/wcd/wcd-licensing.md
index 8342ca38d7..5e1385d91a 100644
--- a/windows/configuration/wcd/wcd-licensing.md
+++ b/windows/configuration/wcd/wcd-licensing.md
@@ -2,8 +2,6 @@
title: Licensing (Windows 10)
description: This section describes the Licensing settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-location.md b/windows/configuration/wcd/wcd-location.md
index 3e0a47a230..65d0cf04b9 100644
--- a/windows/configuration/wcd/wcd-location.md
+++ b/windows/configuration/wcd/wcd-location.md
@@ -2,8 +2,6 @@
title: Location (Windows 10)
description: This section describes the Location settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-maps.md b/windows/configuration/wcd/wcd-maps.md
index cdb5ff8a79..fa05e3ac5d 100644
--- a/windows/configuration/wcd/wcd-maps.md
+++ b/windows/configuration/wcd/wcd-maps.md
@@ -2,8 +2,6 @@
title: Maps (Windows 10)
description: This section describes the Maps settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-networkproxy.md b/windows/configuration/wcd/wcd-networkproxy.md
index e16622e753..20e53f7d72 100644
--- a/windows/configuration/wcd/wcd-networkproxy.md
+++ b/windows/configuration/wcd/wcd-networkproxy.md
@@ -2,8 +2,6 @@
title: NetworkProxy (Windows 10)
description: This section describes the NetworkProxy settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-networkqospolicy.md b/windows/configuration/wcd/wcd-networkqospolicy.md
index 24179089bf..46d1804745 100644
--- a/windows/configuration/wcd/wcd-networkqospolicy.md
+++ b/windows/configuration/wcd/wcd-networkqospolicy.md
@@ -2,8 +2,6 @@
title: NetworkQoSPolicy (Windows 10)
description: This section describes the NetworkQoSPolicy settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-oobe.md b/windows/configuration/wcd/wcd-oobe.md
index 7ab4e1b5f7..f885d27c0e 100644
--- a/windows/configuration/wcd/wcd-oobe.md
+++ b/windows/configuration/wcd/wcd-oobe.md
@@ -4,8 +4,6 @@ ms.reviewer:
manager: dougeby
description: This section describes the OOBE settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-personalization.md b/windows/configuration/wcd/wcd-personalization.md
index 6bfb8c53ab..ecd6a488c9 100644
--- a/windows/configuration/wcd/wcd-personalization.md
+++ b/windows/configuration/wcd/wcd-personalization.md
@@ -2,8 +2,6 @@
title: Personalization (Windows 10)
description: This section describes the Personalization settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-policies.md b/windows/configuration/wcd/wcd-policies.md
index c894bdc784..fddfc8e061 100644
--- a/windows/configuration/wcd/wcd-policies.md
+++ b/windows/configuration/wcd/wcd-policies.md
@@ -4,8 +4,6 @@ ms.reviewer:
manager: dougeby
description: This section describes the Policies settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-privacy.md b/windows/configuration/wcd/wcd-privacy.md
index ff0d8ba5c4..827c8bad55 100644
--- a/windows/configuration/wcd/wcd-privacy.md
+++ b/windows/configuration/wcd/wcd-privacy.md
@@ -2,8 +2,6 @@
title: Privacy (Windows 10)
description: This section describes the Privacy settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-provisioningcommands.md b/windows/configuration/wcd/wcd-provisioningcommands.md
index 353d7fc8d7..fe6ca80426 100644
--- a/windows/configuration/wcd/wcd-provisioningcommands.md
+++ b/windows/configuration/wcd/wcd-provisioningcommands.md
@@ -2,8 +2,6 @@
title: ProvisioningCommands (Windows 10)
description: This section describes the ProvisioningCommands settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-sharedpc.md b/windows/configuration/wcd/wcd-sharedpc.md
index e92b9ff5e9..f3035e6415 100644
--- a/windows/configuration/wcd/wcd-sharedpc.md
+++ b/windows/configuration/wcd/wcd-sharedpc.md
@@ -2,8 +2,6 @@
title: SharedPC (Windows 10)
description: This section describes the SharedPC settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-smisettings.md b/windows/configuration/wcd/wcd-smisettings.md
index 18f8ce37ce..c3e15932b1 100644
--- a/windows/configuration/wcd/wcd-smisettings.md
+++ b/windows/configuration/wcd/wcd-smisettings.md
@@ -2,8 +2,6 @@
title: SMISettings (Windows 10)
description: This section describes the SMISettings settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-start.md b/windows/configuration/wcd/wcd-start.md
index c06113474f..04bbf138fd 100644
--- a/windows/configuration/wcd/wcd-start.md
+++ b/windows/configuration/wcd/wcd-start.md
@@ -2,8 +2,6 @@
title: Start (Windows 10)
description: This section describes the Start settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-startupapp.md b/windows/configuration/wcd/wcd-startupapp.md
index 97b161c250..ad8220553a 100644
--- a/windows/configuration/wcd/wcd-startupapp.md
+++ b/windows/configuration/wcd/wcd-startupapp.md
@@ -2,8 +2,6 @@
title: StartupApp (Windows 10)
description: This section describes the StartupApp settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-startupbackgroundtasks.md b/windows/configuration/wcd/wcd-startupbackgroundtasks.md
index 4e26559f04..dba45f6c55 100644
--- a/windows/configuration/wcd/wcd-startupbackgroundtasks.md
+++ b/windows/configuration/wcd/wcd-startupbackgroundtasks.md
@@ -2,8 +2,6 @@
title: StartupBackgroundTasks (Windows 10)
description: This section describes the StartupBackgroundTasks settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-storaged3inmodernstandby.md b/windows/configuration/wcd/wcd-storaged3inmodernstandby.md
index 4ef3ca8adf..83269cd2b6 100644
--- a/windows/configuration/wcd/wcd-storaged3inmodernstandby.md
+++ b/windows/configuration/wcd/wcd-storaged3inmodernstandby.md
@@ -2,8 +2,6 @@
title: StorageD3InModernStandby (Windows 10)
description: This section describes the StorageD3InModernStandby settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-surfacehubmanagement.md b/windows/configuration/wcd/wcd-surfacehubmanagement.md
index 227a05ff2f..4d3996dcfd 100644
--- a/windows/configuration/wcd/wcd-surfacehubmanagement.md
+++ b/windows/configuration/wcd/wcd-surfacehubmanagement.md
@@ -2,8 +2,6 @@
title: SurfaceHubManagement (Windows 10)
description: This section describes the SurfaceHubManagement settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-tabletmode.md b/windows/configuration/wcd/wcd-tabletmode.md
index 7365638aa4..7c8c7a37e3 100644
--- a/windows/configuration/wcd/wcd-tabletmode.md
+++ b/windows/configuration/wcd/wcd-tabletmode.md
@@ -2,8 +2,6 @@
title: TabletMode (Windows 10)
description: This section describes the TabletMode settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-takeatest.md b/windows/configuration/wcd/wcd-takeatest.md
index 0fc360651c..b4843fdb7b 100644
--- a/windows/configuration/wcd/wcd-takeatest.md
+++ b/windows/configuration/wcd/wcd-takeatest.md
@@ -2,8 +2,6 @@
title: TakeATest (Windows 10)
description: This section describes the TakeATest settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-time.md b/windows/configuration/wcd/wcd-time.md
index 19dc4a9203..c2a766d169 100644
--- a/windows/configuration/wcd/wcd-time.md
+++ b/windows/configuration/wcd/wcd-time.md
@@ -2,8 +2,6 @@
title: Time (Windows 10)
description: This section describes the Time settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-unifiedwritefilter.md b/windows/configuration/wcd/wcd-unifiedwritefilter.md
index 7a54c8d4a2..8c8c8648db 100644
--- a/windows/configuration/wcd/wcd-unifiedwritefilter.md
+++ b/windows/configuration/wcd/wcd-unifiedwritefilter.md
@@ -2,8 +2,6 @@
title: UnifiedWriteFilter (Windows 10)
description: This section describes the UnifiedWriteFilter settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-universalappinstall.md b/windows/configuration/wcd/wcd-universalappinstall.md
index 3eec0e5b18..f62e4299e3 100644
--- a/windows/configuration/wcd/wcd-universalappinstall.md
+++ b/windows/configuration/wcd/wcd-universalappinstall.md
@@ -2,8 +2,6 @@
title: UniversalAppInstall (Windows 10)
description: This section describes the UniversalAppInstall settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-universalappuninstall.md b/windows/configuration/wcd/wcd-universalappuninstall.md
index 38594be3eb..690bfc3ea4 100644
--- a/windows/configuration/wcd/wcd-universalappuninstall.md
+++ b/windows/configuration/wcd/wcd-universalappuninstall.md
@@ -2,8 +2,6 @@
title: UniversalAppUninstall (Windows 10)
description: This section describes the UniversalAppUninstall settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-usberrorsoemoverride.md b/windows/configuration/wcd/wcd-usberrorsoemoverride.md
index 946006edef..1c9909507e 100644
--- a/windows/configuration/wcd/wcd-usberrorsoemoverride.md
+++ b/windows/configuration/wcd/wcd-usberrorsoemoverride.md
@@ -2,8 +2,6 @@
title: UsbErrorsOEMOverride (Windows 10)
description: This section describes the UsbErrorsOEMOverride settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-weakcharger.md b/windows/configuration/wcd/wcd-weakcharger.md
index 057f4eb2ea..676df2efed 100644
--- a/windows/configuration/wcd/wcd-weakcharger.md
+++ b/windows/configuration/wcd/wcd-weakcharger.md
@@ -2,8 +2,6 @@
title: WeakCharger (Windows 10)
description: This section describes the WeakCharger settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-windowshelloforbusiness.md b/windows/configuration/wcd/wcd-windowshelloforbusiness.md
index 9549606c41..f42e48ac49 100644
--- a/windows/configuration/wcd/wcd-windowshelloforbusiness.md
+++ b/windows/configuration/wcd/wcd-windowshelloforbusiness.md
@@ -2,8 +2,6 @@
title: WindowsHelloForBusiness (Windows 10)
description: This section describes the Windows Hello for Business settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-windowsteamsettings.md b/windows/configuration/wcd/wcd-windowsteamsettings.md
index 37390601a1..51e2f55a43 100644
--- a/windows/configuration/wcd/wcd-windowsteamsettings.md
+++ b/windows/configuration/wcd/wcd-windowsteamsettings.md
@@ -2,8 +2,6 @@
title: WindowsTeamSettings (Windows 10)
description: This section describes the WindowsTeamSettings settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-wlan.md b/windows/configuration/wcd/wcd-wlan.md
index 810a9d27b4..2709497450 100644
--- a/windows/configuration/wcd/wcd-wlan.md
+++ b/windows/configuration/wcd/wcd-wlan.md
@@ -4,8 +4,6 @@ ms.reviewer:
manager: dougeby
description: This section describes the WLAN settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-workplace.md b/windows/configuration/wcd/wcd-workplace.md
index a61acc7311..ee8d4e0bc6 100644
--- a/windows/configuration/wcd/wcd-workplace.md
+++ b/windows/configuration/wcd/wcd-workplace.md
@@ -2,8 +2,6 @@
title: Workplace (Windows 10)
description: This section describes the Workplace settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd.md b/windows/configuration/wcd/wcd.md
index a0de3514c7..6fb2f329ca 100644
--- a/windows/configuration/wcd/wcd.md
+++ b/windows/configuration/wcd/wcd.md
@@ -2,8 +2,6 @@
title: Windows Configuration Designer provisioning settings (Windows 10)
description: This section describes the settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/windows-10-accessibility-for-ITPros.md b/windows/configuration/windows-10-accessibility-for-ITPros.md
index 2bbae9dfc2..3f9a6310d2 100644
--- a/windows/configuration/windows-10-accessibility-for-ITPros.md
+++ b/windows/configuration/windows-10-accessibility-for-ITPros.md
@@ -3,8 +3,6 @@ title: Windows 10 accessibility information for IT Pros (Windows 10)
description: Lists the various accessibility features available in Windows 10 with links to detailed guidance on how to set them
keywords: accessibility, settings, vision, hearing, physical, cognition, assistive
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
ms.author: aaroncz
author: aczechowski
ms.localizationpriority: medium
diff --git a/windows/configuration/windows-10-start-layout-options-and-policies.md b/windows/configuration/windows-10-start-layout-options-and-policies.md
index 917fc0e4f1..4965185168 100644
--- a/windows/configuration/windows-10-start-layout-options-and-policies.md
+++ b/windows/configuration/windows-10-start-layout-options-and-policies.md
@@ -1,13 +1,9 @@
---
title: Customize and manage the Windows 10 Start and taskbar layout (Windows 10) | Microsoft Docs
description: On Windows devices, customize the start menu layout and taskbar using XML, group policy, provisioning package, or MDM policy. You can add pinned folders, add a start menu size, pin apps to the taskbar, and more.
-ms.assetid: 2E94743B-6A49-463C-9448-B7DD19D9CD6A
ms.reviewer:
manager: dougeby
-keywords: ["start screen", "start menu"]
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.author: aaroncz
ms.topic: article
diff --git a/windows/configuration/windows-spotlight.md b/windows/configuration/windows-spotlight.md
index 962bb26a07..88baf2f9e0 100644
--- a/windows/configuration/windows-spotlight.md
+++ b/windows/configuration/windows-spotlight.md
@@ -1,13 +1,9 @@
---
title: Configure Windows Spotlight on the lock screen (Windows 10)
description: Windows Spotlight is an option for the lock screen background that displays different background images on the lock screen.
-ms.assetid: 1AEA51FA-A647-4665-AD78-2F3FB27AD46A
ms.reviewer:
manager: dougeby
-keywords: ["lockscreen"]
ms.prod: w10
-ms.mktglfcycl: explore
-ms.sitesec: library
author: aczechowski
ms.author: aaroncz
ms.topic: article
diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml
index 0e700e4349..cbeb91ed35 100644
--- a/windows/deployment/TOC.yml
+++ b/windows/deployment/TOC.yml
@@ -184,51 +184,86 @@
href: update/deploy-updates-intune.md
- name: Monitor Windows client updates
items:
- - name: Monitor Delivery Optimization
- href: do/waas-delivery-optimization-setup.md#monitor-delivery-optimization
- - name: Monitor Windows Updates
+ - name: Monitor with Update Compliance (preview version)
+ href: update/update-compliance-v2-overview.md
+ items:
+ - name: Enable Update Compliance (preview)
+ items:
+ - name: Update Compliance prerequisites
+ href: update/update-compliance-v2-prerequisites.md
+ - name: Enable the Update Compliance solution
+ href: update/update-compliance-v2-enable.md
+ - name: Configure clients with a script
+ href: update/update-compliance-v2-configuration-script.md
+ - name: Configure clients manually
+ href: update/update-compliance-v2-configuration-manual.md
+ - name: Configure clients with Microsoft Endpoint Manager
+ href: update/update-compliance-v2-configuration-mem.md
+ - name: Use Update Compliance (preview)
+ items:
+ - name: Use Update Compliance
+ href: update/update-compliance-v2-use.md
+ - name: Software updates in the Microsoft admin center (preview)
+ href: update/update-status-admin-center.md
+ - name: Update Compliance schema reference (preview)
items:
- - name: Monitor Windows Updates with Update Compliance
- href: update/update-compliance-monitor.md
- - name: Get started
- items:
- - name: Get started with Update Compliance
- href: update/update-compliance-get-started.md
- - name: Update Compliance configuration script
- href: update/update-compliance-configuration-script.md
- - name: Manually configuring devices for Update Compliance
- href: update/update-compliance-configuration-manual.md
- - name: Configuring devices for Update Compliance in Microsoft Endpoint Manager
- href: update/update-compliance-configuration-mem.md
- - name: Update Compliance monitoring
- items:
- - name: Use Update Compliance
- href: update/update-compliance-using.md
- - name: Need attention report
- href: update/update-compliance-need-attention.md
- - name: Security update status report
- href: update/update-compliance-security-update-status.md
- - name: Feature update status report
- href: update/update-compliance-feature-update-status.md
- - name: Safeguard holds report
- href: update/update-compliance-safeguard-holds.md
- - name: Delivery Optimization in Update Compliance
- href: update/update-compliance-delivery-optimization.md
- - name: Data handling and privacy in Update Compliance
- href: update/update-compliance-privacy.md
- - name: Update Compliance schema reference
- href: update/update-compliance-schema.md
- items:
- - name: WaaSUpdateStatus
- href: update/update-compliance-schema-waasupdatestatus.md
- - name: WaaSInsiderStatus
- href: update/update-compliance-schema-waasinsiderstatus.md
- - name: WaaSDepoymentStatus
- href: update/update-compliance-schema-waasdeploymentstatus.md
- - name: WUDOStatus
- href: update/update-compliance-schema-wudostatus.md
- - name: WUDOAggregatedStatus
- href: update/update-compliance-schema-wudoaggregatedstatus.md
+ - name: Update Compliance schema reference
+ href: update/update-compliance-v2-schema.md
+ - name: UCClient
+ href: update/update-compliance-v2-schema-ucclient.md
+ - name: UCClientReadinessStatus
+ href: update/update-compliance-v2-schema-ucclientreadinessstatus.md
+ - name: UCClientUpdateStatus
+ href: update/update-compliance-v2-schema-ucclientupdatestatus.md
+ - name: UCDeviceAlert
+ href: update/update-compliance-v2-schema-ucdevicealert.md
+ - name: UCServiceUpdateStatus
+ href: update/update-compliance-v2-schema-ucserviceupdatestatus.md
+ - name: UCUpdateAlert
+ href: update/update-compliance-v2-schema-ucupdatealert.md
+ - name: Monitor updates with Update Compliance
+ href: update/update-compliance-monitor.md
+ items:
+ - name: Get started
+ items:
+ - name: Get started with Update Compliance
+ href: update/update-compliance-get-started.md
+ - name: Update Compliance configuration script
+ href: update/update-compliance-configuration-script.md
+ - name: Manually configuring devices for Update Compliance
+ href: update/update-compliance-configuration-manual.md
+ - name: Configuring devices for Update Compliance in Microsoft Endpoint Manager
+ href: update/update-compliance-configuration-mem.md
+ - name: Update Compliance monitoring
+ items:
+ - name: Use Update Compliance
+ href: update/update-compliance-using.md
+ - name: Need attention report
+ href: update/update-compliance-need-attention.md
+ - name: Security update status report
+ href: update/update-compliance-security-update-status.md
+ - name: Feature update status report
+ href: update/update-compliance-feature-update-status.md
+ - name: Safeguard holds report
+ href: update/update-compliance-safeguard-holds.md
+ - name: Delivery Optimization in Update Compliance
+ href: update/update-compliance-delivery-optimization.md
+ - name: Data handling and privacy in Update Compliance
+ href: update/update-compliance-privacy.md
+ - name: Schema reference
+ items:
+ - name: Update Compliance schema reference
+ href: update/update-compliance-schema.md
+ - name: WaaSUpdateStatus
+ href: update/update-compliance-schema-waasupdatestatus.md
+ - name: WaaSInsiderStatus
+ href: update/update-compliance-schema-waasinsiderstatus.md
+ - name: WaaSDepoymentStatus
+ href: update/update-compliance-schema-waasdeploymentstatus.md
+ - name: WUDOStatus
+ href: update/update-compliance-schema-wudostatus.md
+ - name: WUDOAggregatedStatus
+ href: update/update-compliance-schema-wudoaggregatedstatus.md
- name: Troubleshooting
items:
- name: Resolve upgrade errors
diff --git a/windows/deployment/Windows-AutoPilot-EULA-note.md b/windows/deployment/Windows-AutoPilot-EULA-note.md
index ea378aa5e9..7fce81849b 100644
--- a/windows/deployment/Windows-AutoPilot-EULA-note.md
+++ b/windows/deployment/Windows-AutoPilot-EULA-note.md
@@ -2,16 +2,11 @@
title: Windows Autopilot EULA dismissal – important information
description: A notice about EULA dismissal through Windows Autopilot
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: deploy
ms.localizationpriority: medium
-ms.audience: itpro
ms.date: 08/22/2017
author: aczechowski
ms.author: aaroncz
manager: dougeby
-audience: itpro
ROBOTS: NOINDEX
ms.topic: article
---
diff --git a/windows/deployment/add-store-apps-to-image.md b/windows/deployment/add-store-apps-to-image.md
index def6469305..ba83569cc0 100644
--- a/windows/deployment/add-store-apps-to-image.md
+++ b/windows/deployment/add-store-apps-to-image.md
@@ -1,13 +1,8 @@
---
title: Add Microsoft Store for Business applications to a Windows 10 image
description: This article describes the correct way to add Microsoft Store for Business applications to a Windows 10 image.
-keywords: upgrade, update, windows, windows 10, deploy, store, image, wim
ms.prod: w10
-ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: deploy
-audience: itpro
author: aczechowski
ms.author: aaroncz
ms.reviewer:
diff --git a/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md b/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md
index 129bdcec47..a841cb6907 100644
--- a/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md
+++ b/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md
@@ -1,13 +1,8 @@
---
title: Configure a PXE server to load Windows PE (Windows 10)
description: This topic describes how to configure a PXE server to load Windows PE so that it can be used with an image file to install Windows 10 from the network.
-keywords: upgrade, update, windows, windows 10, pxe, WinPE, image, wim
ms.prod: w10
-ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: deploy
-audience: itpro
author: aczechowski
manager: dougeby
ms.author: aaroncz
diff --git a/windows/deployment/deploy-enterprise-licenses.md b/windows/deployment/deploy-enterprise-licenses.md
index 409ecf66ed..abb43c1a9e 100644
--- a/windows/deployment/deploy-enterprise-licenses.md
+++ b/windows/deployment/deploy-enterprise-licenses.md
@@ -1,16 +1,10 @@
---
title: Deploy Windows 10/11 Enterprise licenses
manager: dougeby
-ms.audience: itpro
ms.author: aaroncz
description: Steps to deploy Windows 10 Enterprise or Windows 11 Enterprise licenses for Windows 10/11 Enterprise E3 or E5 Subscription Activation, or for Windows 10/11 Enterprise E3 in CSP
-keywords: upgrade, update, task sequence, deploy
ms.prod: w10
-ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: mdt
-audience: itpro
author: aczechowski
ms.topic: article
ms.collection: highpri
@@ -89,7 +83,7 @@ For more information about integrating on-premises AD DS domains with Azure AD,
## Preparing for deployment: reviewing requirements
-Devices must be running Windows 10 Pro, version 1703, or later and be Azure Active Directory joined, or hybrid domain joined with Azure AD Connect. Customers who are federated with Azure Active Directory are also eligible. For more information, see [Review requirements on devices](#review-requirements-on-devices), later in this topic.
+Devices must be running Windows 10 Pro, version 1703, or later and be Azure Active Directory-joined, or hybrid domain joined with Azure AD Connect. Customers who are federated with Azure Active Directory are also eligible. For more information, see [Review requirements on devices](#review-requirements-on-devices), later in this topic.
## Assigning licenses to users
@@ -241,12 +235,12 @@ Use the following figures to help you troubleshoot when users experience these c
### Review requirements on devices
-Devices must be running Windows 10 Pro, version 1703 (or later), and be Azure Active Directory joined, or hybrid domain joined with Azure AD Connect. Customers who are federated with Azure Active Directory are also eligible. You can use the following procedures to review whether a particular device meets requirements.
+Devices must be running Windows 10 Pro, version 1703 (or later), and be Azure Active Directory-joined, or hybrid domain joined with Azure AD Connect. Customers who are federated with Azure Active Directory are also eligible. You can use the following procedures to review whether a particular device meets requirements.
-**To determine if a device is Azure Active Directory joined:**
+**To determine if a device is Azure Active Directory-joined:**
1. Open a command prompt and type **dsregcmd /status**.
-2. Review the output under Device State. If the **AzureAdJoined** status is YES, the device is Azure Active Directory joined.
+2. Review the output under Device State. If the **AzureAdJoined** status is YES, the device is Azure Active Directory-joined.
**To determine the version of Windows 10:**
diff --git a/windows/deployment/deploy-m365.md b/windows/deployment/deploy-m365.md
index d5c45465ba..c32aeb19ba 100644
--- a/windows/deployment/deploy-m365.md
+++ b/windows/deployment/deploy-m365.md
@@ -5,12 +5,7 @@ manager: dougeby
ms.author: aaroncz
description: Learn about deploying Windows 10 with Microsoft 365 and how to use a free 90-day trial account to review some of the benefits of Microsoft 365.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: deploy
-keywords: deployment, automate, tools, configure, mdt, sccm, M365
ms.localizationpriority: medium
-audience: itpro
author: aczechowski
ms.topic: article
ms.collection: M365-modern-desktop
@@ -50,7 +45,7 @@ You can check out the Microsoft 365 deployment advisor and other resources for f
>[!NOTE]
>If you have not run a setup guide before, you will see the **Prepare your environment** guide first. This is to make sure you have basics covered like domain verification and a method for adding users. At the end of the "Prepare your environment" guide, there will be a **Ready to continue** button that sends you to the original guide that was selected.
-1. [Obtain a free M365 trial](/office365/admin/try-or-buy-microsoft-365).
+1. [Explore Microsoft 365](https://www.microsoft.com/microsoft-365/business/).
2. Check out the [Microsoft 365 deployment advisor](https://aka.ms/microsoft365setupguide).
3. Also check out the [Windows Analytics deployment advisor](/mem/configmgr/desktop-analytics/overview). This advisor will walk you through deploying [Desktop Analytics](/mem/configmgr/desktop-analytics/overview).
diff --git a/windows/deployment/deploy-whats-new.md b/windows/deployment/deploy-whats-new.md
index e534cf8937..6f43fb16f4 100644
--- a/windows/deployment/deploy-whats-new.md
+++ b/windows/deployment/deploy-whats-new.md
@@ -3,13 +3,8 @@ title: What's new in Windows client deployment
manager: dougeby
ms.author: aaroncz
description: Use this article to learn about new solutions and online content related to deploying Windows in your organization.
-keywords: deployment, automate, tools, configure, news
-ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.prod: w10
-ms.sitesec: library
-ms.pagetype: deploy
-audience: itpro
author: aczechowski
ms.topic: article
ms.custom: seo-marvel-apr2020
diff --git a/windows/deployment/deploy-windows-cm/add-a-windows-10-operating-system-image-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/add-a-windows-10-operating-system-image-using-configuration-manager.md
index 54ab2b9cb1..1e4ef75b50 100644
--- a/windows/deployment/deploy-windows-cm/add-a-windows-10-operating-system-image-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/add-a-windows-10-operating-system-image-using-configuration-manager.md
@@ -1,16 +1,11 @@
---
title: Add a Windows 10 operating system image using Configuration Manager
description: Operating system images are typically the production image used for deployment throughout the organization.
-ms.assetid: 77f769cc-1a47-4f36-8082-201cd77b8d3b
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-keywords: image, deploy, distribute
ms.prod: w10
-ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.sitesec: library
-audience: itpro
author: aczechowski
ms.topic: article
ms.custom: seo-marvel-apr2020
diff --git a/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
index b007f111f0..4dad48dc9d 100644
--- a/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
@@ -1,16 +1,11 @@
---
title: Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager
description: Learn how to configure the Windows Preinstallation Environment (Windows PE) to include required network and storage drivers.
-ms.assetid: 97b3ea46-28d9-407e-8c42-ded2e45e8d5c
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-keywords: deploy, task sequence
ms.prod: w10
ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.sitesec: library
-audience: itpro
author: aczechowski
ms.topic: article
ms.custom: seo-marvel-apr2020
diff --git a/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md b/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
index 75682905f1..e925ac8f45 100644
--- a/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
@@ -1,16 +1,11 @@
---
title: Create a custom Windows PE boot image with Configuration Manager (Windows 10)
description: Learn how to create custom Windows Preinstallation Environment (Windows PE) boot images in Microsoft Endpoint Configuration Manager.
-ms.assetid: b9e96974-324d-4fa4-b0ce-33cfc49c4809
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-keywords: tool, customize, deploy, boot image
ms.prod: w10
-ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.sitesec: library
-audience: itpro
author: aczechowski
ms.topic: article
ms.custom: seo-marvel-apr2020
diff --git a/windows/deployment/deploy-windows-cm/create-a-task-sequence-with-configuration-manager-and-mdt.md b/windows/deployment/deploy-windows-cm/create-a-task-sequence-with-configuration-manager-and-mdt.md
index 98787c6771..260b79eadd 100644
--- a/windows/deployment/deploy-windows-cm/create-a-task-sequence-with-configuration-manager-and-mdt.md
+++ b/windows/deployment/deploy-windows-cm/create-a-task-sequence-with-configuration-manager-and-mdt.md
@@ -1,17 +1,11 @@
---
title: Create a task sequence with Configuration Manager (Windows 10)
description: Create a Configuration Manager task sequence with Microsoft Deployment Toolkit (MDT) integration using the MDT wizard.
-ms.assetid: 0b069bec-5be8-47c6-bf64-7a630f41ac98
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-keywords: deploy, upgrade, task sequence, install
ms.prod: w10
-ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.pagetype: mdt
-ms.sitesec: library
-audience: itpro
author: aczechowski
ms.topic: article
---
diff --git a/windows/deployment/deploy-windows-cm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md
index 7aaa9cb56d..caae9de1b6 100644
--- a/windows/deployment/deploy-windows-cm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md
@@ -1,16 +1,11 @@
---
title: Create an app to deploy with Windows 10 using Configuration Manager
description: Microsoft Microsoft Endpoint Manager supports deploying applications as part of the Windows 10 deployment process.
-ms.assetid: 2dfb2f39-1597-4999-b4ec-b063e8a8c90c
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-keywords: deployment, task sequence, custom, customize
ms.prod: w10
ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.sitesec: library
-audience: itpro
author: aczechowski
ms.topic: article
---
diff --git a/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md b/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md
index 0851a5ac05..55d9928a01 100644
--- a/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md
@@ -1,15 +1,10 @@
---
title: Deploy Windows 10 using PXE and Configuration Manager (Windows 10)
description: In this topic, you will learn how to deploy Windows 10 using Microsoft Endpoint Manager deployment packages and task sequences.
-ms.assetid: fb93f514-5b30-4f4b-99dc-58e6860009fa
manager: dougeby
ms.author: aaroncz
-keywords: deployment, image, UEFI, task sequence
ms.prod: w10
-ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.sitesec: library
-audience: itpro
author: aczechowski
ms.topic: article
ms.collection: highpri
diff --git a/windows/deployment/deploy-windows-cm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md b/windows/deployment/deploy-windows-cm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md
index 4222c890b9..15ccee4085 100644
--- a/windows/deployment/deploy-windows-cm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md
@@ -1,16 +1,11 @@
---
title: Finalize operating system configuration for Windows 10 deployment
description: This article provides a walk-through to finalize the configuration of your Windows 10 operating deployment.
-ms.assetid: 38b55fa8-e717-4689-bd43-8348751d493e
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-keywords: configure, deploy, upgrade
ms.prod: w10
ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.sitesec: library
-audience: itpro
author: aczechowski
ms.topic: article
ms.custom: seo-marvel-apr2020
diff --git a/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md b/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
index 0f6b99c4e4..75efdc9ba8 100644
--- a/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
@@ -1,16 +1,11 @@
---
title: Prepare for Zero Touch Installation of Windows 10 with Configuration Manager
description: Learn how to prepare a Zero Touch Installation of Windows 10 with Configuration Manager, by integrating Configuration Manager with Microsoft Deployment Toolkit.
-ms.assetid: 06e3a221-31ef-47a5-b4da-3b927cb50d08
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-keywords: install, configure, deploy, deployment
ms.prod: w10
ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.sitesec: library
-audience: itpro
author: aczechowski
ms.topic: article
ms.custom: seo-marvel-apr2020
diff --git a/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
index 511ddc7920..117dedd018 100644
--- a/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
@@ -1,16 +1,11 @@
---
title: Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager
description: Learn how to use Configuration Manager and Microsoft Deployment Toolkit (MDT) to refresh a Windows 7 SP1 client with Windows 10.
-ms.assetid: 57c81667-1019-4711-b3de-15ae9c5387c7
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-keywords: upgrade, install, installation, computer refresh
ms.prod: w10
-ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.sitesec: library
-audience: itpro
author: aczechowski
ms.topic: article
ms.custom: seo-marvel-apr2020
diff --git a/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
index 0f06e2c3b6..242bcd70ee 100644
--- a/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
@@ -1,16 +1,11 @@
---
title: Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager
description: In this topic, you will learn how to replacing a Windows 7 SP1 computer using Microsoft Endpoint Configuration Manager.
-ms.assetid: 3c8a2d53-8f08-475f-923a-bca79ca8ac36
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-keywords: upgrade, install, installation, replace computer, setup
ms.prod: w10
-ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.sitesec: library
-audience: itpro
author: aczechowski
ms.topic: article
ms.custom: seo-marvel-apr2020
diff --git a/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md b/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md
index 7b65bb7a4d..dd7097e837 100644
--- a/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md
@@ -1,15 +1,11 @@
---
title: Perform in-place upgrade to Windows 10 via Configuration Manager
description: Learn how to perform an in-place upgrade to Windows 10 by automating the process with a Microsoft Endpoint Manager task sequence.
-ms.assetid: F8DF6191-0DB0-4EF5-A9B1-6A11D5DE4878
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-keywords: upgrade, update, task sequence, deploy
ms.prod: w10
ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-audience: itpro
author: aczechowski
ms.topic: article
ms.custom: seo-marvel-apr2020
diff --git a/windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt.md b/windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt.md
index f7703a6713..15fb8922d8 100644
--- a/windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt.md
@@ -1,17 +1,11 @@
---
title: Assign applications using roles in MDT (Windows 10)
description: This topic will show you how to add applications to a role in the MDT database and then assign that role to a computer.
-ms.assetid: d82902e4-de9c-4bc4-afe0-41d649b83ce7
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-keywords: settings, database, deploy
ms.prod: w10
-ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: mdt
-audience: itpro
author: aczechowski
ms.topic: article
---
diff --git a/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md b/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md
index 267f99374a..3300697ddc 100644
--- a/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md
+++ b/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md
@@ -1,17 +1,11 @@
---
title: Build a distributed environment for Windows 10 deployment (Windows 10)
description: In this topic, you will learn how to replicate your Windows 10 deployment shares to facilitate the deployment of Windows 10 in remote or branch locations.
-ms.assetid: a6cd5657-6a16-4fff-bfb4-44760902d00c
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-keywords: replication, replicate, deploy, configure, remote
ms.prod: w10
-ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: mdt
-audience: itpro
author: aczechowski
ms.topic: article
---
diff --git a/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md b/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md
index ae5d2449b7..078bb06ca8 100644
--- a/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md
+++ b/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md
@@ -1,17 +1,11 @@
---
title: Configure MDT deployment share rules (Windows 10)
description: Learn how to configure the MDT rules engine to reach out to other resources for additional information instead of storing settings directly in the rules engine.
-ms.assetid: b5ce2360-33cc-4b14-b291-16f75797391b
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-keywords: rules, configuration, automate, deploy
ms.prod: w10
-ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: mdt
-audience: itpro
author: aczechowski
ms.topic: article
---
diff --git a/windows/deployment/deploy-windows-mdt/configure-mdt-for-userexit-scripts.md b/windows/deployment/deploy-windows-mdt/configure-mdt-for-userexit-scripts.md
index 416567fdcd..821329ba18 100644
--- a/windows/deployment/deploy-windows-mdt/configure-mdt-for-userexit-scripts.md
+++ b/windows/deployment/deploy-windows-mdt/configure-mdt-for-userexit-scripts.md
@@ -1,17 +1,11 @@
---
title: Configure MDT for UserExit scripts (Windows 10)
description: In this topic, you will learn how to configure the MDT rules engine to use a UserExit script to generate computer names based on a prefix and the computer MAC Address.
-ms.assetid: 29a421d1-12d2-414e-86dc-25b62f5238a7
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-keywords: rules, script
ms.prod: w10
-ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: mdt
-audience: itpro
author: aczechowski
ms.topic: article
---
diff --git a/windows/deployment/deploy-windows-mdt/configure-mdt-settings.md b/windows/deployment/deploy-windows-mdt/configure-mdt-settings.md
index bc3c0f86ea..c4bbe93743 100644
--- a/windows/deployment/deploy-windows-mdt/configure-mdt-settings.md
+++ b/windows/deployment/deploy-windows-mdt/configure-mdt-settings.md
@@ -1,17 +1,11 @@
---
title: Configure MDT settings (Windows 10)
description: One of the most powerful features in Microsoft Deployment Toolkit (MDT) is its extension capabilities; there is virtually no limitation to what you can do in terms of customization.
-ms.assetid: d3e1280c-3d1b-4fad-8ac4-b65dc711f122
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-keywords: customize, customization, deploy, features, tools
ms.prod: w10
-ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: mdt
-audience: itpro
author: aczechowski
ms.topic: article
---
diff --git a/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md b/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md
index 6d697f6d10..e9d1c48603 100644
--- a/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md
+++ b/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md
@@ -1,17 +1,11 @@
---
title: Create a Windows 10 reference image (Windows 10)
description: Creating a reference image is important because that image serves as the foundation for the devices in your organization.
-ms.assetid: 9da2fb57-f2ff-4fce-a858-4ae4c237b5aa
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-keywords: deploy, deployment, configure, customize, install, installation
ms.prod: w10
-ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: mdt
-audience: itpro
author: aczechowski
ms.topic: article
---
diff --git a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
index e1650926b3..0d89ad7be7 100644
--- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
@@ -1,17 +1,11 @@
---
title: Deploy a Windows 10 image using MDT (Windows 10)
description: This topic will show you how to take your reference image for Windows 10, and deploy that image to your environment using the Microsoft Deployment Toolkit (MDT).
-ms.assetid: 1d70a3d8-1b1d-4051-b656-c0393a93f83c
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-keywords: deployment, automate, tools, configure
ms.prod: w10
-ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: mdt
-audience: itpro
author: aczechowski
ms.topic: article
---
diff --git a/windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit.md b/windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit.md
index 613c9a5f72..d5a9a7653a 100644
--- a/windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit.md
+++ b/windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit.md
@@ -1,17 +1,11 @@
---
title: Get started with the Microsoft Deployment Toolkit (MDT) (Windows 10)
description: This topic will help you gain a better understanding of how to use the Microsoft Deployment Toolkit (MDT), as part of a Windows operating system deployment.
-ms.assetid: a256442c-be47-4bb9-a105-c831f58ce3ee
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-keywords: deploy, image, feature, install, tools
ms.prod: w10
-ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: mdt
-audience: itpro
author: aczechowski
ms.topic: article
---
@@ -163,7 +157,7 @@ Selection profiles, which are available in the Advanced Configuration node, prov
MDT uses many log files during operating system deployments. By default the logs are client side, but by configuring the deployment settings, you can have MDT store them on the server, as well.
**Note**
-The easiest way to view log files is to use Configuration Manager Trace (CMTrace), which is included in the [System Center 2012 R2 Configuration Manager Toolkit](https://go.microsoft.com/fwlink/p/?LinkId=734717).
+The easiest way to view log files is to use Configuration Manager Trace (CMTrace), which is included in the [Configuration Manager Toolkit](https://go.microsoft.com/fwlink/p/?LinkId=734717).
## Monitoring
diff --git a/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md b/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md
index 207071b157..e691b3677b 100644
--- a/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md
@@ -1,17 +1,11 @@
---
title: Prepare for deployment with MDT (Windows 10)
description: This topic will walk you through the steps necessary to create the server structure required to deploy the Windows 10 operating system using the Microsoft Deployment Toolkit (MDT).
-ms.assetid: 5103c418-0c61-414b-b93c-a8e8207d1226
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-keywords: deploy, system requirements
ms.prod: w10
-ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: mdt
-audience: itpro
author: aczechowski
ms.topic: article
---
diff --git a/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md b/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md
index 1fe4b7457c..356ba70dcc 100644
--- a/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md
+++ b/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md
@@ -1,17 +1,11 @@
---
title: Refresh a Windows 7 computer with Windows 10 (Windows 10)
description: This topic will show you how to use MDT Lite Touch Installation (LTI) to upgrade a Windows 7 computer to a Windows 10 computer using the computer refresh process.
-ms.assetid: 2866fb3c-4909-4c25-b083-6fc1f7869f6f
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-keywords: reinstallation, customize, template, script, restore
ms.prod: w10
-ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: mdt
-audience: itpro
author: aczechowski
ms.topic: article
---
@@ -23,12 +17,12 @@ ms.topic: article
This topic will show you how to use MDT Lite Touch Installation (LTI) to upgrade a Windows 7 computer to a Windows 10 computer using the online computer refresh process. The computer refresh scenario is a reinstallation of an updated operating system on the same computer. You can also use this procedure to reinstall the same OS version. In this article, the computer refresh will be done while the computer is online. MDT also supports an offline computer refresh. For more info on that scenario, see the USMTOfflineMigration property on the [MDT resource page](/mem/configmgr/mdt/).
-For the purposes of this topic, we will use three computers: DC01, MDT01, and PC0001.
+For the purposes of this topic, we'll use three computers: DC01, MDT01, and PC0001.
- DC01 is a domain controller for the contoso.com domain.
- MDT01 is domain member server that hosts your deployment share.
- PC0001 is a domain member computer running a previous version of Windows that is going to be refreshed to a new version of Windows 10, with data and settings restored. The example used here is a computer running Windows 7 SP1.
-Both DC01 and MDT01 are running Windows Server 2019; however any supported version of Windows Server can be used. For more details on the setup for this topic, please see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md).
+Both DC01 and MDT01 are running Windows Server 2019; however any supported version of Windows Server can be used. For more details on the setup for this topic, see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md).
@@ -36,9 +30,9 @@ The computers used in this topic.
## The computer refresh process
-A computer refresh is not the same as an in-place upgrade because a computer refresh involves exporting user data and settings then wiping the device before installing a fresh OS and restoring the user's data and settings.
+A computer refresh isn't the same as an in-place upgrade because a computer refresh involves exporting user data and settings then wiping the device before installing a fresh OS and restoring the user's data and settings.
-For a computer refresh with MDT, you use the User State Migration Tool (USMT), which is part of the Windows Assessment and Deployment Kit (ADK) for Windows 10, to migrate user data and settings. To complete a computer refresh you will:
+For a computer refresh with MDT, you use the User State Migration Tool (USMT), which is part of the Windows Assessment and Deployment Kit (ADK) for Windows 10, to migrate user data and settings. To complete a computer refresh, you will:
1. Back up data and settings locally, in a backup folder.
2. Wipe the partition, except for the backup folder.
@@ -46,7 +40,7 @@ For a computer refresh with MDT, you use the User State Migration Tool (USMT), w
4. Install other applications.
5. Restore data and settings.
-During the computer refresh, USMT uses a feature called Hard-Link Migration Store. When you use this feature, the files are simply linked in the file system, which allows for fast migration, even when there is a lot of data.
+During the computer refresh, USMT uses a feature called Hard-Link Migration Store. When you use this feature, the files are linked in the file system, which allows for fast migration, even when there's a lot of data.
>[!NOTE]
>In addition to the USMT backup, you can enable an optional full Windows Imaging (WIM) backup of the machine by configuring the MDT rules. If you do this, a .wim file is created in addition to the USMT backup. The .wim file contains the entire volume from the computer and helpdesk personnel can extract content from it if needed. Please note that this is a data WIM backup only. Using this backup to restore the entire computer is not a supported scenario.
@@ -66,17 +60,17 @@ In addition to the command-line switches that control which profiles to migrate,
### Multicast
-Multicast is a technology designed to optimize simultaneous deployment to multiple devices. If you have a limited number of simultaneous deployments, you should disable multicast which was [configured in a previous procedure](deploy-a-windows-10-image-using-mdt.md#set-up-mdt-for-multicast) in this guide. Disabling multicast will speed up deployment for a small number of computers. You will need to update the deployment share after changing this setting.
+Multicast is a technology designed to optimize simultaneous deployment to multiple devices. If you have a limited number of simultaneous deployments, you should disable multicast which was [configured in a previous procedure](deploy-a-windows-10-image-using-mdt.md#set-up-mdt-for-multicast) in this guide. Disabling multicast will speed up deployment for a small number of computers. You'll need to update the deployment share after changing this setting.
## Refresh a Windows 7 SP1 client
-In these section, we assume that you have already performed the prerequisite procedures in the following topics, so that you have a deployment share named **MDTProduction$** on MDT01:
+In this section, we assume that you've already performed the prerequisite procedures in the following topics, so that you have a deployment share named **MDTProduction$** on MDT01:
- [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md)
- [Create a Windows 10 reference image](create-a-windows-10-reference-image.md)
- [Deploy a Windows 10 image using MDT](deploy-a-windows-10-image-using-mdt.md)
-It is also assumed that you have a domain member client computer named PC0001 in your environment running Windows 7, 8.1 or 10 that is ready for a refresh to the latest version of Windows 10. For demonstration purposes, we will refreshing a Windows 7 SP1 PC to Windows 10, version 1909.
+It is also assumed that you have a domain member client computer named PC0001 in your environment running Windows 7, 8.1 or 10 that is ready for a refresh to the latest version of Windows 10. For demonstration purposes, we'll be refreshing a Windows 7 SP1 PC to Windows 10, version 1909.
### Upgrade (refresh) a Windows 7 SP1 client
diff --git a/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md b/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md
index 98bf1c01e1..30ca655b46 100644
--- a/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md
+++ b/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md
@@ -1,18 +1,12 @@
---
title: Replace a Windows 7 computer with a Windows 10 computer (Windows 10)
-description: In this article, you will learn how to replace a Windows 7 device with a Windows 10 device.
+description: In this article, you'll learn how to replace a Windows 7 device with a Windows 10 device.
ms.custom: seo-marvel-apr2020
-ms.assetid: acf091c9-f8f4-4131-9845-625691c09a2a
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-keywords: deploy, deployment, replace
ms.prod: w10
-ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: mdt
-audience: itpro
author: aczechowski
ms.topic: article
---
@@ -22,15 +16,15 @@ ms.topic: article
**Applies to**
- Windows 10
-A computer replace scenario for Windows 10 is quite similar to a computer refresh for Windows 10. However, because you are replacing a device, you cannot store the backup on the old computer. Instead you need to store the backup to a location where the new computer can read it. The User State Migration Tool (USMT) will be used to back up and restore data and settings.
+A computer replace scenario for Windows 10 is similar to a computer refresh for Windows 10. However, because you're replacing a device, you can't store the backup on the old computer. Instead you need to store the backup to a location where the new computer can read it. The User State Migration Tool (USMT) will be used to back up and restore data and settings.
-For the purposes of this topic, we will use four computers: DC01, MDT01, PC0002, and PC0007.
+For the purposes of this topic, we'll use four computers: DC01, MDT01, PC0002, and PC0007.
- DC01 is a domain controller for the contoso.com domain.
- MDT01 is domain member server that hosts your deployment share.
- PC0002 is an old computer running Windows 7 SP1 that will be replaced by PC0007.
- PC0007 is a new computer will have the Windows 10 OS installed prior to data from PC0002 being migrated. Both PC0002 and PC0007 are members of the contoso.com domain.
-For more details on the setup for this topic, please see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md).
+For more details on the setup for this topic, see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md).
@@ -46,9 +40,9 @@ The computers used in this topic.
On **MDT01**:
-1. Open the Deployment Workbench, under **Deployment Shares** right-click **MDT Production**, click **Properties**, and then click the **Rules** tab.
-2. Change the **SkipUserData=YES** option to **NO**, and click **OK**.
-3. Right-click **MDT Production** and click **Update Deployment Share**. Click **Next**, **Next**, and **Finish** to complete the Update Deployment Share Wizard with the default settings.
+1. Open the Deployment Workbench, under **Deployment Shares** right-click **MDT Production**, select **Properties**, and then select the **Rules** tab.
+2. Change the **SkipUserData=YES** option to **NO**, and select **OK**.
+3. Right-click on **MDT Production** and select **Update Deployment Share**. Then select **Next**, **Next**, and **Finish** to complete the Update Deployment Share Wizard with the default settings.
### Create and share the MigData folder
@@ -81,7 +75,7 @@ On **MDT01**:
During a computer replace, these are the high-level steps that occur:
-1. On the computer you are replacing, a special replace task sequence runs the USMT backup and, if you configured it, runs the optional full Windows Imaging (WIM) backup.
+1. On the computer you're replacing, a special replace task sequence runs the USMT backup and, if you configured it, runs the optional full Windows Imaging (WIM) backup.
2. On the new computer, you perform a standard bare-metal deployment. At the end of the bare-metal deployment, the USMT backup from the old computer is restored.
### Run the replace task sequence
diff --git a/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md b/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md
index e0cce7674c..e2976790e7 100644
--- a/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md
+++ b/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md
@@ -1,17 +1,11 @@
---
title: Set up MDT for BitLocker (Windows 10)
-ms.assetid: 386e6713-5c20-4d2a-a220-a38d94671a38
ms.reviewer:
manager: dougeby
ms.author: aaroncz
description: Learn how to configure your environment for BitLocker, the disk volume encryption built into Windows 10 Enterprise and Windows 10 Pro, using MDT.
-keywords: disk, encryption, TPM, configure, secure, script
ms.prod: w10
-ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: mdt
-audience: itpro
author: aczechowski
ms.topic: article
ms.custom: seo-marvel-mar2020
diff --git a/windows/deployment/deploy-windows-mdt/simulate-a-windows-10-deployment-in-a-test-environment.md b/windows/deployment/deploy-windows-mdt/simulate-a-windows-10-deployment-in-a-test-environment.md
index c22c41830d..3b225896bf 100644
--- a/windows/deployment/deploy-windows-mdt/simulate-a-windows-10-deployment-in-a-test-environment.md
+++ b/windows/deployment/deploy-windows-mdt/simulate-a-windows-10-deployment-in-a-test-environment.md
@@ -1,17 +1,11 @@
---
title: Simulate a Windows 10 deployment in a test environment (Windows 10)
description: This topic will walk you through the process of creating a simulated environment on which to test your Windows 10 deployment using MDT.
-ms.assetid: 2de86c55-ced9-4078-b280-35e0329aea9c
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-keywords: deploy, script
ms.prod: w10
-ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: mdt
-audience: itpro
author: aczechowski
ms.topic: article
---
@@ -51,7 +45,7 @@ On **PC0001**:
& "C:\MDT\CMTrace" C:\MININT\SMSOSD\OSDLOGS\ZTIGather.log
```
-3. Download and install the free [Microsoft System Center 2012 R2 Configuration Manager Toolkit](https://go.microsoft.com/fwlink/p/?LinkId=734717) on PC0001 so that you have access to the Configuration Manager Trace (cmtrace.exe) tool.
+3. Download and install the free [Configuration Manager Toolkit](https://go.microsoft.com/fwlink/p/?LinkId=734717) on PC0001 so that you have access to the Configuration Manager Trace (cmtrace.exe) tool.
4. Using Local Users and Groups (lusrmgr.msc), add the **contoso\\MDT\_BA** user account to the local **Administrators** group.
5. Sign off, and then sign on to PC0001 as **contoso\\MDT\_BA**.
6. Open the **\\\\MDT01\\MDTProduction$\\Scripts** folder and copy the following files to **C:\\MDT**:
diff --git a/windows/deployment/deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md b/windows/deployment/deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md
index 78849e6f4b..4f1b8456b8 100644
--- a/windows/deployment/deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md
+++ b/windows/deployment/deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md
@@ -1,17 +1,11 @@
---
title: Perform an in-place upgrade to Windows 10 with MDT (Windows 10)
description: The simplest path to upgrade PCs that are currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade.
-ms.assetid: B8993151-3C1E-4F22-93F4-2C5F2771A460
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-keywords: upgrade, update, task sequence, deploy
ms.prod: w10
-ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: mdt
-audience: itpro
author: aczechowski
ms.topic: article
---
diff --git a/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md b/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md
index e6409ee3f9..12cf171f4d 100644
--- a/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md
@@ -1,17 +1,11 @@
---
title: Use Orchestrator runbooks with MDT (Windows 10)
description: Learn how to integrate Microsoft System Center 2012 R2 Orchestrator with MDT to replace the existing web services that are used in deployment solutions.
-ms.assetid: 68302780-1f6f-4a9c-9407-b14371fdce3f
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-keywords: web services, database
ms.prod: w10
-ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: mdt
-audience: itpro
author: aczechowski
ms.topic: article
---
diff --git a/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md b/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md
index bbe74794a9..33cc3b4d4b 100644
--- a/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md
+++ b/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md
@@ -1,17 +1,11 @@
---
title: Use MDT database to stage Windows 10 deployment info (Windows 10)
description: Learn how to use the MDT database to pre-stage information on your Windows 10 deployment in a Microsoft SQL Server 2012 SP1 Express database.
-ms.assetid: 8956ab54-90ba-45d3-a384-4fdec72c4d46
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.pagetype: mdt
-keywords: database, permissions, settings, configure, deploy
ms.prod: w10
-ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.sitesec: library
-audience: itpro
author: aczechowski
ms.topic: article
---
diff --git a/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt.md b/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt.md
index 6f6b6c785e..2f427ac529 100644
--- a/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt.md
@@ -1,17 +1,11 @@
---
title: Use web services in MDT (Windows 10)
description: Learn how to create a simple web service that generates computer names and then configure MDT to use that service during your Windows 10 deployment.
-ms.assetid: 8f47535e-0551-4ccb-8f02-bb97539c6522
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-keywords: deploy, web apps
ms.prod: w10
-ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.pagetype: mdt
-ms.sitesec: library
-audience: itpro
author: aczechowski
ms.topic: article
---
@@ -23,7 +17,7 @@ Using a web service in MDT is straightforward, but it does require that you have
## Create a sample web service
-In these steps we assume you have installed Microsoft Visual Studio Express 2013 for Web on PC0001 (the Windows 10 client) and downloaded the [MDT Sample Web Service](https://go.microsoft.com/fwlink/p/?LinkId=619363) from the Microsoft Download Center and extracted it to C:\\Projects.
+In these steps we assume you have installed Microsoft Visual Studio Express 2013 for Web on PC0001 (the Windows 10 client) and downloaded the [MDT Sample Web Service](https://www.microsoft.com/download/details.aspx?id=42516) from the Microsoft Download Center and extracted it to C:\\Projects.
1. On PC0001, using Visual Studio Express 2013 for Web, open the C:\\Projects\\MDTSample\\ MDTSample.sln solution file.
2. On the ribbon bar, verify that Release is selected.
3. In the **Debug** menu, select the **Build MDTSample** action.
diff --git a/windows/deployment/deploy-windows-to-go.md b/windows/deployment/deploy-windows-to-go.md
index 9846a41bcf..d398777f84 100644
--- a/windows/deployment/deploy-windows-to-go.md
+++ b/windows/deployment/deploy-windows-to-go.md
@@ -1,18 +1,11 @@
---
title: Deploy Windows To Go in your organization (Windows 10)
description: Learn how to deploy Windows To Go in your organization through a wizard in the user interface as well as programatically with Windows PowerShell.
-ms.assetid: cfe550be-ffbd-42d1-ab4d-80efae49b07f
ms.reviewer:
manager: dougeby
-ms.audience: itpro
author: aczechowski
ms.author: aaroncz
-keywords: deployment, USB, device, BitLocker, workspace, security, data
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: mobility
-audience: itpro
ms.topic: article
ms.custom: seo-marvel-apr2020
---
@@ -20,11 +13,12 @@ ms.custom: seo-marvel-apr2020
# Deploy Windows To Go in your organization
+
**Applies to**
- Windows 10
-This topic helps you to deploy Windows To Go in your organization. Before you begin deployment, make sure that you have reviewed the topics [Windows To Go: feature overview](planning/windows-to-go-overview.md) and [Prepare your organization for Windows To Go](planning/prepare-your-organization-for-windows-to-go.md) to ensure that you have the correct hardware and are prepared to complete the deployment. You can then use the steps in this topic to start your Windows To Go deployment.
+This topic helps you to deploy Windows To Go in your organization. Before you begin deployment, make sure that you've reviewed the topics [Windows To Go: feature overview](planning/windows-to-go-overview.md) and [Prepare your organization for Windows To Go](planning/prepare-your-organization-for-windows-to-go.md) to ensure that you have the correct hardware and are prepared to complete the deployment. You can then use the steps in this topic to start your Windows To Go deployment.
> [!IMPORTANT]
> Windows To Go is removed in Windows 10, version 2004 and later operating systems. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.
@@ -33,28 +27,28 @@ This topic helps you to deploy Windows To Go in your organization. Before you be
The following is a list of items that you should be aware of before you start the deployment process:
-* Only use recommended USB drives for Windows To Go. Use of other drives is not supported. Check the list at [Windows To Go: feature overview](planning/windows-to-go-overview.md) for the latest USB drives certified for use as Windows To Go drives.
+* Only use recommended USB drives for Windows To Go. Use of other drives isn't supported. Check the list at [Windows To Go: feature overview](planning/windows-to-go-overview.md) for the latest USB drives certified for use as Windows To Go drives.
* After you provision a new workspace, always eject a Windows To Go drive using the **Safely Remove Hardware and Eject Media** control that can be found in the notification area or in Windows Explorer. Removing the drive from the USB port without ejecting it first can cause the drive to become corrupted.
* When running a Windows To Go workspace, always shutdown the workspace before unplugging the drive.
-* System Center 2012 Configuration Manager SP1 and later includes support for user self-provisioning of Windows To Go drives. You can download Configuration Manager for evaluation from the [Microsoft TechNet Evaluation Center](https://go.microsoft.com/fwlink/p/?LinkId=618746). For more information on this deployment option, see [How to Provision Windows To Go in Configuration Manager](/previous-versions/system-center/system-center-2012-R2/jj651035(v=technet.10)).
+* Configuration Manager SP1 and later includes support for user self-provisioning of Windows To Go drives. You can download Configuration Manager for evaluation from the [Microsoft TechNet Evaluation Center](https://go.microsoft.com/fwlink/p/?LinkId=618746). For more information on this deployment option, see [How to Provision Windows To Go in Configuration Manager](/previous-versions/system-center/system-center-2012-R2/jj651035(v=technet.10)).
-* If you are planning on using a USB drive duplicator to duplicate Windows To Go drives, do not configure offline domain join or BitLocker on the drive.
+* If you're planning on using a USB drive duplicator to duplicate Windows To Go drives, don't configure offline domain join or BitLocker on the drive.
## Basic deployment steps
-Unless you are using a customized operating system image, your initial Windows To Go workspace will not be domain joined and will not contain applications. This is exactly like a new installation of Windows on a desktop or laptop computer. When planning your deployment, you should develop methods to join Windows to Go drives to the domain and install the standard applications that users in your organization require. These methods probably will be similar to the ones used for setting up desktop and laptop computers with domain privileges and applications. This section describes the instructions for creating the correct disk layout on the USB drive, applying the operating system image and the core Windows To Go specific configurations to the drive. The following steps are used in both small-scale and large-scale Windows To Go deployment scenarios.
+Unless you're using a customized operating system image, your initial Windows To Go workspace won't be domain joined and won't contain applications. This is exactly like a new installation of Windows on a desktop or laptop computer. When planning your deployment, you should develop methods to join Windows to Go drives to the domain and install the standard applications that users in your organization require. These methods probably will be similar to the ones used for setting up desktop and laptop computers with domain privileges and applications. This section describes the instructions for creating the correct disk layout on the USB drive, applying the operating system image and the core Windows To Go specific configurations to the drive. The following steps are used in both small-scale and large-scale Windows To Go deployment scenarios.
-Completing these steps will give you a generic Windows To Go drive that can be distributed to your users and then customized for their usage as needed. This drive is also appropriate for use with USB drive duplicators. Your specific deployment scenarios will involve more than just these basic steps but these additional deployment considerations are similar to traditional PC deployment and can be incorporated into your Windows To Go deployment plan. For additional information, see [Windows Deployment Options](/previous-versions/windows/it-pro/windows-8.1-and-8/hh825230(v=win.10)).
+Completing these steps will give you a generic Windows To Go drive that can be distributed to your users and then customized for their usage as needed. This drive is also appropriate for use with USB drive duplicators. Your specific deployment scenarios will involve more than just these basic steps but these additional deployment considerations are similar to traditional PC deployment and can be incorporated into your Windows To Go deployment plan. For more information, see [Windows Deployment Options](/previous-versions/windows/it-pro/windows-8.1-and-8/hh825230(v=win.10)).
>[!WARNING]
>If you plan to use the generic Windows To Go drive as the master drive in a USB duplicator, the drive should not be booted. If the drive has been booted inadvertently it should be reprovisioned prior to duplication.
### Create the Windows To Go workspace
-In this step we are creating the operating system image that will be used on the Windows To Go drives. You can use the Windows To Go Creator Wizard or you can [do this manually](/previous-versions/windows/it-pro/windows-8.1-and-8/jj721578(v=ws.11)) using a combination of Windows PowerShell and command-line tools.
+In this step we're creating the operating system image that will be used on the Windows To Go drives. You can use the Windows To Go Creator Wizard or you can [do this manually](/previous-versions/windows/it-pro/windows-8.1-and-8/jj721578(v=ws.11)) using a combination of Windows PowerShell and command-line tools.
>[!WARNING]
>The preferred method to create a single Windows To Go drive is to use the Windows To Go Creator Wizard included in Windows 10 Enterprise and Windows 10 Education.
@@ -76,7 +70,7 @@ In this step we are creating the operating system image that will be used on the
6. On the **Choose a Windows image** page, click **Add Search Location** and then navigate to the .wim file location and click select folder. The wizard will display the installable images present in the folder; select the Windows 10 Enterprise or Windows 10 Education image you wish to use and then click **Next**.
-7. (Optional) On the **Set a BitLocker password (optional)** page, you can select **Use BitLocker with my Windows To Go Workspace** to encrypt your Windows To Go drive. If you do not wish to encrypt the drive at this time, click **Skip**. If you decide you want to add BitLocker protection later, see [Enable BitLocker protection for your Windows To Go drive](/previous-versions/windows/it-pro/windows-8.1-and-8/jj721578(v=ws.11)) for instructions.
+7. (Optional) On the **Set a BitLocker password (optional)** page, you can select **Use BitLocker with my Windows To Go Workspace** to encrypt your Windows To Go drive. If you don't wish to encrypt the drive at this time, click **Skip**. If you decide you want to add BitLocker protection later, see [Enable BitLocker protection for your Windows To Go drive](/previous-versions/windows/it-pro/windows-8.1-and-8/jj721578(v=ws.11)) for instructions.
r
>[!WARNING]
@@ -84,7 +78,7 @@ r
If you choose to encrypt the Windows To Go drive now:
- - Type a password that is at least eight characters long and conforms to your organizations password complexity policy. This password will be provided before the operating system is started so any characters you use must be able to be interpreted by the firmware. Some firmware does not support non-ASCII characters.
+ - Type a password that is at least eight characters long and conforms to your organizations password complexity policy. This password will be provided before the operating system is started so any characters you use must be able to be interpreted by the firmware. Some firmware doesn't support non-ASCII characters.
~~~
@@ -107,7 +101,7 @@ The following Windows PowerShell cmdlet or cmdlets perform the same function as
1. Using Cortana, search for **powershell**, right-click **Windows PowerShell**, and then select **Run as administrator**.
-2. In the Windows PowerShell session type the following commands to partition a master boot record (MBR) disk for use with a FAT32 system partition and an NTFS-formatted operating system partition. This disk layout can support computers that use either UEFI or BIOS firmware:
+2. In the Windows PowerShell session type, the following commands to partition a master boot record (MBR) disk for use with a FAT32 system partition and an NTFS-formatted operating system partition. This disk layout can support computers that use either UEFI or BIOS firmware:
```
# The following command will set $Disk to all USB drives with >20 GB of storage
diff --git a/windows/deployment/deploy.md b/windows/deployment/deploy.md
index afc608a502..8463fd9abd 100644
--- a/windows/deployment/deploy.md
+++ b/windows/deployment/deploy.md
@@ -1,17 +1,12 @@
---
title: Deploy Windows 10 (Windows 10)
description: Learn about Windows 10 upgrade options for planning, testing, and managing your production deployment.
-ms.assetid: E9E2DED5-DBA7-4300-B411-BA0FD39BE18C
ms.reviewer:
manager: dougeby
-ms.audience: itpro
author: aczechowski
ms.author: aaroncz
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.localizationpriority: medium
-audience: itpro
ms.topic: article
ms.custom: seo-marvel-apr2020
---
diff --git a/windows/deployment/do/delivery-optimization-proxy.md b/windows/deployment/do/delivery-optimization-proxy.md
index d2a8c14908..5afb66f3f6 100644
--- a/windows/deployment/do/delivery-optimization-proxy.md
+++ b/windows/deployment/do/delivery-optimization-proxy.md
@@ -2,10 +2,7 @@
title: Using a proxy with Delivery Optimization
manager: dansimp
description: Settings to use with various proxy configurations to allow Delivery Optimization to work
-keywords: updates, downloads, network, bandwidth
ms.prod: w10
-ms.mktglfcycl: deploy
-audience: itpro
author: carmenf
ms.localizationpriority: medium
ms.author: carmenf
diff --git a/windows/deployment/do/delivery-optimization-workflow.md b/windows/deployment/do/delivery-optimization-workflow.md
index f3c6ba9095..0edb9f9ba1 100644
--- a/windows/deployment/do/delivery-optimization-workflow.md
+++ b/windows/deployment/do/delivery-optimization-workflow.md
@@ -2,10 +2,7 @@
title: Delivery Optimization client-service communication explained
manager: dougeby
description: Details of how Delivery Optimization communicates with the server when content is requested to download.
-keywords: updates, downloads, network, bandwidth
ms.prod: w10
-ms.mktglfcycl: deploy
-audience: itpro
author: carmenf
ms.localizationpriority: medium
ms.author: carmenf
diff --git a/windows/deployment/do/images/imcc02.png b/windows/deployment/do/images/imcc02.png
index 351dad7325..151fa69ed7 100644
Binary files a/windows/deployment/do/images/imcc02.png and b/windows/deployment/do/images/imcc02.png differ
diff --git a/windows/deployment/do/images/imcc10.png b/windows/deployment/do/images/imcc10.png
index e5da041358..53d2773ce6 100644
Binary files a/windows/deployment/do/images/imcc10.png and b/windows/deployment/do/images/imcc10.png differ
diff --git a/windows/deployment/do/images/imcc11.png b/windows/deployment/do/images/imcc11.png
index 9ffaac6072..bf45500aba 100644
Binary files a/windows/deployment/do/images/imcc11.png and b/windows/deployment/do/images/imcc11.png differ
diff --git a/windows/deployment/do/images/imcc12.png b/windows/deployment/do/images/imcc12.png
index fcb5d40a45..d776cb5913 100644
Binary files a/windows/deployment/do/images/imcc12.png and b/windows/deployment/do/images/imcc12.png differ
diff --git a/windows/deployment/do/images/imcc13.png b/windows/deployment/do/images/imcc13.png
index 3d2a566c8b..feee2d0e9c 100644
Binary files a/windows/deployment/do/images/imcc13.png and b/windows/deployment/do/images/imcc13.png differ
diff --git a/windows/deployment/do/images/imcc14.png b/windows/deployment/do/images/imcc14.png
index 627d496b4c..59dc405046 100644
Binary files a/windows/deployment/do/images/imcc14.png and b/windows/deployment/do/images/imcc14.png differ
diff --git a/windows/deployment/do/images/imcc17.png b/windows/deployment/do/images/imcc17.png
index ac6b5be124..f6b0ffcad7 100644
Binary files a/windows/deployment/do/images/imcc17.png and b/windows/deployment/do/images/imcc17.png differ
diff --git a/windows/deployment/do/images/imcc18.png b/windows/deployment/do/images/imcc18.png
index aa818361eb..5b89bfe31a 100644
Binary files a/windows/deployment/do/images/imcc18.png and b/windows/deployment/do/images/imcc18.png differ
diff --git a/windows/deployment/do/images/imcc19.png b/windows/deployment/do/images/imcc19.png
index 2a70b46b11..ead9d1c383 100644
Binary files a/windows/deployment/do/images/imcc19.png and b/windows/deployment/do/images/imcc19.png differ
diff --git a/windows/deployment/do/images/imcc26.png b/windows/deployment/do/images/imcc26.png
index c46a7e6363..b64e3849dc 100644
Binary files a/windows/deployment/do/images/imcc26.png and b/windows/deployment/do/images/imcc26.png differ
diff --git a/windows/deployment/do/images/imcc27.png b/windows/deployment/do/images/imcc27.png
index 01076b3ae5..c37713364f 100644
Binary files a/windows/deployment/do/images/imcc27.png and b/windows/deployment/do/images/imcc27.png differ
diff --git a/windows/deployment/do/images/imcc28.png b/windows/deployment/do/images/imcc28.png
index a7aa7eecd7..cc99b61638 100644
Binary files a/windows/deployment/do/images/imcc28.png and b/windows/deployment/do/images/imcc28.png differ
diff --git a/windows/deployment/do/images/imcc29.png b/windows/deployment/do/images/imcc29.png
deleted file mode 100644
index 2291487e5b..0000000000
Binary files a/windows/deployment/do/images/imcc29.png and /dev/null differ
diff --git a/windows/deployment/do/images/imcc30.png b/windows/deployment/do/images/imcc30.png
index 8cabce52c8..42301d5c4c 100644
Binary files a/windows/deployment/do/images/imcc30.png and b/windows/deployment/do/images/imcc30.png differ
diff --git a/windows/deployment/do/images/imcc54.png b/windows/deployment/do/images/imcc54.png
new file mode 100644
index 0000000000..c40ab0c5c9
Binary files /dev/null and b/windows/deployment/do/images/imcc54.png differ
diff --git a/windows/deployment/do/images/imcc55.PNG b/windows/deployment/do/images/imcc55.PNG
new file mode 100644
index 0000000000..2875d4d56e
Binary files /dev/null and b/windows/deployment/do/images/imcc55.PNG differ
diff --git a/windows/deployment/do/includes/waas-delivery-optimization-monitor.md b/windows/deployment/do/includes/waas-delivery-optimization-monitor.md
new file mode 100644
index 0000000000..2828da9932
--- /dev/null
+++ b/windows/deployment/do/includes/waas-delivery-optimization-monitor.md
@@ -0,0 +1,160 @@
+---
+author: mestew
+ms.author: mstewart
+manager: dougeby
+ms.prod: w10
+ms.collection: M365-modern-desktop
+ms.topic: include
+ms.date: 04/06/2022
+ms.localizationpriority: medium
+---
+
+
+## Monitor Delivery Optimization
+
+### Windows PowerShell cmdlets
+
+**Starting in Windows 10, version 1703**, you can use new PowerShell cmdlets to check the performance of Delivery Optimization.
+
+#### Analyze usage
+
+`Get-DeliveryOptimizationStatus` returns a real-time snapshot of all current Delivery Optimization jobs.
+
+| Key | Value |
+| --- | --- |
+| File ID | A GUID that identifies the file being processed |
+| FileSize | Size of the file |
+| FileSizeInCache | Size of the file in the cache |
+| TotalBytesDownloaded | The number of bytes from any source downloaded so far |
+| PercentPeerCaching |The percentage of bytes downloaded from peers versus over HTTP |
+| BytesFromPeers | Total bytes downloaded from peer devices (sum of bytes downloaded from LAN, Group, and Internet Peers) |
+| BytesfromHTTP | Total number of bytes received over HTTP |
+| Status | Current state of the operation. Possible values are: **Downloading** (download in progress); **Complete** (download completed, but is not uploading yet); **Caching** (download completed successfully and is ready to upload or uploading); **Paused** (download/upload paused by caller) |
+| Priority | Priority of the download; values are **foreground** or **background** |
+| BytesFromCacheServer | Total number of bytes received from cache server |
+| BytesFromLanPeers | Total number of bytes received from peers found on the LAN |
+| BytesFromGroupPeers | Total number of bytes received from peers found in the group |
+| BytesFromInternetPeers | Total number of bytes received from internet peers |
+| BytesToLanPeers | Total number of bytes delivered from peers found on the LAN |
+| BytesToGroupPeers | Total number of bytes delivered from peers found in the group |
+| BytesToInternetPeers | Total number of bytes delivered from peers found on the LAN |
+| DownloadDuration | Total download time in seconds |
+| HttpConnectionCount | |
+| LanConnectionCount | |
+| GroupConnectionCount | |
+| InternetConnectionCount | |
+| DownloadMode | |
+| SourceURL | Http source for the file |
+| CacheHost | IP address for the cache server |
+| NumPeers | Indicates the total number of peers returned from the service. |
+| PredefinedCallerApplication | Indicates the last caller that initiated a request for the file. |
+| ExpireOn | The target expiration date and time for the file. |
+| IsPinned | A yes/no value indicating whether an item has been "pinned" in the cache (see `setDeliveryOptmizationStatus`). |
+
+`Get-DeliveryOptimizationPerfSnap` returns a list of key performance data:
+
+| Key | Value |
+| --- | --- |
+| FilesDownloaded | Number of files downloaded |
+| FilesUploaded | Number of files uploaded |
+| Files | |
+| TotalBytesDownloaded | Total bytes downloaded |
+| TotalBytesUploaded | Total bytes uploaded |
+| AverageDownloadSize | Average transfer size (download); that is, the number bytes downloaded divided by the number of files |
+| AverageUploadSize | Average transfer size (upload); the number of bytes uploaded divided by the number of files |
+| DownloadMode | Delivery Optimization Download mode used to deliver file |
+| CacheSizeBytes | |
+| TotalDiskBytes | |
+| AvailableDiskBytes | |
+| CpuUsagePct | |
+| MemUsageKB | |
+| NumberOfPeers | |
+| CacheHostConnections | |
+| CdnConnections | |
+| LanConnections | |
+| LinkLocalConnections | |
+| GroupConnections | |
+| InternetConnections | |
+| DownlinkBps | |
+| DownlinkUsageBps | |
+| UplinkBps | |
+| UplinkUsageBps | |
+| ForegroundDownloadRatePct | |
+| BackgroundDownloadRatePct | |
+| UploadRatePct | |
+| UplinkUsageBps | |
+| ForegroundDownloadRatePct | |
+| BackgroundDownloadRatePct | |
+| UploadRatePct | |
+| UploadCount | |
+| ForegroundDownloadCount | |
+| ForegroundDownloadsPending | |
+| BackgroundDownloadCount | |
+| BackgroundDownloadsPending | |
+
+Using the `-Verbose` option returns additional information:
+
+- Bytes from peers (per type)
+- Bytes from CDN (the number of bytes received over HTTP)
+- Average number of peer connections per download
+
+**Starting in Windows 10, version 2004**, `Get-DeliveryOptimizationStatus` has a new option `-PeerInfo` which returns a real-time list of the connected peers.
+
+Starting in Windows 10, version 1803, `Get-DeliveryOptimizationPerfSnapThisMonth` returns data similar to that from `Get-DeliveryOptimizationPerfSnap` but limited to the current calendar month.
+
+#### Manage the Delivery Optimization cache
+
+**Starting in Windows 10, version 1903:**
+
+`set-DeliveryOptimizationStatus -ExpireOn [date time]` extends the expiration of all files in the cache. You can set the expiration immediately for all files that are in the "caching" state. For files in progress ("downloading"), the expiration is applied once the download is complete. You can set the expiration up to one year from the current date and time.
+
+`set-DeliveryOptimizationStatus -ExpireOn [date time] -FileID [FileID]` extends expiration for a single specific file in the cache.
+
+You can now "pin" files to keep them persistent in the cache. You can only do this with files that are downloaded in modes 1, 2, or 3.
+
+`set-DeliveryOptimizationStatus -Pin [True] -File ID [FileID]` keeps a specific file in the cache such that it won't be deleted until the expiration date and time (which you set with `set-DeliveryOptimizationStatus -ExpireOn [date time] -FileID [FileID]`). The file is also excluded from the cache quota calculation.
+
+`set-DeliveryOptimizationStatus -Pin [False] -File ID [FileID]` "unpins" a file, so that it will be deleted when the expiration date and time are reached. The file is included in the cache quota calculation.
+
+`delete-DeliveryOptimizationCache` lets you clear files from the cache and remove all persisted data related to them. You can use these options with this cmdlet:
+
+- `-FileID` specifies a particular file to delete.
+- `-IncludePinnedFiles` deletes all files that are pinned.
+- `-Force` deletes the cache with no prompts.
+
+#### Work with Delivery Optimization logs
+
+**Starting in Windows 10, version 2004:**
+
+- `Enable-DeliveryOptimizationVerboseLogs`
+- `Disable-DeliveryOptimizationVerboseLogs`
+
+- `Get-DeliveryOptimizationLogAnalysis [ETL Logfile path] [-ListConnections]`
+
+With no options, this cmdlet returns these data:
+
+- total number of files
+- number of foreground files
+- minimum file size for it to be cached
+- number of eligible (larger than the minimum size for peering) files
+- number of files that found peers
+- number of peering files (the number of files that got at least 1 byte from peers)
+- overall efficiency
+- efficiency in the peered files
+
+Using the `-ListConnections` option returns these details about peers:
+
+- destination IP address
+- peer type
+- status code
+- bytes sent
+- bytes received
+- file ID
+
+**Starting in Windows 10, version 1803:**
+
+`Get-DeliveryOptimizationLog [-Path ] [-Flush]`
+
+If `Path` is not specified, this cmdlet reads all logs from the DoSvc log directory, which requires administrator permissions. If `Flush` is specified, the cmdlet stops DoSvc before reading logs.
+
+Log entries are written to the PowerShell pipeline as objects. To dump logs to a text file, run `Get-DeliveryOptimizationLog | Set-Content
+:::image type="content" source="images/windows-10-management-range-of-options.png" alt-text="Diagram of the path to modern IT." lightbox="images/windows-10-management-range-of-options.png":::
-As indicated in the diagram, Microsoft continues to provide support for deep manageability and security through technologies like Group Policy, Active Directory, and Microsoft Configuration Manager. It also delivers a “mobile-first, cloud-first” approach of simplified, modern management using cloud-based device management solutions such as Microsoft Enterprise Mobility + Security (EMS). Future Windows innovations, delivered through Windows as a Service, are complemented by cloud services like Microsoft Intune, Azure Active Directory, Azure Information Protection, Office 365, and the Microsoft Store for Business.
+As indicated in the diagram, Microsoft continues to provide support for deep manageability and security through technologies like group Policy, Active Directory, and Configuration Manager. It also delivers a "mobile-first, cloud-first" approach of simplified, modern management using cloud-based device management solutions such as Microsoft Enterprise Mobility + Security (EMS). Future Windows innovations, delivered through Windows as a Service, are complemented by cloud services like Microsoft Intune, Azure Active Directory, Azure Information Protection, Office 365, and the Microsoft Store for Business.
-## Deployment and Provisioning
+## Deployment and provisioning
-With Windows 10, you can continue to use traditional OS deployment, but you can also “manage out of the box.” To transform new devices into fully configured, fully managed devices, you can:
+With Windows 10, you can continue to use traditional OS deployment, but you can also "manage out of the box." To transform new devices into fully configured, fully managed devices, you can:
+- Avoid reimaging by using dynamic provisioning, enabled by a cloud-based device management service such as [Windows Autopilot](/mem/autopilot/windows-autopilot) or [Microsoft Intune](/mem/intune/fundamentals/).
-- Avoid reimaging by using dynamic provisioning, enabled by a cloud-based device management services such as [Microsoft Autopilot](/windows/deployment/windows-10-auto-pilot) or [Microsoft Intune](/mem/intune/fundamentals/).
+- Create self-contained provisioning packages built with the Windows Configuration Designer. For more information, see [Provisioning packages for Windows](/windows/configuration/provisioning-packages/provisioning-packages).
-- Create self-contained provisioning packages built with the [Windows Configuration Designer](/windows/configuration/provisioning-packages/provisioning-packages).
+- Use traditional imaging techniques such as deploying custom images using [Configuration Manager](/mem/configmgr/core/understand/introduction).
-- Use traditional imaging techniques such as deploying custom images using [Microsoft Endpoint Configuration Manager](/configmgr/core/understand/introduction).
+You have multiple options for [upgrading to Windows 10](/windows/deployment/windows-10-deployment-scenarios). For existing devices running Windows 8.1, you can use the robust in-place upgrade process for a fast, reliable move to Windows 10 while automatically preserving all the existing apps, data, and settings. This process usage can mean lower deployment costs, and improved productivity as end users can be immediately productive - everything is right where they left it. You can also use a traditional wipe-and-load approach if you prefer, using the same tools that you use today.
-You have multiple options for [upgrading to Windows 10](/windows/deployment/windows-10-deployment-scenarios). For existing devices running Windows 7 or Windows 8.1, you can use the robust in-place upgrade process for a fast, reliable move to Windows 10 while automatically preserving all the existing apps, data, and settings. This process usage can mean lower deployment costs, and improved productivity as end users can be immediately productive – everything is right where they left it. You can also use a traditional wipe-and-load approach if you prefer, using the same tools that you use today with Windows 7.
+## Identity and authentication
-## Identity and Authentication
-
-You can use Windows 10 and services like [Azure Active Directory](/azure/active-directory/fundamentals/active-directory-whatis) in new ways for cloud-based identity, authentication, and management. You can offer your users the ability to **“bring your own device” (BYOD)** or to **“choose your own device” (CYOD)** from a selection you make available. At the same time, you might be managing PCs and tablets that must be domain-joined because of specific applications or resources that are used on them.
+You can use Windows 10 and services like [Azure Active Directory](/azure/active-directory/fundamentals/active-directory-whatis) in new ways for cloud-based identity, authentication, and management. You can offer your users the ability to **"bring your own device" (BYOD)** or to **"choose your own device" (CYOD)** from a selection you make available. At the same time, you might be managing PCs and tablets that must be domain-joined because of specific applications or resources that are used on them.
You can envision user and device management as falling into these two categories:
-- **Corporate (CYOD) or personal (BYOD) devices used by mobile users for SaaS apps such as Office 365.** With Windows 10, your employees can self-provision their devices:
+- **Corporate (CYOD) or personal (BYOD) devices used by mobile users for SaaS apps such as Office 365.** With Windows 10, your employees can self-provision their devices:
- - For corporate devices, they can set up corporate access with [Azure AD Join](/azure/active-directory/devices/overview). When you offer them Azure AD Join with automatic Intune MDM enrollment, they can bring devices into a corporate-managed state in [*one step*](https://techcommunity.microsoft.com/t5/azure-active-directory-identity/windows-10-azure-ad-and-microsoft-intune-automatic-mdm/ba-p/244067), all from the cloud.